Monday, 19 March 2007

Tackling Spam in Different Medias - Messaging


Messaging Spam

Messaging spam, a.k.a spim makes use of instant messaging systems, such as AOL Messenger or MSN Messenger. The increase in messaging spam may be motivated by its rise in popularity as well as the many steps to crack down on spamming since the late 1990s. Many IM systems offer a user directory, including demographic information that allows an advertiser to gather the information, sign on to the system, and send unsolicited messages. To send instant messages to millions of users requires scriptable software and the recipients' IM usernames. Spammers have similarly targeted Internet Relay Chat channels, using IRC bots that join channels and bombard them with advertising.

Messenger service spam has lent itself to spammer use in a particularly circular scheme. In many cases, messenger spammers send messages to vulnerable Windows machines with a link. The link leads to a Web site where, for a fee, users are told how to disable the Windows messenger service. Even though the messenger service is easily disabled for free, the scam works because it creates a perceived need and offers a solution. Often the only "annoying messages" the user receives through Messenger are ads to disable Messenger itself.

Using privacy options to tackle messaging spam.

To tackle SPIM, many users choose to receive IMs only from people already on their contact list.

With Yahoo! Messenger, users can click Messenger -> Preferences -> Ignore List and check the box "Ignore anyone who is not on my Messenger List."

With AOL's Instant Messenger, or AIM, users can click My AIM -> Edit Options -> Edit Preferences -> Privacy and check "Allow only users on my buddy list."

With MSN Messenger, users can click Tools -> Options -> Privacy and check the box "Only people on my Allow List can see my status and send me messages."

With BitWise IM, users can click Preferences -> Server / Contact List -> and check the box "Whitelist my contact list so that only users on my contact list can see me online or contact me."

Tackling Spam in Different Medias - Email


Email Spam

E-mail spam is a type of spam that involves sending almost identical messages to numerous recipients by e-mail.
Most definitions of spam are based on the e-mail being Unsolicited Bulk E-mail (UBE). That is, spam is e-mail that is both unsolicited by the recipients and there are many substantively similar e-mails being sent. Spam is usually unwanted, commercial and sent by automated means and some definitions include those aspects.

Spam has grown vastly over the last thirty years, as shown below.



  • 1978 - An e-mail spam is sent to 600 addresses.


  • 1994 - First large-scale spam sent to 6000 newsgroups, reaching millions of people.


  • 2005 - (June) 30 billion per day.


  • 2006 - (June) 55 billion per day.


  • 2006 - (December) 85 billion per day.


  • 2007 - (February) 90 billion per day.

There many ways of tackling spam. These are some:

Blocking and filtering, but blocking machine learning techniques, does more to alleviate the bandwidth cost of spam, since spam can be rejected before the message is sent. Filtering tends to be more thorough, since it examines the details of a message, however many mail administrators prefer to use blocking to deny access to their systems from sites tolerant of spammers.

Many modern spam filtering systems take advantage of both reduce the amount of spam delivered to mailboxes, which improve their accuracy over manual methods.

Another way is HELO/EHLO checking, this consists of simply checking the email.
In many situations, simply requiring a valid FQDN in the SMTP EHLO statement is enough to block 25% of incoming spam by refusing connections from hosts that begin transmission before receiving the host's HELO banner. It is also done by refusing connections from hosts that give an invalid HELO.

An Example of invalid and valid HELOs.

Invalid HELO localhost
Invalid HELO 127.0.0.1
Invalid HELO domain.tld
Valid HELO [127.0.0.1]


Connections are also refused when:
  • hosts give an obviously fraudulent HELO - for example, issuing a HELO using the FQDN or an IP address that doesn't match the IP address of the connecting host.

  • emails claiming to be from a hosted domain when the sending host has not authenticated.

What is Spam?


Spam or Spamming is the abuse of electronic messaging systems to send unsolicited bulk messages, which are universally undesired. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, mobile phone messaging spam, internet forum spam and junk fax transmissions.

Spamming is economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in many jurisdictions.