Click here to close now.

Welcome!

Linux Containers Authors: Carmen Gonzalez, Elizabeth White, Pat Romanski, Esmeralda Swartz, Liz McMillan

Related Topics: Linux Containers

Linux Containers: Article

Empowering Linux Users to Reclaim Their E-mail Experience

An active, community-based approach to fighting and eliminating spam

The Linux community - nearly 29 million platform users - has been plagued for years by spam which, according to industry statistics, is dramatically on the rise. Despite relentless efforts to stop it (including billions of dollars spent to develop anti-spam solutions), spam continues to infiltrate our in-boxes every day. Not only does it cost consumers and businesses precious time, money, and resources, but it also represents a huge security risk since many spam sites infect individual computers and corporate networks with viruses or spyware.

Unfortunately, existing anti-spam solutions don't solve this grave problem, but try to hide it. These solutions are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence does absolutely nothing to stop spam from coming in the first place. As a result, Internet users are losing faith in e-mail and are turning to other methods of communication for trusted sources of information - IM for personal communication and RSS for subscription-based content.

The only way to help users and enterprises to reclaim their e-mail experience is to identify and address the root cause of spam - the spam economy. Fighting spam and winning the war involves a proactive community-based approach that focuses on spammers' financial incentives, which makes removing illegitimately gathered e-mail addresses not only a concern, but a priority.

This article will address how Linux professionals and corporate IT managers, who are seriously evaluating and deploying Linux-based systems, can take a more aggressive approach to fighting spam and, ultimately, reclaim their e-mail experience.

What Motivates Spammers in the First Place?
To understand the impact and potential consequences of spam for Linux users, it's important to identify what motivates spammers to send unsolicited, bulk e-mails in the first place. We can do this by examining a typical "spam cycle."

A typical spam cycle includes the following steps:

  1. E-mail address collection: also known as harvesting - is a process in which the spammer retrieves millions of e-mail addresses that can be sent spam. The one-time cost of a mailing list with millions of addresses is typically less than $60.
  2. Spam-site creation: the spammer creates an online store in which prospective customers can place orders, following the spam-driven campaign. A specific "spamvertised" site remains online for the duration of the campaign. Designing a simple Web site can cost a few hundred dollars, and the monthly hosting fee from a spam-friendly ISP amounts to another few hundred dollars a month.
  3. The "spam run": the process in which the spammer sends out millions of e-mail messages as part of a specific campaign. Sending spam from compromised computers ("zombies"), a very common practice, incurs no costs at all.
  4. Revenue generation: with the campaign on its way, and the online store live, the spammer sits back and counts the money coming in. Assuming a 0.01% sales conversion rate on one million e-mails, a spammer's gross profit can range from $3,000 (say, a porn Web site subscription), to $10,000 (sex-related products) or even $150,000 (home refinancing) per campaign.
A Lucrative Business (For Spammers, That Is!)
Industry surveys reveal that at least 10% of the population actually buys products and services advertised via spam. In specific product categories, the percentage of people buying spamvertised products is even higher. Thus, the business case for a spam operation is clear - send out millions of messages (or ads) at a very low cost, and expect a high conversion rate of paying customers.

Although spam is certainly an appealing business (at least from the spammer's perspective), it's a great annoyance to e-mail users in general, creating immense losses in productivity costs. In the last few years, despite significant efforts to fight spam, spam volume actually increased to upwards of 75% of all e-mail traffic. Another 10% is composed of phishing expeditions (scams imitating known brands to fool users into giving their account details) and viruses aimed at creating networks of zombie computers to facilitate spam sending.

Are Filters the Answer?
Unfortunately, most anti-spam solutions that currently exist today are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence may keep users from seeing that spam, but does absolutely nothing to stop it from coming.

In fact, filters have actually been known to introduce their own set of problems. Being an automatic sorting technology, filters can confuse spam and legitimate e-mails. If a spam e-mail passes through the filter (known as a false negative), the user wastes time seeing and deleting the message. If a legitimate e-mail is tagged as spam and doesn't reach the intended recipient (known as a false positive), the result is a lost business or communication opportunity. In general, filters reduce the reliability of e-mail as an effective business communication tool.

Unfortunately, filtering doesn't impact the spam economy. It just encourages spammers to innovate and invent new ways to bypass filtering schemes. Spammers are also inclined to send even more spam since they know that filters are blocking a large percentage of their insidious traffic.

Taking Action in Court
In January 2003, the U.S. government stepped forward and enacted the CAN-SPAM Act. The law defined the guidelines for sending unsolicited commercial e-mails such as including a valid return address and a working opt-out link in each message. The CAN-SPAM Act also outlawed certain practices such as address harvesting and the use of "zombies" for sending mail.

Almost three years after CAN-SPAM was passed, it has done little to stop spam, although several industry giants, such as AOL and Microsoft, have been aggressively bringing spammers to court for CAN-SPAM infringements. Legal efforts to bring spammers to court do impact the spam economy, at least for those spammers charged. However, the number of spammers brought to court has been very small. In general anti-spam laws are extremely hard to enforce because of the global nature of the Internet and spam operations.

A Proactive Community-Based Approach to Fighting Spam
Before spam, there were telemarketing calls. In response to this growing problem (and annoyance), the U.S. government created the "Do Not Call" registry, offering people a choice and some freedom - they could join the registry and stop getting telemarketing calls altogether, or they could opt-in and continue to get them. Similarly, the CAN-SPAM Act called for the creation of a national do-not-spam registry that would stop spammers from sending unsolicited e-mails to registered e-mail addresses. It was later decided that the government couldn't enforce such a registry and so it wouldn't serve the purpose.

Taking the lead on this initiative, however, Blue Security decided to create a commercial "Do Not Intrude" registry-based solution to fight spam at its source. The Do Not Intrude Registry is an active community-based approach to fighting spam offered free to consumers and small organizations. In December 2005, Blue Security even announced a Linux version of its Open Source spam-fighting software, the Blue Frog. The new offering lets Linux users participate in the Blue Community and register in the company's Do Not Intrude Registry to fight spam actively and safeguard personal and business e-mail accounts through a hands-on community approach.

The Linux version of Blue Frog was created through the contributions of Blue Community members and Linux developers and enthusiasts at large. Blue Frog's visible source program lets users and developers contribute to the development of the Blue Frog client by providing feedback and comments to the company on how to enhance the Blue Frog software and assist in adapting it to other platforms.

The introduction of the Linux version and the cooperation of the developer community are important milestones and significant steps forward for the Do Not Intrude Registry. Most vendors in the anti-spam space (especially the bigger players) don't endorse Open Source and don't supply their solutions for free, so Blue Security's solution is particularly unique and valuable to the Linux community.

Conclusion
Linux professionals and corporate IT managers have long been bombarded by spam, and the threat continues to grow despite relentless efforts and large sums of money (estimated in the billions) to stop it. Compounding the problem, spammers have become craftier, further compromising the rights of e-mail users. Even with federal legislation, the elusive nature of spammers makes enforcement nearly impossible. To combat spam head on, it is absolutely imperative that we change the spam equation. Taking a community-based approach to this perennial problem, and creating an incentive for spammers to stop sending unsolicited e-mails, is truly the only way to take in fighting spam and hopefully one day stop it dead in its tracks.

More Stories By Eran Aloni

Eran Aloni brings over 16 years of experience in security and software application technology to Blue Security. As director of marketing, he is responsible for its worldwide marketing efforts as well as its member-based community Web site. Before joining Blue, Eran was senior program manager for Microsoft's Internet Security and Acceleration (ISA) Server Group, working closely with the company's R&D and marketing groups to develop roadmaps and strategic plans for product rollouts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
SYS-CON Events announced today that CommVault has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. A singular vision – a belief in a better way to address current and future data management needs – guides CommVault in the development of Singular Information Management® solutions for high-performance data protection, universal availability and simplified management of data on complex storage networks. CommVault's exclusive single-platform architecture gives companies unp...
Connected things, systems and people can provide information to other things, systems and people and initiate actions for each other that result in new service possibilities. By taking a look at the impact of Internet of Things when it transitions to a highly connected services marketplace we can understand how connecting the right “things” and leveraging the right partners can provide enormous impact to your business’ growth and success. In her general session at @ThingsExpo, Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, discussed how this exciting emergence of layers of...
Internet of Things is moving from being a hype to a reality. Experts estimate that internet connected cars will grow to 152 million, while over 100 million internet connected wireless light bulbs and lamps will be operational by 2020. These and many other intriguing statistics highlight the importance of Internet powered devices and how market penetration is going to multiply many times over in the next few years.
SYS-CON Events announced today that Intelligent Systems Services will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Established in 1994, Intelligent Systems Services Inc. is located near Washington, DC, with representatives and partners nationwide. ISS’s well-established track record is based on the continuous pursuit of excellence in designing, implementing and supporting nationwide clients’ mission-critical systems. ISS has completed many successful projects in Healthcare, Commercial, Manu...
"We have a tagline - "Power in the API Economy." What that means is everything that is built in applications and connected applications is done through APIs," explained Roberto Medrano, Executive Vice President at Akana, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company helps mid-market firms built on IBM hardware platforms to deploy new levels of reliable and cost-effective computing and high availability solutions, leveraging the cloud and the benefits of Infrastructure-as-a-Service (IaaS...
SYS-CON Events announced today that SoftLayer, an IBM company, has been named “Gold Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place November 3–5, 2015 at the Santa Clara Convention Center in Santa Clara, CA. SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from Web startups to global enterprises. SoftLayer’s modular architecture, full-featured API, and sophisticated automation pro...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is corr...
The basic integration architecture, as defined by ESBs, hasn’t changed for more than a decade. Most cloud integration providers still rely on an ESB architecture and their proprietary connectors. As a result, enterprise integration projects suffer from constraints of availability and reliability of these connectors that are not re-usable across other integration vendors. However, the rapid adoption of APIs and almost ubiquitous availability of APIs amongst most SaaS and Cloud applications are rapidly redefining traditional integration approaches and their reliance on proprietary connectors. ...
SYS-CON Events announced today that WHOA.com, an ISO 27001 Certified secure cloud computing company, participated as “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which took place June 9-11, 2015, at the Javits Center in New York City, NY. WHOA.com is a leader in next-generation, ISO 27001 Certified secure cloud solutions. WHOA.com offers a comprehensive portfolio of best-in-class cloud services for business including Infrastructure as a Service (IaaS), Secure Cloud Desktop, Cloud Storage, Disaster Recovery, Integrated Applications and Security.
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context wi...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
The enterprise market will drive IoT device adoption over the next five years. In his session at @ThingsExpo, John Greenough, an analyst at BI Intelligence, division of Business Insider, analyzed how companies will adopt IoT products and the associated cost of adopting those products. John Greenough is the lead analyst covering the Internet of Things for BI Intelligence- Business Insider’s paid research service. Numerous IoT companies have cited his analysis of the IoT. Prior to joining BI Intelligence, he worked analyzing bank technology for Corporate Insight and The Clearing House Payment...
"ciqada is a combined platform of hardware modules and server products that lets people take their existing devices or new devices and lets them be accessible over the Internet for their users," noted Geoff Engelstein of ciqada, a division of Mars International, in this SYS-CON.tv interview at @ThingsExpo, held June 9-11, 2015, at the Javits Center in New York City.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the cloud and the best price/performance value available. ProfitBricks was named one of the coolest Clo...
"In the IoT space we are helping customers, mostly enterprises and industry verticals where time-to-value is critical, and we help them with the ability to do faster insights and actions using our platform so they can transform their business operations," explained Venkat Eswara, VP of Marketing at Vitria, in this SYS-CON.tv interview at @ThingsExpo, held June 9-11, 2015, at the Javits Center in New York City.
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists addressed this very serious issue of profound change in the industry.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...