Lecture 12 SPAM Control

--- title: 'Lecture 12 SPAM Control' disqus: hackmd --- :::info ST2502 Computer Law & Investigation ::: Lecture 12 SPAM Control === <style> img{ /* border: 2px solid red; */ margin-left: auto; margin-right: auto; width: 80%; display: block; } </style> ## Table of Contents [TOC] Introduction to Spam --- - spam - __unsolicited commercial electronic msgs (UCE)__ sent via electronic mail or mobile phones - source of email obtained by spammers usually from - addresses of recipients from webpages - databases - guessing common names - domains - dictionary attacks - born in Phoenix Arizona 1994 - 2 lawyers sent ads on internet to 8000 usernet newsgrps & it reached 20m quickly resulting in crashing of ISP's primitive servers - new marketing technique born - jump in email traffic from 7% in 2001 to 50% in 2003 in some coutnries - IDA study - 1.33m people spammed in SG 2003 IDA-AGC Proposed Legal Framework on SPAM --- - actions taken - public consultation May-June 2004 - collab with ISPs, CASE (consumer association of sg), DMAS (direct marketing association of sg), SBF (sg business federation, SiTF (sg infocomm tech federation, now SGTech) - idea is to introduce multi-pronged approach to fight email spam - definition of spam under IDA - unsolicited commercial email msgs - e-advertising = UCE + - opt-out option (functional) - appropriate labelling - Eg. advertising (ADV) - commercial comms exclude comms between - private indivs - gov to citizen comms - appeals for donations by charities/religious orgs - msgs purely factual in nature ![](https://i.imgur.com/9tJbKAX.png) ### Opt-Out System - distirbuting model of sending unsolicited email & allowing recipient to request removal - permits sender to send spam emails to intended recipients until they're asked by recipients to stop sending - proposed legislation not against UCE if has opt-out regime #### Opt-Out Regime - ea UCE shld have valid return email address - other langs + eng - opt-out mechanism shld be functional - sender must comply with opt out request within certain timeframe - sender shld not pass recipient email to other business partners #### Requirements - Labelling Standards - subj titles shld not be misleading - subj titles shld contain ADV - ad - email msgs shld not have false header - email msgs shld have genuine email address/postal #### Advantages - reduce burden on businesses in compying with regulations - avenue for conducting legit businesses - consumers enjoy free access to info - consumers enjoy option to prohibit & select info - minimum standards/requirements in place #### Minimum Standards - valid email address for recipient to send for opting out - at least 1 set of opt-out instructions in english - functional - no transfer of email address by sender - specified timeframe ### Opt-In System - sender cannot send spam until recipient indicated that he's willing to receive it - characterised by recipients having signed up websites, special ad banners or marketing channels - those who signed up has "opted-in" - any emails sent wont be unsolicited #### Diff between Opt-In & Opt-Out ![](https://i.imgur.com/blQhsN6.png) IDA-AGC Proposal --- ### Application of Legislation - apply to spam also transmitted in bulk - but subjective test OR by ref to a minimum numerical threshold - apply to spam originating from/received in sg - minimise risk that sg become spam hub - merchant/business commissioning/procuring spam shld be liable for unlawful spam ### Spam Control Act 2007 - came into effect 15 June 2007 - parliament accepted almost entirely the proposals made by IDA-AGC join committee - act offers framework to better manage spam as legal guidelines are reasonably easy for marketers to follow - users who dont want to continue receiving spam must unsubscribe (opt-out scheme) - and any business sending out spam must provide such avenue structured in a consumer friendly fashion - marketer who continues to spam those who unsubscribe will face potential financial penalties of $25 for ea msg up to 1 million ### SG Proposed Legislation - Legal Actions & Obligations #### Legal Actions - Role of ISP - ISP which suffered loss/dmg as result of spamming will be given right to commence civil action in court - remedies include - dmgs for pure economic loss suffered - costs & expenses of action #### Obligations - self-regulatory code of practices - provide minimum standards of technical spam control & best practices - ISP actions to curb spam in sg - provide clear feedback procedures for subscribers - make info available for subs to manage spam - introduce technical measures to manage spam - implement clear policies to discourage subs from using ISP facilities for sending spam Multi-Pronged Approach --- - importance - gloabl nature of spam - self help as 1st line of def - need to equip public with knowledge - sg aims to foster pro-business & pro-consumer env - includes - public education - industry self-regulation - international cooperation ### Prevention Methods - avoid giving email to unfamililar/unknown recipients - dont post email online - Eg. chat rooms, newsletters, subscriptions, online grps - have more than 1 email - dont reply to unknown email sources - spammers use catchphrases to entice users to respond to emails ### Requisite Knowledge - IDA survey on spam 2003 - 42% of email users in sg unaware of how to protect from spam - public education impt - email users shld have knowledge on - how spammers operate - what impt user habits they shld adopt to limit risks of receiving spam - Eg. utilities of anti-spam software, firewalls ### Pro-Business & Pro-Consumer Environment - in line with IDA infocomm 21 1 of 6 focus areas, - sg will create pro-business & pro-consumer env to foster development & growth of digital economy - spam impedes business efficacy - result in loss of pdocutivity as time wasted in deleting spam - Eg. Wellesley, Mass-based Nucleus Research Inc estimates that companies lose USD$1,934 for every employee in 2004 compared to USD$874 in 2003 - anti-spam filtering company (Postini Inc.) estaimates spam currently accounts for >70% of total email volume worldwide #### Fostering Pro-Consumer Env - mandatory code of practice - DMAS's email marketing guidelines for marketers - left unchecked, spam may erode consumer confidence in email as medium of comm & commerce - actions taken - national anti-spam website - https://www.antispam.org.sg - IDA anti-spam awareness drive - SiTF anti-spam initiative - public education efforts by CASE & SBF #### Use of Technology - consonant with pub education - individual based - install anti-spam filers to reduce spam receipt - plethora of anti-spam software available - Eg. firewalls ### Industry Self-Regulation - marketers - mandatory code of prac - DMAS's email marketing guidelines to be implemented - ISPs - implementation of anti-spam guidelines by 3 major local ISPs - now called spam control guidelines - email users - consumer comms preference programme ### International Cooperation - spam is global issue - sg cannot fight alone - IMDA committed to partake in international initiatives including participation in global & regional fora such as APEC, ITU, OECD & ASEAN ###### tags: `CLI` `DISM` `School` `Notes`