British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient. Continue reading ISPs Don’t Want to be Spam Cops»

It has been a big year for the internet with social networks continuing to grow at an amazing pace, search engines scrambling to keep pace with user demand for fresh news, and as always spam and malware causing havoc around the world.

A look at the year’s major spam event shows some consistent trends.

• Season spam such as Valentine’s Day and Christmas remains predictable
• Spammers quickly move to exploit any major global news events such as celebrity deaths and wars
• Spam networks are becoming more distributed and resistant to shutdown attempts
• Social networking spam is on the rise as spammers attempt to exploit the perceived trust between people and their online “friends”
• Human error continues to be a big part of the spam landscape, both through inadvertent data exposure and through people falling victim to social engineering

Here is a look at some of these major events throughout the year.

January

Scams promising free money from US government grants attempts to exploit the news of corporate bailouts and the increase in unemployment.

Fake CCN news alerts take advantage of a clash between Israel and Hamas.

Global spam volume begin returning to normal levels after the McColo shutdown of November 2008.

The inauguration of US President Barack Obama leads to a wave of spam spreading rumours that his inauguration is invalid or that he resigned and attempts to trick users in downloading malware.

Spammers also get a head start on Valentine’s Day with malware-carrying love letters.

February

Human error at Google marked the entire internet unsafe (is it really that far from the truth?).

The poor economy continues to cause unemployment to increase, leading to a new wave of fake job spam.

Microsoft offeres a $250,000 reward for information leading to the arrest and conviction of the Conficker worm creators.

March

Citibank falls for a Nigerian 419 scam to the tune of $27 million, but is saved when the transfers fail due to invalid account numbers provided by the scammers. Continue reading 2009, The Year in Spam»

The fight to reinstate Virginia’s anti-spam law was dealt a fatal blow yesterday when the Supreme Court declined to hear the case. The law, which was enacted in 2003, was declared unconstitutional last September by Virginia’s State Supreme Court, which said it violated the First Amendment right to free speech. The decision resulted in the the overturning of Jeremy Jayne’s conviction on felony spam charges. Jaynes, who was sentenced to 9 years in prison, remains incarcerated on other charges.

While the Supreme Court does not provide reasons when it declines to hear a case, experts said the state’s decision was constitutionally sound, and Internet law experts said it is not likely the absence of the law will cause spam rates to rise in Virginia due to the CAN-SPAM Act and pointed out that most spammers operate from outside the country, making it nearly impossible to locate and prosecute them anyway.

Virginia’s District Attorney says he still plans to draft a brand new anti-spam law and promises it will address any constitutional concerns.

Canada, France, Germany, Italy, Japan, Russia, the United Kingdom and the United States. Which of these G8 countries is the odd one out? Well, I suppose that each of them is in some way, but Canada is unique among the G8 nations for not having any form of anti-spam legislation. Surprising, eh?

I have no idea why Canada has chosen to ignore the problem of unsolicited commercial emails for so long, but it’s something which may change in the not too distant future. Senator Yoine Goldstein has introduced an anti-spam bill, known as S-220, An Act respecting commercial electronic messages (the Anti-Spam Act), which is now on its second reading and, if passed, will provide Canadian authorities with some much-needed powers to deal with spam.

The bill, the full text of which can be read here, would make it illegal to send commercial emails without the prior consent of the recipient. Furthermore, all commercial emails would have to provide an unsubscribe facility (which must be acted upon within 30 days),  contain accurate header and routing information and accurate contact details for the sender. The bill also contains anti-phishing provisions and would make the supply or use of address-harvesting applications (or harvested email addresses) an offence.

Continue reading Canada Plays Catch-Up (Maybe!)»

The spammer that Facebook won a landmark $873 million settlement against last month operated out of Canada, leading to criticism of the country’s lax anti-spam regulations. They did attempt to address the problem of spam in 2004 when they formed the National Task Force on Spam. The group was made up out of a mix of marketers, telecom companies and public interest groups. However, for reasons unknown the government ignored their recommendation to implement anti-spam regulations. Now, four years later, there are still no anti-spam regulations in place. From the Toronto Star:

Continue reading Is Canada a Spam Haven?»