Click here to close now.


Linux Containers Authors: Mehdi Daoudi, AppDynamics Blog, Jennifer Gill, Dana Gardner, Pat Romanski

Related Topics: Linux Containers

Linux Containers: Article

Empowering Linux Users to Reclaim Their E-mail Experience

An active, community-based approach to fighting and eliminating spam

The Linux community - nearly 29 million platform users - has been plagued for years by spam which, according to industry statistics, is dramatically on the rise. Despite relentless efforts to stop it (including billions of dollars spent to develop anti-spam solutions), spam continues to infiltrate our in-boxes every day. Not only does it cost consumers and businesses precious time, money, and resources, but it also represents a huge security risk since many spam sites infect individual computers and corporate networks with viruses or spyware.

Unfortunately, existing anti-spam solutions don't solve this grave problem, but try to hide it. These solutions are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence does absolutely nothing to stop spam from coming in the first place. As a result, Internet users are losing faith in e-mail and are turning to other methods of communication for trusted sources of information - IM for personal communication and RSS for subscription-based content.

The only way to help users and enterprises to reclaim their e-mail experience is to identify and address the root cause of spam - the spam economy. Fighting spam and winning the war involves a proactive community-based approach that focuses on spammers' financial incentives, which makes removing illegitimately gathered e-mail addresses not only a concern, but a priority.

This article will address how Linux professionals and corporate IT managers, who are seriously evaluating and deploying Linux-based systems, can take a more aggressive approach to fighting spam and, ultimately, reclaim their e-mail experience.

What Motivates Spammers in the First Place?
To understand the impact and potential consequences of spam for Linux users, it's important to identify what motivates spammers to send unsolicited, bulk e-mails in the first place. We can do this by examining a typical "spam cycle."

A typical spam cycle includes the following steps:

  1. E-mail address collection: also known as harvesting - is a process in which the spammer retrieves millions of e-mail addresses that can be sent spam. The one-time cost of a mailing list with millions of addresses is typically less than $60.
  2. Spam-site creation: the spammer creates an online store in which prospective customers can place orders, following the spam-driven campaign. A specific "spamvertised" site remains online for the duration of the campaign. Designing a simple Web site can cost a few hundred dollars, and the monthly hosting fee from a spam-friendly ISP amounts to another few hundred dollars a month.
  3. The "spam run": the process in which the spammer sends out millions of e-mail messages as part of a specific campaign. Sending spam from compromised computers ("zombies"), a very common practice, incurs no costs at all.
  4. Revenue generation: with the campaign on its way, and the online store live, the spammer sits back and counts the money coming in. Assuming a 0.01% sales conversion rate on one million e-mails, a spammer's gross profit can range from $3,000 (say, a porn Web site subscription), to $10,000 (sex-related products) or even $150,000 (home refinancing) per campaign.
A Lucrative Business (For Spammers, That Is!)
Industry surveys reveal that at least 10% of the population actually buys products and services advertised via spam. In specific product categories, the percentage of people buying spamvertised products is even higher. Thus, the business case for a spam operation is clear - send out millions of messages (or ads) at a very low cost, and expect a high conversion rate of paying customers.

Although spam is certainly an appealing business (at least from the spammer's perspective), it's a great annoyance to e-mail users in general, creating immense losses in productivity costs. In the last few years, despite significant efforts to fight spam, spam volume actually increased to upwards of 75% of all e-mail traffic. Another 10% is composed of phishing expeditions (scams imitating known brands to fool users into giving their account details) and viruses aimed at creating networks of zombie computers to facilitate spam sending.

Are Filters the Answer?
Unfortunately, most anti-spam solutions that currently exist today are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence may keep users from seeing that spam, but does absolutely nothing to stop it from coming.

In fact, filters have actually been known to introduce their own set of problems. Being an automatic sorting technology, filters can confuse spam and legitimate e-mails. If a spam e-mail passes through the filter (known as a false negative), the user wastes time seeing and deleting the message. If a legitimate e-mail is tagged as spam and doesn't reach the intended recipient (known as a false positive), the result is a lost business or communication opportunity. In general, filters reduce the reliability of e-mail as an effective business communication tool.

Unfortunately, filtering doesn't impact the spam economy. It just encourages spammers to innovate and invent new ways to bypass filtering schemes. Spammers are also inclined to send even more spam since they know that filters are blocking a large percentage of their insidious traffic.

Taking Action in Court
In January 2003, the U.S. government stepped forward and enacted the CAN-SPAM Act. The law defined the guidelines for sending unsolicited commercial e-mails such as including a valid return address and a working opt-out link in each message. The CAN-SPAM Act also outlawed certain practices such as address harvesting and the use of "zombies" for sending mail.

Almost three years after CAN-SPAM was passed, it has done little to stop spam, although several industry giants, such as AOL and Microsoft, have been aggressively bringing spammers to court for CAN-SPAM infringements. Legal efforts to bring spammers to court do impact the spam economy, at least for those spammers charged. However, the number of spammers brought to court has been very small. In general anti-spam laws are extremely hard to enforce because of the global nature of the Internet and spam operations.

A Proactive Community-Based Approach to Fighting Spam
Before spam, there were telemarketing calls. In response to this growing problem (and annoyance), the U.S. government created the "Do Not Call" registry, offering people a choice and some freedom - they could join the registry and stop getting telemarketing calls altogether, or they could opt-in and continue to get them. Similarly, the CAN-SPAM Act called for the creation of a national do-not-spam registry that would stop spammers from sending unsolicited e-mails to registered e-mail addresses. It was later decided that the government couldn't enforce such a registry and so it wouldn't serve the purpose.

Taking the lead on this initiative, however, Blue Security decided to create a commercial "Do Not Intrude" registry-based solution to fight spam at its source. The Do Not Intrude Registry is an active community-based approach to fighting spam offered free to consumers and small organizations. In December 2005, Blue Security even announced a Linux version of its Open Source spam-fighting software, the Blue Frog. The new offering lets Linux users participate in the Blue Community and register in the company's Do Not Intrude Registry to fight spam actively and safeguard personal and business e-mail accounts through a hands-on community approach.

The Linux version of Blue Frog was created through the contributions of Blue Community members and Linux developers and enthusiasts at large. Blue Frog's visible source program lets users and developers contribute to the development of the Blue Frog client by providing feedback and comments to the company on how to enhance the Blue Frog software and assist in adapting it to other platforms.

The introduction of the Linux version and the cooperation of the developer community are important milestones and significant steps forward for the Do Not Intrude Registry. Most vendors in the anti-spam space (especially the bigger players) don't endorse Open Source and don't supply their solutions for free, so Blue Security's solution is particularly unique and valuable to the Linux community.

Linux professionals and corporate IT managers have long been bombarded by spam, and the threat continues to grow despite relentless efforts and large sums of money (estimated in the billions) to stop it. Compounding the problem, spammers have become craftier, further compromising the rights of e-mail users. Even with federal legislation, the elusive nature of spammers makes enforcement nearly impossible. To combat spam head on, it is absolutely imperative that we change the spam equation. Taking a community-based approach to this perennial problem, and creating an incentive for spammers to stop sending unsolicited e-mails, is truly the only way to take in fighting spam and hopefully one day stop it dead in its tracks.

More Stories By Eran Aloni

Eran Aloni brings over 16 years of experience in security and software application technology to Blue Security. As director of marketing, he is responsible for its worldwide marketing efforts as well as its member-based community Web site. Before joining Blue, Eran was senior program manager for Microsoft's Internet Security and Acceleration (ISA) Server Group, working closely with the company's R&D and marketing groups to develop roadmaps and strategic plans for product rollouts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@ThingsExpo Stories
Most of the IoT Gateway scenarios involve collecting data from machines/processing and pushing data upstream to cloud for further analytics. The gateway hardware varies from Raspberry Pi to Industrial PCs. The document states the process of allowing deploying polyglot data pipelining software with the clear notion of supporting immutability. In his session at @ThingsExpo, Shashank Jain, a development architect for SAP Labs, discussed the objective, which is to automate the IoT deployment process from development to production scenarios using Docker containers.
The cloud. Like a comic book superhero, there seems to be no problem it can’t fix or cost it can’t slash. Yet making the transition is not always easy and production environments are still largely on premise. Taking some practical and sensible steps to reduce risk can also help provide a basis for a successful cloud transition. A plethora of surveys from the likes of IDG and Gartner show that more than 70 percent of enterprises have deployed at least one or more cloud application or workload. Yet a closer inspection at the data reveals less than half of these cloud projects involve production...
Countless business models have spawned from the IaaS industry – resell Web hosting, blogs, public cloud, and on and on. With the overwhelming amount of tools available to us, it's sometimes easy to overlook that many of them are just new skins of resources we've had for a long time. In his general session at 17th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, an IBM Company, broke down what we have to work with, discussed the benefits and pitfalls and how we can best use them to design hosted applications.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" in this scenario: microservice A (releases daily) depends on a couple of additions to backend B (re...
We all know that data growth is exploding and storage budgets are shrinking. Instead of showing you charts on about how much data there is, in his General Session at 17th Cloud Expo, Scott Cleland, Senior Director of Product Marketing at HGST, showed how to capture all of your data in one place. After you have your data under control, you can then analyze it in one place, saving time and resources.
Container technology is shaping the future of DevOps and it’s also changing the way organizations think about application development. With the rise of mobile applications in the enterprise, businesses are abandoning year-long development cycles and embracing technologies that enable rapid development and continuous deployment of apps. In his session at DevOps Summit, Kurt Collins, Developer Evangelist at, examined how Docker has evolved into a highly effective tool for application delivery by allowing increasingly popular Mobile Backend-as-a-Service (mBaaS) platforms to quickly crea...
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound effect on the world, and what should we expect to see over the next couple of years.
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, wil...
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNub’s Data Stream Network.
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user experience, both offline and online. The focus of this talk was on IBM Cloudant, Apache CouchDB, and ...
I recently attended and was a speaker at the 4th International Internet of @ThingsExpo at the Santa Clara Convention Center. I also had the opportunity to attend this event last year and I wrote a blog from that show talking about how the “Enterprise Impact of IoT” was a key theme of last year’s show. I was curious to see if the same theme would still resonate 365 days later and what, if any, changes I would see in the content presented.
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical to maintaining positive ROI. Raxak Protect is an automated security compliance SaaS platform and ma...
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data shows "less than 10 percent of IoT developers are making enough to support a reasonably sized team....
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, rich desktop and tuned mobile experiences can now be created with a single codebase – without compromising functionality, performance or usability. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, demonstrated examples of com...
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningful and actionable insights. In his session at @ThingsExpo, Paul Turner, Chief Marketing Officer at...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).