bits & bytes - Ping! Zine Web Tech Magazine

More documents

Recommendations

Info

SERVER SECURITY to another few hundred dollars a month. 3. Next is the spam run” – the process in which the spammer sends out millions of e-mail messages as part of a specific campaign. Sending spam from compromised computers (“zombies”), a very common practice, does not incur any costs at all. 4. Revenue generation – with the campaign on its way, and the online store live, the spammer sits back and counts the money coming in. Assuming a 0.01% sales conversion rate on one million e- mails, a spammer’s gross profit can range from$3,000 (porn website subscription), to $10,000 (Sex-related products) or even to $150,000 (home refinancing) per campaign. Getting Your Address Let’s take a look at the process from an economic standpoint, starting with e- mail lists. A list containing 300M e-mail addresses can be purchased online from $29.99 to $59.99. These lists are often automatically created by special software modules (called ‘bots’), which crawl the internet in search of e-mail addresses. For example, if you have participated in a newsgroup discussion and used your e-mail address, chances are you will be receiving spam to the e-mail address you’ve used for posting. 44 Ping! Zine Web Hosting Magazine Since e-mail addresses are easily obtained from across the internet, e-mail lists are also relatively low-priced. Spammers utilize a variety of other technical methods to harvest addresses too, such as “dictionary attacks” (automatically guessing common e-mail addresses) and “P2P harvesting,” in which spammers exploit peer-to-peer (e.g. filesharing) networks to obtain e-mail addresses. Sending You Spam Each spam campaign advertises a specific type of product. The types of products favored by spammers include generic prescription drugs, mortgages and sex-related products. The spammer usually sets up an online store selling the advertised product. Those online stores exist only for a few days, and are moved from one hosting provider to another. Typically, those hosting providers are “spam-friendly” and are willing to host spam-sites in exchange for high hosting fees. Once spammers obtain an e-mail list and set up an online store, running a spam campaign is the next step. Although the spammer is interested in sending out millions of e-mail messages, but sending such massive amounts of e-mail would normally incur significant costs, if done in a conventional manner. To avoid these costs, spammers do not typically send out all these messages from their own servers, but rather use compromised machines, known as “zombies,” to send their messages. Notably, many recent virus outbreaks were launched to create a network of “zombies” that could be controlled remotely. Such machines are used to send out spam e- mails, often without the knowledge of their owners. Assuming spammers rely on 3rd party infrastructure like zombies, their costs for sending spam are limited to their own ISP hosting fees. In such a situation, there is almost no difference in cost for the sender to send an e-mail message to one million recipients versus sending it to a single recipient. So, in essence, when running a spam campaign, the spammer actually uses other people’s resources, incurring little expense in the process. Making Money at Your Expense With the e-mails on their way, the spammer waits for customers. Industry surveys show at least ten percent of the population actually buys products and services advertised via spam. In specific product categories, the percentage of people buying spamvertised products is even higher – a recent survey conducted by the Better Business Bureaus showed twenty-one percent of American e- mail users have bought software from a spammer, while twenty-two percent purchased apparel and jewelry advertised
y spam. Another thirty-nine percent admit to clicking on spam links even if they don’t actually buy the goods. Thus, the business case for a spam operation is clear – send out millions of messages (or ads) at very low cost, and expect a high conversion rate of paying customers. Although spam is indeed an appealing business from the spammer perspective, it is one of the greatest annoyances to e- mail users in general, creating immense losses in productivity costs. In the last few years, despite significant efforts to fight spam, spam volume actually increased to above seventy-five percent of all e-mail traffic. Another ten percent is composed of phishing attempts (scams imitating known brands to fool users into giving their account details) and viruses aiming to create bot networks of zombie computers to facilitate spam sending. According to the 2004 National Technology Readiness Survey (NTRS), online users in the United States spend an average of three minutes deleting spam each time they check e-mail. Aggregating their usage across the 169.4 million online adults in the United States, this equals 22.9 million hours a week, or $21.58 billion annually when based on the average working wage. Fighting Spam with Filters The technology industry has been waging war on spam for a few years. Spam filters are the most established technical solutions in the market. Filters are a passive means of defense, analyzing incoming messages and separating the spam from legitimate messages. As a result, spammers are constantly coming up with ways to bypass them. While filters may alleviate some of the problem for end users that can afford them, they introduce their own set of problems. Being an automatic sorting technology, filters suffer from false identification of spam and legitimate e-mails. If a spam e-mail passes through the filter (known as a false negative), the user must waste time in seeing the message and deleting it. If a legitimate e-mail is tagged as spam, and does not reach the intended recipient (known as a false positive), the result is a lost business or communication opportunity. In general, filters reduce e- mail reliability as an effective business communication tool. Unfortunately, filtering does not impact the spam economy, but rather encourages spammers to innovate and invent new means to bypass filtering schemes. In addition, spammers are inclined to send even more spam since they know that a large percentage of their traffic is blocked by filters. Fighting Spammers in Court In January 2003, the US government stepped forward and enacted the CAN- SPAM Act. The Act defined the guidelines for sending unsolicited commercial e- mails, such as including a valid return address and providing a working, opt-out link in each message. The CAN-SPAM act also outlawed certain spammers practices, such as address harvesting and the use of “zombies” for sending mail. Almost three years after CAN-SPAM was passed, it has not done much to stop spam, although several industry giants, such as AOL and Microsoft, have been aggressively bringing spammers to court for CAN-SPAM infringements. Microsoft won a $7M settlement from Scott Richter, a man known as one of the world’s most prolific spammers. AOL even ran a spam sweepstakes among its members, sharing the money it was awarded by the court in its lawsuits. Legal efforts to bring spammers to court do impact the spam economy, at least for those spammers affected directly. However, the number of spammers brought to court is very small. In general, anti-spam laws are extremely hard to enforce due to the global nature of the internet and spam operations. Registry and Opt-Out Solutions Before there was spam, there were telemarketing calls. When the annoyance was too much, the US government stepped in and created the “Do Not Call” registry. Now people had a choice – they could join the registry and stop receiving telemarketing calls altogether, or they could opt-in and continue to receive commercial calls. In a similar line of thought, the CAN-SPAM Act called for creating a national do-not-spam registry, created to stop spammers from sending spam to registered e-mail addresses. It was later decided that such a registry would not be enforceable by the government, and thus would not serve its purpose. Taking the lead on this initiative, some companies, such as Blue Security, have created commercial “Do Not Disturb” registry-based solutions. Other companies, such as LashBack Technologies, have taken the “Safe unsubscribe” approach, allowing users to automatically unsubscribe from those spammers that are likely to honor such request. E-mail Payment Systems And, finally, there are those who tout using a stamp-like system for e-mail. There are a number of variations on this idea, including making senders pay for e-mails rejected by their recipients, or paying for e- mails with computational power. However, these ideas have not matured enough to gain widespread industry support. How Will This Battle End? Analyzing the way spammers work, it is clear a new approach is required to solve the spam problem. We need to change the spam equation and raise the cost of sending spam. Tying the cost of sending spam to the number of recipients will ensure that spammers diligently clean their list of those who do not want to receive spam offers in their e-mail. Eventually, we’ll reach a point where spammers will send advertisements to the approximately twenty percent of the population that actually buys from them. The rest of us will be able to reclaim our internet experience and enjoy spam-free e- mail once again. Only time will reveal the outcome of this battle – but, let’s hope it is not the spammers who prevail!P! www.pingzine.com 45
Page 2 and 3: 2 Ping! Zine Web Hosting Magazine
Page 4 and 5: BETWEEN THE COVERS 22 FEATURED ARTI
Page 6 and 7: THANKS TO OUR SPONSORS Blue Pay....
Page 8 and 9: BITS & BYTES Comodo Appoints Carlos
Page 10 and 11: BITS & BYTES Bills.com Domain Name
Page 12 and 13: BITS & BYTES Domain Name Sold for $
Page 14 and 15: BITS & BYTES IPOWER Receives Top We
Page 16: BITS & BYTES Interland Announces Sa
Page 19 and 20: WEB HOSTING COMPANIES UNITE BEHIND
Page 21 and 22: www.pingzine.com 21
Page 23 and 24: [featured article] Major security b
Page 27 and 28: Some businesses are this easy to st
Page 29 and 30: usiness around them), work from the
Page 31 and 32: difficult to extend or even underst
Page 33 and 34: SEARCH ENGINE ACTIVITY 2004 If you
Page 35 and 36: sales@rackmountmicro.com 1.800.673.
Page 37 and 38: tool will display various search te
Page 39 and 40: servers - most notably the use of S
Page 43: www.pingzine.com 43
Page 47 and 48: 1Create a place of value and intere
Page 53 and 54: likely move to the most expensive N
Page 55 and 56: and therefore are particularly help
Page 57 and 58: Complete Automation and Virtualizat
Page 59 and 60: Find Out More About Our Proven Solu
Page 63 and 64: SERVICE DIRECTORY HOSTING DIRECTORI
Page 67: www.pingzine.com 67

bits & bytes - Ping! Zine Web Tech Magazine

Create successful ePaper yourself

Delete template?

Save as template?