Welcome!

Linux Containers Authors: Liz McMillan, Elizabeth White, Gordon Haff, Pat Romanski, Larry Alton

Related Topics: Linux Containers

Linux Containers: Article

Empowering Linux Users to Reclaim Their E-mail Experience

An active, community-based approach to fighting and eliminating spam

The Linux community - nearly 29 million platform users - has been plagued for years by spam which, according to industry statistics, is dramatically on the rise. Despite relentless efforts to stop it (including billions of dollars spent to develop anti-spam solutions), spam continues to infiltrate our in-boxes every day. Not only does it cost consumers and businesses precious time, money, and resources, but it also represents a huge security risk since many spam sites infect individual computers and corporate networks with viruses or spyware.

Unfortunately, existing anti-spam solutions don't solve this grave problem, but try to hide it. These solutions are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence does absolutely nothing to stop spam from coming in the first place. As a result, Internet users are losing faith in e-mail and are turning to other methods of communication for trusted sources of information - IM for personal communication and RSS for subscription-based content.

The only way to help users and enterprises to reclaim their e-mail experience is to identify and address the root cause of spam - the spam economy. Fighting spam and winning the war involves a proactive community-based approach that focuses on spammers' financial incentives, which makes removing illegitimately gathered e-mail addresses not only a concern, but a priority.

This article will address how Linux professionals and corporate IT managers, who are seriously evaluating and deploying Linux-based systems, can take a more aggressive approach to fighting spam and, ultimately, reclaim their e-mail experience.

What Motivates Spammers in the First Place?
To understand the impact and potential consequences of spam for Linux users, it's important to identify what motivates spammers to send unsolicited, bulk e-mails in the first place. We can do this by examining a typical "spam cycle."

A typical spam cycle includes the following steps:

  1. E-mail address collection: also known as harvesting - is a process in which the spammer retrieves millions of e-mail addresses that can be sent spam. The one-time cost of a mailing list with millions of addresses is typically less than $60.
  2. Spam-site creation: the spammer creates an online store in which prospective customers can place orders, following the spam-driven campaign. A specific "spamvertised" site remains online for the duration of the campaign. Designing a simple Web site can cost a few hundred dollars, and the monthly hosting fee from a spam-friendly ISP amounts to another few hundred dollars a month.
  3. The "spam run": the process in which the spammer sends out millions of e-mail messages as part of a specific campaign. Sending spam from compromised computers ("zombies"), a very common practice, incurs no costs at all.
  4. Revenue generation: with the campaign on its way, and the online store live, the spammer sits back and counts the money coming in. Assuming a 0.01% sales conversion rate on one million e-mails, a spammer's gross profit can range from $3,000 (say, a porn Web site subscription), to $10,000 (sex-related products) or even $150,000 (home refinancing) per campaign.
A Lucrative Business (For Spammers, That Is!)
Industry surveys reveal that at least 10% of the population actually buys products and services advertised via spam. In specific product categories, the percentage of people buying spamvertised products is even higher. Thus, the business case for a spam operation is clear - send out millions of messages (or ads) at a very low cost, and expect a high conversion rate of paying customers.

Although spam is certainly an appealing business (at least from the spammer's perspective), it's a great annoyance to e-mail users in general, creating immense losses in productivity costs. In the last few years, despite significant efforts to fight spam, spam volume actually increased to upwards of 75% of all e-mail traffic. Another 10% is composed of phishing expeditions (scams imitating known brands to fool users into giving their account details) and viruses aimed at creating networks of zombie computers to facilitate spam sending.

Are Filters the Answer?
Unfortunately, most anti-spam solutions that currently exist today are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence may keep users from seeing that spam, but does absolutely nothing to stop it from coming.

In fact, filters have actually been known to introduce their own set of problems. Being an automatic sorting technology, filters can confuse spam and legitimate e-mails. If a spam e-mail passes through the filter (known as a false negative), the user wastes time seeing and deleting the message. If a legitimate e-mail is tagged as spam and doesn't reach the intended recipient (known as a false positive), the result is a lost business or communication opportunity. In general, filters reduce the reliability of e-mail as an effective business communication tool.

Unfortunately, filtering doesn't impact the spam economy. It just encourages spammers to innovate and invent new ways to bypass filtering schemes. Spammers are also inclined to send even more spam since they know that filters are blocking a large percentage of their insidious traffic.

Taking Action in Court
In January 2003, the U.S. government stepped forward and enacted the CAN-SPAM Act. The law defined the guidelines for sending unsolicited commercial e-mails such as including a valid return address and a working opt-out link in each message. The CAN-SPAM Act also outlawed certain practices such as address harvesting and the use of "zombies" for sending mail.

Almost three years after CAN-SPAM was passed, it has done little to stop spam, although several industry giants, such as AOL and Microsoft, have been aggressively bringing spammers to court for CAN-SPAM infringements. Legal efforts to bring spammers to court do impact the spam economy, at least for those spammers charged. However, the number of spammers brought to court has been very small. In general anti-spam laws are extremely hard to enforce because of the global nature of the Internet and spam operations.

A Proactive Community-Based Approach to Fighting Spam
Before spam, there were telemarketing calls. In response to this growing problem (and annoyance), the U.S. government created the "Do Not Call" registry, offering people a choice and some freedom - they could join the registry and stop getting telemarketing calls altogether, or they could opt-in and continue to get them. Similarly, the CAN-SPAM Act called for the creation of a national do-not-spam registry that would stop spammers from sending unsolicited e-mails to registered e-mail addresses. It was later decided that the government couldn't enforce such a registry and so it wouldn't serve the purpose.

Taking the lead on this initiative, however, Blue Security decided to create a commercial "Do Not Intrude" registry-based solution to fight spam at its source. The Do Not Intrude Registry is an active community-based approach to fighting spam offered free to consumers and small organizations. In December 2005, Blue Security even announced a Linux version of its Open Source spam-fighting software, the Blue Frog. The new offering lets Linux users participate in the Blue Community and register in the company's Do Not Intrude Registry to fight spam actively and safeguard personal and business e-mail accounts through a hands-on community approach.

The Linux version of Blue Frog was created through the contributions of Blue Community members and Linux developers and enthusiasts at large. Blue Frog's visible source program lets users and developers contribute to the development of the Blue Frog client by providing feedback and comments to the company on how to enhance the Blue Frog software and assist in adapting it to other platforms.

The introduction of the Linux version and the cooperation of the developer community are important milestones and significant steps forward for the Do Not Intrude Registry. Most vendors in the anti-spam space (especially the bigger players) don't endorse Open Source and don't supply their solutions for free, so Blue Security's solution is particularly unique and valuable to the Linux community.

Conclusion
Linux professionals and corporate IT managers have long been bombarded by spam, and the threat continues to grow despite relentless efforts and large sums of money (estimated in the billions) to stop it. Compounding the problem, spammers have become craftier, further compromising the rights of e-mail users. Even with federal legislation, the elusive nature of spammers makes enforcement nearly impossible. To combat spam head on, it is absolutely imperative that we change the spam equation. Taking a community-based approach to this perennial problem, and creating an incentive for spammers to stop sending unsolicited e-mails, is truly the only way to take in fighting spam and hopefully one day stop it dead in its tracks.

More Stories By Eran Aloni

Eran Aloni brings over 16 years of experience in security and software application technology to Blue Security. As director of marketing, he is responsible for its worldwide marketing efforts as well as its member-based community Web site. Before joining Blue, Eran was senior program manager for Microsoft's Internet Security and Acceleration (ISA) Server Group, working closely with the company's R&D and marketing groups to develop roadmaps and strategic plans for product rollouts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now ...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus o...
Providing secure, mobile access to sensitive data sets is a critical element in realizing the full potential of cloud computing. However, large data caches remain inaccessible to edge devices for reasons of security, size, format or limited viewing capabilities. Medical imaging, computer aided design and seismic interpretation are just a few examples of industries facing this challenge. Rather than fighting for incremental gains by pulling these datasets to edge devices, we need to embrace the i...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
SYS-CON Events announced today that Catchpoint, a leading digital experience intelligence company, has been named “Silver Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Catchpoint Systems is a leading Digital Performance Analytics company that provides unparalleled insight into your customer-critical services to help you consistently deliver an amazing customer experience. Designed for digital business, C...
@ThingsExpo has been named the ‘Top WebRTC Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @ThingsExpo ranked as the number one ‘WebRTC Influencer' followed by @DevOpsSummit at 55th.
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...