Tuesday, July 25, 2006

A taxonomy of spam

A lot of people seem to be getting confused when we explain that DKIM will act on some types of spam but not others. This naturally leads to the question 'what spam will it affect?' at which point we have no clearly defined taxonomy. During early anti-spam actigvity there were long flamewars over the definition of spam and so the topic of defining what spam is was quickly declared off limits. As a result we never established a taxonomy of types of spam, it remained a single undifferentiated problem despite the fact that we knew that there were different degrees of spam and that no single technology would eliminate all of them.

Spam: a communication regardless of medium that is originated indiscriminately and likely to be unwanted by the recipient.

This definition eliminates very little, about the only form of unwanted communication that is excluded is things like writs, bills and such. While they may not be wanted by the recipient few of us would consider them spam.

We then subdivide spam according to two orthogonal axes: by communication medium; email, phone, etc. and by category, the two principal categories being criminal spam and non-criminal spam. Within each heading we have a series of possibly overlapping subclassifications.

Within criminal spam we have social engineering attempts (phishing), malware attacks (viruses, trojans, etc.), advance fee fraud, consumer fraud, theft of service, impersonation of origin.

Within non-criminal spam we have unsolicited commercial messages, chain letters.

Once we have a taxonomy it is much clearer that DKIM is designed in first instance to address the theft of service and impersonation of origin categories directly and may thus have a significant effect on criminal spam in general. DKIM is unlikely to have a great effect on unsolicited commercial messages unless and until there is an accreditation/reputation system to back it.

The purpose of CANSPAM also becomes clearer. While most spam that violates CANSPAM was already criminal before the act passed the act is still usefull because it serves as a tripwire offense enabling law enforcement to determine that a crime has occurred much sooner than without the law. CANSPAM does not change the legality of the spammers behavior but makes it easier to prosecute acts where the criminality is beneath the surface

No comments: