Freeing the Internet from Spam Opt-In Filtering and

Freeing the Internet from Spam: Opt-In, Filtering and Other Approaches IP-dagarna 19 November 2003, Stockholm Eric Thomas, CEO L-Soft Sweden AB www. lsoft. se ã 2003 L-Soft Sweden AB

Overview Ø History in short Ø Today Ø How do we clean spam from the Internet? Ø Q&A ã 2003 L-Soft Sweden AB

The world’s first spam? Date: Tue, 28 Jun 88 12: 08: 00 SET From: xxxxxx To: Eric Thomas - LISTSERV - , (. . . ) This mail is sent you by a group of researchers of the Italian National Council (C. N. R. ), working at the CNUCE Institute, in order to wake up the sensitivity of people working in the scientific institutions about the extremely serious problem of the pollution in the world. As you certainly know, the hole in the ozone, the "hot-house effect", the acid rains and the toxic waste are disasters provoked by man by using the Nature as a "never-ending" resource. Everybody can verify other effects of the pollution, in the cities, in the seas, in the rivers, etc. We think that the scientific community must create an opinion movement able to force some decisions at political level. We think we are still in time to do something to save Nature with the help of everybody. (. . . ) ã 2003 L-Soft Sweden AB

The world’s first spam? Ø Date: 28 of June 1988 Ø Sent to 138 network engineers + an email list with 50 more recipients Ø The purpose was to “save the world” Ø No relevancy for the recipients Ø The sender was a female scientist in Italy Is spam an European invention? ã 2003 L-Soft Sweden AB

History in short Ø 1988: The world’s first spam in Italy? Ø 1994: “Green Card Lawyers” and “Make Money Fast” Ø 1995: 2 million email addresses for sale; first spam filter for email Ø 1997: 80 million email addresses for sale Ø 2000: Nigerian scam Ø 2001: 210 million email addresses for sale Ø Old problem; the spammers get better and more sophisticated every year ã 2003 L-Soft Sweden AB

Today – hard facts Ø Enormous amounts: 50 percent of email traffic is spam Ø Enormous costs: € 2. 5 billion in Europe, $ 9 billion in the US (2002) Ø Increasing like an avalanche Ø The trust for email and the Internet is being hollowed out Enough is enough! ã 2003 L-Soft Sweden AB

Trends Source: e. Marketer Daily, Issue 206, 2003 ã 2003 L-Soft Sweden AB

The challenge Ø Without filtering we are drowning in spam Ø With filtering we risk missing important messages Ø Opt-in rules are new and only apply within the EU (so far) Ø The spammers move “off-shore” ã 2003 L-Soft Sweden AB

What to do? The recipe for a cure has 4 ingredients: 1. Legislation 2. Education 3. Technical solutions 4. International cooperation ã 2003 L-Soft Sweden AB

DN, Right or Wrong? Källa: DN. se, 04. 11 2003 ã 2003 L-Soft Sweden AB

IDG, Web Question: “What is Your Opinion? ” Källa: IDG. se, 29. 10 2003 ã 2003 L-Soft Sweden AB

Legislation Ø EU: the world’s first opt-in zone since 31 October 2003 Ø US: “Can Spam Bill” & opt-out Ø Japan: opt-in has given effect Ø Australia: opt-in next step Ø Will US be alone with opt-out? ã 2003 L-Soft Sweden AB

"Combating spam has become a matter for us all and has become one of the most significant issues facing the Internet today. It is a fight over many fronts. The EU, Member States, industry and consumers all have a role to play in the fight against spam both at the national and international level. We must act before users of e-mails or SMS stop using the Internet or mobile services, or refrain from using it to the extent that they otherwise would. ” Erkki Liikanen European Commissioner for Enterprise and the Information Society ã 2003 L-Soft Sweden AB

Directive 2002/58/EG (12 of July 2002) Article 13: Non-requested communication ”The use of [. . . ] electronical mail for direct marketing may only be allowed if the subscriber in advance has given his or her consent. ” ã 2003 L-Soft Sweden AB

The EU directive, article 13 – three demands 1. Opt-in i. e. consent. Exceptions: • • Legal persons (B 2 B) Existing customers when companies market equivalent products 2. Legible sender and sender address 3. It should be easy and free of charge to unsubscribe from future mailings Ø Applicable since last day in October, 2003 in all states within the EU. Sweden is delayed! ã 2003 L-Soft Sweden AB

“Can Spam” Ø Allows opt-out Ø Forming a “Do-Not-E-mail registry” – dangerous! The spammers will: 1. Follow the law and respect the “Do-Not. Email registry” 2. Campaign for governor of California 3. Spam the “Do-Not-Email registry” and thank you for the free email addresses ã 2003 L-Soft Sweden AB

A good root password? gbush ã 2003 L-Soft Sweden AB

An uncrackable email address? gbush@aol. com ã 2003 L-Soft Sweden AB

Scale of penalty for spamming Ø Japan: • Up to two years in prison • Up to $25, 000 for private persons, up to $3, 500, 000 for companies Ø US: varies heavily but often very tough ã 2003 L-Soft Sweden AB

Scale of penalty for spamming Ø Italy: • Six months to three years in prison • Up to € 90, 000 Ø Sweden: not decided • Probably no prison penalty • Lost time has to be compensated • Is the penalty cheaper than buying a stamp? 1 000 affected employees × 2 sec = 33 minutes in total = 250 SEK ã 2003 L-Soft Sweden AB

Education Ø A very important part of the work where everyone can help/contribute: • Consumer: never buy anything if you don’t recognize the sender • Company: opt-in is the only praxis that will not hurt your reputation and trademark Ø Unexpected need for education in Sweden This is our common responsibility! ã 2003 L-Soft Sweden AB

Technical solutions Ø The challenge: Almost no “false positives” can be tolerated (1 in 10, 000? ) Ø Today: approx. 90 percent of the spam can be filtered without risk Ø If we succeed filtering too much the spammers will fine tune their routines ã 2003 L-Soft Sweden AB

Bad technical solutions Ø Simple filters searching for 18, weight, FREE etc. Ø “ADV: ” Ø Block port 25 for all clients Ø “Challenge-Response” Ø Black lists (too much chaos today) Ø “Make mail cost” proposals ã 2003 L-Soft Sweden AB

Two interesting techniques Ø Signature identification • Reliable techniques – like antivirus • Extremely low “false positive” Ø Bayesian filters • Very effective • Self-learning • Very complex – totally unintelligible to “regular” users ã 2003 L-Soft Sweden AB

Bayesian filters Ø Works best on individual level Ø Subtle and hard to understand: • Kalle knows Spanish but normally he just uses Swedish and English at work • All Spanish emails are in reality spam • When a client writes in Spanish the filter has learned that “everything written in Spanish is spam” and therefore it deletes the message! ã 2003 L-Soft Sweden AB

Future vision Ø It will get worse before it gets better: • The laws congregate towards opt-in, with the exception of US and their strong lobbies • US stands for >90 percent of the spam; they talk a lot about spam but in reality they have other priorities • Almost everyone gets protection against spam, both in central mail servers and in the email client (Bayesian filter? ) • Engineers waste more time on spam, without success ã 2003 L-Soft Sweden AB

Future vision Ø At some point US will go from words to action Ø In the long run they will have to go with opt-in; the EU may play an important role Ø Spam remains but is being limited, as chain letters were in the 1980’s ã 2003 L-Soft Sweden AB

For more information Ø About opt-in within the EU: http: //www. lsoft. se/news/optin 2003 -eu. asp Click on “L-Soft’s comments” to download the white paper Ø About “Can-Spam Act”: http: //www. lsoft. se/news/optin 2003 -us. asp ã 2003 L-Soft Sweden AB