SPAM is junkmail, but it is so much more than a nuisance. Reports show that over 50% of SPAM targets victims with Phishing attacks of some kind, using seemingly innocuous Email as clickbait or to steal personal information.
With more and more desperate measures being taken by criminal organizations, there is also an increase in nuisance type SPAM. It can be difficult for the average person to appreciate the degree to which SPAM creates problems on a day to day basis, particularly when compared to the real threat of Identity Theft or other Credit Card fraud, however the threat is very real.
Whether or not you feel savvy enough to avoid falling prey to some Email scam, there are so many different types of scams that you will become a Phishing victim sometime in your life, even if you are very tech savvy.
Imagining a future in which this doesn’t happen is possible, but it is absolutely unlikely unless significant changes happen.
Ending Spam Forever?
The MiCASA™ Public Trust (MPT) outlines a new platform that promises to end SPAM Email forever. The platform is not just about technology. It is technology serving a very real human concern about security and ethics. It stands to create a commercial zone whose security underpinnings maintain ethical communications and mutual respect.
Fortunately, the technology to do this has already been imagined, it has already been built, and the only people who need to do things differently are you, the public. This isn’t about convincing lawmakers or lobbying Big Tech to change a thing.
Your participation makes all the difference in the world, and the significance only grows as certain milestones are achieved.
Sound lofty? This is about a Social System rather than Software. True enough, advanced technology fuels it all, but this is a technology-forward application whose aimed at the social good.
It remains inclusive to all who would enter- private individuals as well as small business, non-profits and entrepreneurs- all except the Spammers, of course.
Commerce, Privacy and Trust
[Note: Please follow along this mini-discussion to collect talking points and criterion]
The issue preventing sufficient regulation of Email to destroy bad SPAM are the topics of Commercial Interest, Privacy, and Trust.
In reality nothing will slip by the demands of commercial interest. Generally speaking, laws in a free market society (most western type nations) will permit Direct Mail, Telemarketing, Text (Smartphone) Campaigns, and SPAM, and for this reason SPAM will probably always exist. Sustainable solutions to the SPAM problem will include a means to represent Commercial Interest in a positive fashion, but in a way that is different than it is done now.
Private organizations have a difficult time dealing with SPAM as well as serving the needs of regular contact between members of their organization and the rest of the world. Taking the case of corporate mail alone, the current Solution regarded as most effective is strict Whitelisting. The problem remains that Whitelisting is too restrictive and it precludes regular access that such organizations need to conduct business in the real world.
Solving the problem of bad SPAM cannot be left to a Whitelist alone as this closes off the system. The system needs to breathe to remain vital, and Whitelists are simply too air-tight. What if a Virtual Whitelist could be constructed- one which had acceptable rates of access, and one which in fact solved the problem which makes Whitelists in a Corporation too restrictive- what if the process to become Whitelisted were both automated and ensured compliance with Community standards?
This component to the system provides more or less “public” access and yet still enforces Community guidelines.
Turning towards the issue of Privacy when reviewing potential Solutions, note it is nearly impossible to implement a system that solves for bad SPAM while retaining Privacy.
Of course, privacy in the modern world is a matter of degrees. Regarding privacy in a pure sense, take a moment to think of a business such as Google or Microsoft launching a campaign promising Privacy along with their Big Tech solution for SPAM free Email. Such a thing might fail based on the perceived lack of trust alone. Would it really be a bad thing? That much is unclear. What remains true is that Privacy in a Virtual Whitelist Environment would require a significant amount of Trust.
Setting aside the relationship between Privacy and Trust for a moment- it is after all a balance point similar to the issue of Restriction and Access in the case of the Whitelist above- there is yet a technical challenge with Privacy in the proposed Solution. Assuming the Solution works like most VPN’s (Virtual Private Networks) the chief problem with Privacy is that the entire network potentially has access to internal communications. This may sound like Security and Privacy are at risk, but let us just focus on Privacy: while Privacy is guaranteed against those outside the Network, inside it is a little difficult. Again, assuming that the software solves all the problems of Security and Privacy between members, what remains is Privacy with the actual Administration of the system. When all else is accounted for, the System itself would have access to every mail ever sent, and in a proposed Solution serving several classes of individuals from private to commercial to other interests, this single point of exposure becomes the critical issue regarding Privacy and Security.
One Solution is to require Double-blind communications between all participants in the system including the system administrators and the system itself! This article is too limited in scope to speak on this point. Identifying this point is sufficient- and significant.
“Form Fits Function” is a truth of technology so dry it’s almost laconic. But if you have kept up so far, this is where Blockchain makes a Cameo and it may keep you through to the end.
Blockchain is the most hyped technology of the day (c.2018), and while Bellasys does not really call it hype, Blockchain is neither flawed, pointless, nor in itself truly a technology.
Controversy aside, the worst use-case for any technological component is because it looks good, or sounds good. While there is nothing wrong with finding useful and legitimate/legitimizing applications for hype and fanware, it rarely makes for good systems architecture.
The compelling use case for Blockchain here is the highly specialized system of Authentication (IPAL Technology) providing certitude that among all the possible machines sending and receiving mail on the network, those machines are absolutely, positively authenticated and therefore traceable in an otherwise private and secure double-blind virtual network. This is one critically placed point bridging Privacy, and Trust.
Without certitude about the origin of mail, there isn’t any means to enforce ethical conduct and community standards. This addresses the exact nature of the current problem today, and the chief difference between email open to the world and Email managed in a Network free of SPAM.
Imagine for a moment that this was not a deal-breaker. in that case the issue simply becomes filtering out unwanted mail, and this is possible today thanks to many tools already created and utilized by all of the major Email service providers, including individual domain servers. In brief- after taking out the “bad guys”, handling Email preferences and Settings becomes nearly trivial.
The Solution and Systems Architecture proposed by MiCASA™ could be easily implemented as a commercial service; however, it is intentionally designed to not only promote transparency and ethical communications in its network, it enforces it. The only single private interest the system is responsible for is the Community itself, and collectively even the community isn’t a real entity, but rather, thanks to it’s decentralized nature, it is a virtual construct that can evolve based on the needs of the Community while still retaining it’s core values as an egalitarian construct.
It’s a terrible pun, but the joke is on everyone. American Congressional “CAN-SPAM” (wiki: CAN-SPAM) laws related to the practices permitted to ensure ethical communications via email are lacking enforcement. However, among the 4 types of unsolicited communications- Direct Mail, Telemarketing, Door to Door Solicitations and SPAM, it’s the classic post-office type of junk mail and bulk mail which has the most recourse in case of abuse. Most newer technologies, including SPAM Email, Auto-dialers for Telemarketers (including automated voice messages), and text based marketing campaigns, are more difficult to regulate because there are many hacks to beat the few privacy features that do exist. To make a long, sad story mercifully short- nothing can really be done because the mechanisms that would have to be in place to really do something about it are not now, nor will ever be a priority for the greater Internet. At best, businesses which do follow sane practices look like good guys compared to the rest, and at worst, the The same is true of Telemarketing regulation, Post-office junkmail
Anatomy of a Spammer
Clicking a link inside a Phishing Email is the Coup De Grace… but it’s not the only target.
We live in a tech landscape that is anything but straightforward, and here’s a great example: how is it that one of the most common attacks is the act of stealing your Email address? If “they” already have it, meaning you have already received an email at your address, why is opening it a problem if you don’t click any links inside?
Typical Spammers and Scammers need to keep their “reputation” high to work with the way most bulk email services are wired. Too many “bounced” emails sent to defunct Inboxes causes problems for their reputation, and reputation directly affects whether an email will land in the next Inbox.
While actually opening mail will validate your inbox, sending your email address to the spammer with a green light for further hacks. Hacks to identify opened mail without read receipts are now trivial. Many operators do not consider their lists valid until some confirmation exists, therefore, validating your Inbox by opening the mail means effectively that your email address is now “owned.” This is perhaps the most critical step in launching future and more in depth attacks
Inside a Spamhaus, circa 2000
Because most people do not carefully report spam using tools in Google’s Gmail, for example, and because many legitimate and valid emails accidentally get marked as SPAM, these metrics are not adequately employed by bulk email servers, and even less reliable than other metrics – such as bounce rates and open rates. Verifying that there is a live person attached to any one of the millions of spam mails sent is vitally important.
Do not open questionable mail messages to find out, but should you open them as our testers do, you will notice many new mass emails with literally nothing written in them! They have a very compelling Headlines (subject line) that could sound like real news, or a offer for new shopping resources, but in reality it’s just a ploy to get those open rates up for some bulk mail account to try and earn reputation and ensure continued Inbox delivery.
With most criminal agencies the opposite is true- they don’t care about Reputation because they tend to hijack valid Email accounts relying on raw numbers to generate enough responses in a short period of time- typically under 2 weeks. After all, truly criminal organizations risk exposure the longer a campaign remains open.
Conversely, typical Spammers and Scammers rely on valid services and they are just waiting to get the signal that someone is listening on the end of their line. Therefore, hackers are employed to begin stealing personal data from the moment an email is opened, regardless of whether any links are clicked within, or other action is taken.
This is the current model of Email Spam, and here are 2 case scenarios which reflect activity of 2 typical Email Inboxes- one everyday user, and one system administrator who manages multiple clients and maintains an email account with each domain.
The typical user receives 10 SPAM emails each day, or more. This does not seem like a horrible nuisance until one becomes socially active or begins shopping online. Each store wants your email address for the shopping cart. There is nothing devious about this- these are retailers who have earned your business and at least an opportunity to extend more offers to you- usually these companies play very nice if you “unsubscribe” from their list. Most typical users can “unsubscribe” even from Spammy mail because most spammers care enough about reputation to honor the unsubscribe request.
However, as more and more spammers turn to services who are not dependent on reputation themselves, there are increasing percentages of email (services) that you can never “unsubscribe” from, because once you show one retailer that your email address is valid, it becomes part of a for-sale pool that will make the rounds to all spammers in their service roster.
Have you ever signed up for a retailer and then suddenly had a huge increase in SPAM? Guess what? It’s probably not that retailer! It’s probably some mail you accidentally opened, or clicked on a link out of curiosity. Once you have done this you have validated your email and given the green light to pounce on your Inbox- and this may not happen right away. It’s strategic. Of course, there are tough tactics employed by retailers all the time.