Conference report: EU Spam Symposium

Kurt Einzinger, general manager of the Austrian Internet Service Provider Association (ISPA), opened the conference with a speech about how the Association works and how it plans to fight on multiple fronts against organized e-crime. The ISPA has 204 members which include: ISPs, companies with an online presence, maintainers of real-time blacklists and others. Kurt explained that spam represents a major problem for ISPs, causing infrastructure overloading and traffic bottlenecks and requiring a lot of manpower to maintain the systems, all of which incur financial losses for the companies.

Jason Steer, Product Manager at IronPort Systems, one of the main sponsors of the conference, gave an interesting presentation entitled ‘Deconstructing a 20-billion message spam attack’. Jason talked about a series of spam waves that were sent in May 2006 with different variations in order to prevent their detection. The waves consisted of 20 billion messages sent in more than 2,000 unique spam mutations (one every 12 minutes) and through 1,500 unique domains.

Jason described an experiment in which he and his colleagues bought some ‘Viagra’ from an online meds shop. When they received the product, expert analysis showed that it was fake. He concluded with a view shared by many in the anti-spam industry: that the real cause of the spam problem is not the spammer, but the buyer.

The next talk was a joint presentation by Richard Cox and Carel van Straten of SpamHaus, entitled ‘How do we balance the needs of privacy with the need to counter spam?’. Richard spoke about the well-known SpamHaus Project and described why he feels the internet is worth fighting for. I enjoyed the fact that Richard referred to the spammers as conventional criminals, and he called for them to be treated as such.

Carel described how spammers use decentralized bot networks and dropped malware that performs RBL lookups in order to make their activities more efficient. The spammers manage to escape law enforcement by distributing their bots, control centres, webservers, proxies etc. in various countries across the globe – preferably in those without anti-spam laws.

The conclusions of the talk were: a small number of ISPs are causing a significant amount of the damage by not having clear usage policies and if we want to start fixing the problem, the ISPs should be the first to take action.

There were two academic papers: one by John Aycock from the University of Calgary, Canada, and the other by Richard Clayton from the University of Cambridge in the UK. John analysed what a spammer or phisher would do with a botnet of a thousand or a million machines. Most people would assume that they would simply send a lot of spam, but John showed us that they can do much more. He described in his paper how the distributed computing power of so many hosts could be used easily to break strong encryption which we take to be unbreakable.

Richard talked about detecting email spam in sampled traffic data while it passes through major internet exchange points (IXP) sited in the UK. These servers are handling more than 100Gbit/s mail traffic. By analysing packet patterns, basic headers and the time at which the messages were sent, an ISP can monitor the emails that enter or leave its network.

The next two presentations were about the laws that are designed to define and control spam in the EU and Mexico. Max Mosing, a lawyer in an Austrian law firm, talked about the ‘ups and downs in the history of EU spam regulations’. Despite being rather long, the presentation was very interesting. I don’t think that many people realise how hard it is to get a simple (in our eyes) law approved and then applied in 12 different member states. The EU struggled first to define various forms of spam from a legal point of view and then successively, for eight years, issued and refined various regulations to cover all the holes left by the previous ones.

Cristos Velasco, founder of the North American Consumer Project on Electronic Commerce, was the second lawyer to speak, presenting the struggle of various organizations and the government of Mexico against spam and phishing. Even though the number of internet users in Mexico is rising rapidly (there are currently more than 20 million), there are not as many phishing attacks in Mexico as in other countries experiencing a similar growth.

John Graham-Cumming’s presentation was called ‘So, will filters kill spam?’. He discussed how the spammers keep their techniques up to date in order to bypass the filters. The main idea of John’s presentation was that spammers innovate constantly by testing their emails against filters, against webmail services and … by learning from spam conferences.

John also reiterated what we had previously heard in Jason Steer’s presentation and will hear again: spam works because people buy the products advertised in it. His conclusion was that spammers will continue to keep pace with improvements in spam filters. As the internet infrastructure improves, so spammers will be able to send even more spam.

The next speaker was Sven Karge from eco, a German organization that protects the interests of companies with an internet presence in Germany. Sven talked about a European initiative in which information about spam is collected from the EU member states with the purpose of stopping the senders of these messages. The project name is SpotSpam.net and a detailed description of what it does can be found at http://www.spotspam.net/.

Like last year, the final speaker of the conference was Spammer X, a retired spammer who has also written a book about his ‘work’. Spammer X gave an entertaining presentation about current spam trends and shared his thoughts about what the spam of the future might bring: VoIP spam and video spam. He confirmed that the only solution to spam is to stop people buying the advertised products, although he also listed a number of steps that will help to reduce spam including: securing computers, and sending complaints to law enforcement agencies, to anti-spam organizations and to ISPs.

On the second day of the conference an open discussion was held with panel members Richard Cox, Cristos Velasco, John Aycock, Richard Clayton, Carel van Straten and Spammer X. A lot of topics were discussed, ranging from spam and phishing detection to the possibilities and challenges brought by anti-spam laws.

It was good to see so many experts from so many different fields all brought together because of the same problem: spam. Like last year, though, I was disappointed by the fact that there were no presentations on the subject of phishing. However, the organizers have promised that next year’s symposium will include such material.

Webcasts of the presentations are available at: http://www.spamsymposium.eu/archivewebcast.htm.