Microsoft word - f3118.doc

EMAIL SPAM RELATED ISSUES AND METHODS OF CONTROLLING
USED BY ISPs IN SAUDI ARABIA
HASAN SHOJAA ALKAHTANI *, ROBERT GOODWIN **, AND PAUL GARDNER-STEPHEN ** * Computer Science Department, College of Computer Science and Information Technology, King Faisal University, P.O. Box : 400 Al-Hassa 31982, Kingdom of Saudi Arabia ** School of Computer Science, Engineering and Mathematics, Faculty of Science and Engineering, Flinders University, GPO Box 2100, Adelaide SA 5001, Australia [email protected], [email protected] ABSTRACT
This paper presents the results of a survey of ISPs in Saudi Arabia about email SPAM and how they deal with it. We have
surveyed all ISPs in Saudi Arabia and we have received 11 responses from 27 ISPs. This survey investigated the nature
of email SPAM, its volume, its types and its sources in Saudi Arabia. It also investigated the effects of email SPAM on
operating ISPs. This survey aimed to understand the efforts of government and ISPs to control SPAM. Finally, this
survey aimed to assess the effectiveness of current filters in detecting Arabic and English SPAM.
The results showed that there was a large volume of SPAM in Saudi Arabia and this volume varied from organization to
organization. The results showed that the major of languages of SPAM were Arabic and English and that these Arabic
and English SPAM emails have different types and were sent from different sources in the world. The results showed that
the email SPAM affected the operation of the ISPs.
The survey also showed that the effectiveness of current filters varied from method to method in detecting Arabic and
English SPAM emails. Finally, the results showed that some of the ISPs were not aware of government efforts to combat
SPAM while others said that there were efforts by the government and they contributed to these efforts. The results also
showed that ISPs made attempts to control SPAM such as implementing and updating filters and informing customers
about SPAM.
Keywords: SPAM, Arabic, filters, email, ISPs, English.

from about 24 countries and he could send email SPAM to 70 million of users per day. He also said that he gained about $500 from each one million emails sent 1. INTRODUCTION
[8]. In addition, spammers have used many methods to The internet is considered an important tool for the bypass SPAM filters such as tokenization and world today. It has provided several facilities for users such as, the selling and purchasing goods, searching for Email SPAM causes several impacts on users and information, acquiring knowledge, and communication companies. Firstly, deleting email SPAM from an inbox wastes the time of users, and reduces employees' One significant use for the internet is email which performance in firms as well as reducing the allows users to send and receive text and multimedia productivity of companies. For example, reports messages. However, some people have exploited email indicate that SPAM cost companies in the USA $10 for personal purposes. These people, called Spammers, send so-called SPAM. billion in lost productivity in 2003 [2]. The cost of Email SPAM can be defined as "Unsolicited, email SPAM was estimated 10 billion euro for internet unwanted email that was sent indiscriminately, directly users a year worldwide [9]. Moreover, Ferris Research or indirectly, by a sender having no current relationship indicated that the cost of SPAM for companies around the world was about $14 per user per month in lost To achieve huge benefits in a short time at low cost productivity [5]. Furthermore, the Singapore Infocomm spammers collect a large number of email addresses in Development Authority (IDA) indicated that the total various ways. They can use programs known as spam- cost of SPAM for consumers is about S$23 million in bots to catch email addresses on the internet or they can lost productivity each year [6]. Secondly, resources of buy email addresses from individuals and organizations email servers are consumed by SPAM messages such as and send email SPAM to these addresses [2]. For wasting the capacity of the email systems of ISPs and example, the New York Times interviewed "one of the wasting bandwidth, and it costs Internet Service most prolific senders of junk email messages in the Providers (ISPs) a lot of money to increase their email world" in 2003. His name is Alan Ralsky, and he systems capacity and to buy extra bandwidth [4]. reported that he has over 150 million email addresses Moreover, email SPAM has significantly increased, 2. METHODOLOGY
and the content of the email SPAM is now written in different languages such as, English, Chinese and Arabic. For example, Jamie Cowper who is a 2.1. PARTICIPANTS
technology consultant at Mirapoint estimated that about There are 27 ISPs licensed by the Communication and 13.5 billion emails sent around the world each day are Information Technology Commission (CITC) in Saudi SPAM [5]. In the Middle East, 90% of the 1.5 million Arabia. These ISPs are distributed in different regions emails received by companies daily were detected as of Saudi Arabia. All 27 ISPs were surveyed to achieve SPAM in 2009 [11]. In addition, the number of SPAM the aims of this research. Completed questionnaires were collected from 11 ISPs. Responses from the other messages touched 92 million every day in Oman in 16 were not received because they were not keen to 2009 [11]. In Saudi Arabia, the number of emails participate in this survey. The 11 ISPs that participated detected as SPAM is 54% in 2006 [7]. The level of in this study varied in size of organization. SPAM email in the United Arabic Emirates averaged 83.4% in 2009 [12]. 2.2. MEASURES
There are many legal and technical solutions to fight It was decided that the best way to answer the research the problem of SPAM. By looking at the legal aspect, questions was through a questionnaire and hence a some countries have enacted special laws against questionnaire was distributed to the participants and SPAM to reduce the volume of this attack. Examples of their responses were analyzed. At the beginning, a pilot these countries include the United States of America, questionnaire was prepared and distributed to a few European Union countries, Australia [1] and some ISPs to get their comments and feedback about the Asian countries. In the United States of America, there are two sets of laws against SPAM: Federal laws and Then the participants completed a 12 page State laws. The Federal laws were enacted on 16 questionnaire using both yes/no answers and open December 2003 and it was the first attempt by the ended answers. The questionnaire was divided into four United States of America to combat SPAM. These laws parts, general information about ISPs, the nature of are regulated by the Federal Trade Commissions (FTC). email SPAM and its effects on ISPs, the effectiveness of In addition, states in America such as Washington, current SPAM filters in detecting Arabic and English Virginia, Georgia, California, Florida and Texas have email SPAM, and the efforts of ISPs and government to enforced special laws to fight the problem of SPAM combat email SPAM in Saudi Arabia. These parts are described in detail in the next sections. However, none of the Arabic countries have special laws to combat SPAM. In particular, Saudi Arabia has 2.2.1. GENERAL INFORMATION QUESTIONS
assessed the problem of SPAM, and has designed a ISPs were asked about the establishment of the framework to combat SPAM but this framework has not organization to enable a comparison between old and yet been applied as laws to fight SPAM in the country. new organizations in combating SPAM. ISPs were From the technical aspect, much research and many asked about the organization size to understand the projects have been undertaken by experts and scientists differences between large, medium and small in the area of information and network security to organizations in combating SPAM. They were also combat email SPAM. Examples of techniques and asked about the number of employees and the number filters used to combat email SPAM include content based filters such as bayesian, keywords and genetic They were asked if they have a special team or unit algorithms, and origin based filters like black lists, to manage and control network security, what are their white lists and challenge response systems. responsibilities in this regard and how many employees However, these filters and techniques for fighting are involved to give an understanding of efforts of ISPs email SPAM will not be effective as long as spammers to manage network security. They were also asked if work continuously to develop methods to bypass these they have specialist employees to combat email SPAM filters. So, these filters need to be updated and and what are their tasks to control SPAM. ISPs were developed regularly to detect new email SPAM and to also asked if workshops, conferences or other ongoing detect new techniques used by spammers in sending training on the control of email SPAM were conducted regularly for employees. This gave an understanding of Therefore, this research aims to gain an the efforts of ISPs to reduce the amount of SPAM by informing employees of new types of SPAM and new a. the nature of email SPAM, its volume, its type and methods to combat it. This data may lead to the of new techniques to combat new types of b. the effects of email SPAM on ISPs in Saudi Arabia c. the efforts of government and ISPs to combat email 2.2.2. EMAIL SPAM QUESTIONS
d. the effectiveness of current email SPAM detection At the beginning of this part, ISPs were asked to define filters in detecting Arabic and English SPAM. email SPAM in their own words in order to understand the definition of email SPAM based on their judgment. The definitions of ISPs for email SPAM are described 3. RESULTS
This section summarizes the results obtained from the We have defined email SPAM as “an unsolicited, questionnaire for each of the four parts of the survey. unwanted, commercial or non commercial email that is The first part of the survey showed that the size of the sent indiscriminately, directly or indirectly, to a large organizations ranged between small, medium and large. number of recipients without their permission and there The percentages of organization size can be seen in is no relationship between the recipients and a sender”. figure 1. The size was based on the opinions of the This definition was in the survey and used for the purpose of this research. Some examples of email SPAM, keywords and phrases used in email SPAM were given in the survey. Organization Size
ISPs were asked if they have blocked email SPAM recently and how many SPAM messages they block on average weekly. This gave an understanding of the volume of email SPAM in Saudi Arabia. They were also asked about the language of email SPAM, types of email SPAM, sources of SPAM and its keywords, phrases or unique features if they have blocked Arabic or English SPAM. We have focused in this study on English and Arabic email SPAM because English is the first language in the world and Arabic is the mother language for Saudi Society. We gained an understanding of the nature of email SPAM in Saudi Arabia, the differences between English and Arabic The results indicated that there were no differences SPAM, their types and their sources which may be between small, medium and large or new and old useful in developing filters to combat email SPAM. organizations in combating SPAM email in Saudi Additionally, ISPs were asked about the effects of SPAM on their performance and how much time they Figure 2 shows that 82% of ISPs have a business unit or team to manage the network security of the organization while 18% do not have a unit to control 2.2.3. QUESTIONS ABOUT THE
security of the organization. The results showed that EFFECTIVENESS OF EMAIL SPAM
there were different responsibilities for these units to DETECTION TECHNIQUES IN DETECTING
manage security. Some of the responses said that ARABIC AND ENGLISH SPAM
security units protected networks of companies from This part of the survey began with the definition of the intrusions and malicious programs such as viruses and two main techniques used in classifying email SPAM Trojans. Some said that these units strengthen the and some examples of these techniques. The two organizations network security, detect email SPAM by techniques were content based filters and origin based using software or hardware, protect the organization's filters. ISPs were asked about the techniques or filters business, and save business time. Some of the ISPs said that they have used to detect SPAM. They were also that the security units verify the current connections, asked about the effectiveness of the filters used in look at the network traffic, read the security logs on the detecting Arabic and English email SPAM. The results domain, look at the authorizing logs, and update the may lead to proposals of more appropriate and effective security patches. We have also found that the methods of classifying English and Arabic SPAM. responsibilities of security units included following up Finally, they were asked if they update their filters reports sent from security devices on the internal and regularly because updating filters regularly enables the external networks and the development of security detection of new SPAM based on new keywords or systems with the latest versions software and hardware. Does your organization have explicitly business unit or team for
2.2.4. QUESTIONS ABOUT THE EFFORTS OF
managing network security?
ISPs TO COMBAT EMAIL SPAM
In this part, ISPs were asked about the efforts of
government and ISPs to control and combat email SPAM. ISPs were also asked if there was information provided by them to customers about email SPAM and the appropriate methods to combat it. We requested from ISPs their opinions about the appropriate ways to control email SPAM in Saudi Arabia either technical or legal, and to add anything that they thought might be of Figure 2: Does your organization have explicitly a business unit or team for managing network security? The results showed that 45% of ISPs have Some responses have defined SPAM as messages sent employees with specific responsibility to combat email to mailing lists that are not regularly maintained. Email SPAM while 55% do not (See figure 3). The results SPAM was also defined by some ISPs as unknown showed that the tasks of those employees were: language emails delivered to recipients. Some of the monitoring of relay, email systems support, check ISPs defined SPAM as messages that complicate work unwanted bulk unsolicited commercial emails, and of server systems due to the large number of messages emails sent from pornographic sites or similar. Some of the responses said that the tasks were updating black All 11 ISPs said that they have blocked email SPAM lists and creating special lists when the known and the number of SPAM messages blocked varied from organization to organization. Some of the ISPs have blocked millions of SPAM messages, some have blocked thousands and others blocked hundreds on Are there employees with specific responsibility for combating email
average weekly. The maximum number of blocked SPAM messages was 8,000,000 emails per week and the minimum was 100 emails per week. The SPAM emails blocked by ISPs were written in different languages. It can be clearly seen in figure 5 that 59% of emails SPAM were in English, 24% were in Arabic, 7% were not recognized and 10% were in other languages such as Chinese, Japanese and Russian. Language of Email SPAM blocke d by ISPs in Saudi Arabia
Figure 3: Are there employees with specific responsibility for The results also showed that only 27% of ISPs have conducted workshops, conferences and ongoing training for their employees about email SPAM and its control while 73% have not conducted any activity regarding the SPAM problem (See figure 4). Are there any workshops, sessions, conferences or other ongoing
Figure 5: Language of email SPAM blocked in Saudi Arabia training conducted for employees of organization about SPAM emails
and their control?
From figure 5, the majority of email SPAM blocked was English and Arabic. Both Arabic and English SPAM have many different types. These types are shown in figure 6 and 7. They included advertisements from businesses, religious and political parties, also for pornographic materials, forums, medical products and online gaming, phishing and fraud emails, and other types such as individual messages for fun, news and puzzles. As seen in figures 6 and 7, the highest Figure 4: Are there any workshops, sessions, conferences or percentages for both English and Arabic SPAM were other ongoing training conducted for employees of organization about SPAM emails and their control? The workshops, conferences and ongoing training Types of Arabic Email SPAM in Saudi Arabia
were conducted regularly for employees of ISPs to understand the new keywords, features and phrases of email SPAM and the new detection methods to control it. Some of the ISPs conducted these activities every 4-6 months, some of them every 7-9 months and the others In the second part of the survey when we asked ISPs about the definition of email SPAM, most of the responses from the ISPs defined email SPAM as unwanted, unsolicited and bulk emails that are sent from commercial advertisers and adult websites. Some of the ISPs defined SPAM as messages sent to recipients without their direct or indirect permission. Types of English Email SPAM in Saudi Arabia
S ource of English Email S PAM in S audi Arabia
To help in developing new email SPAM detection Email SPAM has caused many effects on the techniques for both Arabic and English, we have operation of ISPs in Saudi Arabia. Figure 10 describe collected keywords and phrases from ISPs in Saudi Arabia. Examples of Arabic SPAM keywords and phrases include "ارقا يف ", "جمار ب","بيرد ت"," ي ف كرت شاىدتنملا"," حبراو كراش ","لزنملا نم لمعا", and " طقف لاجرلل". Examples for English email SPAM keywords and phrases include "sex", "Cialis", "girls", "Viagra", "Loto winner", "Investment", "Forex", "Green", "Visa and Master", "Training", "Greetings", "South Africa", "Partnership", "Bank loans", and "work and live in When we asked ISPs about the sources of Arabic and English SPAM emails, we have found that the sources of Arabic SPAM were as follows: 41% sent from Saudi Arabia, 30% sent from other Arabic countries, 8% sent from non Arabic countries and 21% sent from unknown We also found that the sources of English SPAM were as seen in figure 9: 16% sent from Saudi Arabia, Effects of Email SPAM on ISPs
11% sent from other Arabic countries, 53% sent from non Arabic countries and 20% sent from unknown Figure 10: Effects of email SPAM on operating ISPs From the results summarized in figure 10, we have found that 45% of the effects of SPAM on ISPs was losing time and reducing productivity. We have asked Source of Arabic Email SPAM in Saudi Arabia
ISPs how much time they spend in fixing related SPAM problems on average weekly. The responses were different from organization to organization. Some of the ISPs stated that they spent between 6-10 hours per week to fix SPAM problems and some said that they spent between 1-5 hours while others said that the fixing of SPAM problems was done automatically by the filters In the third part of the survey which asked ISPs about the filters that they have used and their effectiveness in detecting Arabic and English SPAM, we have found that all 11 ISPs used content based filters to classify email SPAM and 91% of the ISPs also used origin based filters. Examples for content based filters used by ISPs are shown in figure 11. We found that the majority of ISPs used Iron Port to classify email SPAM. The results also showed that the effectiveness of the origin based filters was 64% in detecting Arabic email SPAM and 77% in detecting English SPAM as shown in figure 14. The effectiveness of origin based filters in detecting Arabic
and English email SPAM
Content based filters us ed by ISPs to combat email SPAM
Figure 11: Examples of content based filters used by ISPs We asked ISPs about types of origin based filters used to detect email SPAM. Their responses are The effectiveness of origin based filters
Figure 14: The effectiveness of origin based filters in From the results in figures 13 and 14, we have found that both content based filters and origin based filters are more effective in detecting English SPAM than Arabic SPAM. We have also found that the content based filters are more effective than origin based filters in detecting Arabic and English email SPAM. From this study, we have also found that all 11 ISPs updated the SPAM filters used regularly to detect new In the fourth part of the survey, when we asked about the efforts of government to combat email SPAM, the responses showed that most of the ISPs were not aware Origin based filters used by ISPs to combat
of government efforts to combat email SPAM. Some of email SPAM
the ISPs said that they have read Communication and Figure 12: Types of origin based filters used by ISPs Information Technology Commission (CITC) documents about SPAM and took part in CITC surveys When we asked ISPs about the effectiveness of the related SPAM that were conducted by the government. content based filters in detecting Arabic and English When we asked the ISPs about their technical and email SPAM, we found that the effectiveness of the legal efforts to combat SPAM, most responses said that filters was 70% in detecting Arabic SPAM and 84% in they used latest versions of software and hardware to classify email SPAM. Some of the ISPs said that there were no legal regulations set by ISPs to combat email The effectiveness of content based filters in detecting
SPAM while some of them said that there were few Arabic and English email SPAM
legal actions such as submitting a report to the CITC if any internet abuse occurs from their own IP allocations. The results showed that the legal and technical efforts of ISPs were warning the spammers who send SPAM, blocking the addresses that send SPAM, receiving complaints from customers about SPAM and dealing with them in a quick and professional way. The results also showed that some of the ISPs when writing subscription contracts warned customers regarding misuse the internet service, and they applied penalties for the misuse of the internet like disconnecting the The effectivenes s of content bas ed filters
When we asked the ISPs about the awareness of their Figure 13: The effectiveness of content based filters in customers, either individuals, or companies, about email SPAM and methods of controlling it, the responses showed that 55% informed customers about SPAM, 4. CONCLUSION AND FUTURE
18% did not inform customers about SPAM and 27% did not answer the question (See figure 15). We have found that some of the ISPs provided specialized In summary, this paper presented the results of the awareness programs for customers about SPAM and survey of ISPs about email SPAM and how the ISPs methods of combating it. Some of them provided deal with it. This paper presented different definitions customers an awareness document which included of email SPAM based on the ISPs judgment. The survey information about SPAM and Phishing, how customers showed that most of the ISPs in Saudi Arabia blocked a protect themselves from SPAM, how to use Anti SPAM large volume of email SPAM, the SPAM was mainly in and how to update their security software. English and Arabic. The survey also showed that most Arabic and English SPAM was in the form of businesses advertisements. The results showed that the Arabic email SPAM was sent from different sources to Is there awareness provided by ISPs for customers and different
businesses about email SPAM and appropriate methods to combat
the English SPAM and the highest percentages of Arabic SPAM were from Saudi Arabia and other Arabic countries. The highest percentages of English SPAM were from non Arabic countries and unknown sources. In addition, the results showed that email SPAM impacted on the operations of ISPs in Saudi Arabia. These impacts included: losing time and reducing productivity, spending a lot of money in implementing and updating filters used to combat SPAM, and to buy extra bandwidth and capacity for the email system, losing customers due to receiving a large volume of email SPAM, and filling email capacity with SPAM. The results also showed that the ISPs used content Figure 15: Awareness provided by ISPs for customers about and origin based filters to detect email SPAM. We have found that both content and origin based filters were more effective in detecting English SPAM than Arabic When we asked ISPs about the appropriate ways to SPAM. We also found that content based filters are combat email SPAM in Saudi Arabia, some of the ISPs more effective in detecting Arabic and English SPAM provided some technical solutions to combat email than origin based filters. The results also showed that SPAM. They said that any organization that possesses Anti SPAM hardware is more effective than Anti an email system should make sure that it is guarded with Anti SPAM filters, either software or hardware. The results showed that some of the ISPs were not They said that the hardware filters have better aware of government efforts to combat SPAM while performance than software filters because the hardware others said that there were efforts by government and filters are more secure and provide more filtering for they contributed to these efforts. The results also inbound and outbound messages. In addition, some of showed that ISPs tried to control SPAM by means of the ISPs suggested that email SPAM filters should be technical efforts like implementing and updating filters, placed in the gateway level to filter all incoming and legal efforts like warning spammers and applying penalties for misuse of the internet service, and other We have found that some of the ISPs suggested efforts like raising customers awareness about SPAM. some legal solutions. They said that it is necessary to In future work, ways to improve the performance of enact clear laws to combat SPAM which include current filters in detecting Arabic and English email executive regulations and specific penalties for people SPAM will be investigated. This can be achieved by who send SPAM email. They suggested that there testing the effectiveness of current filters in detecting should be clear conditions for the internet service usage Arabic and English SPAM emails and this will lead to for each internet subscriber regarding SPAM activities. propose, update and develop the appropriate filters to When we asked the ISPs about other appropriate ways to combat SPAM in Saudi Arabia, the ISPs said Secondly, laws to combat SPAM in Saudi Arabia that it is important to establish an integrated authority, will be investigated. This can be achieved by looking to commission or management for network security and experiences of developed countries and their laws to staff it with people who have experience in both combat SPAM and this will lead to enact a new clear software and hardware areas of information security. Some of the ISPs suggested focus on the awareness of Thirdly, ways to encourage ISPs to collaborate with people about SPAM and methods of controlling it, and each other ISPs, organizations, government and conducting conferences and seminars to discuss email SPAM problems and the effective techniques to combat Finally, effective ways to inform customers, either individuals, or companies about SPAM in Saudi Arabia REFERENCES
[1]
Australian Communications & Media Authority, ACMA, viewed 14/03/2010, http://www.efa.org.au/Issues/Privacy/spam.html#acts , 2006. [2] Cook D., Hartnett J. et al., "Catching spam before it arrives: domain specific dynamic blacklists", Proceedings of the 2006 Australasian workshops on Grid computing and e-research , Volume 54, Hobart, Tasmania, Australia, pp. 193-202, 2006. [3] Cormack G. and Lynam T., "Spam corpus creation for TREC", Proceedings of Second Conference on Email and Anti-Spam CEAS, pp. 1- 2, 2005. [4] Cranor L. F. and LaMacchia B. A., "Spam!", Commun. ACM, vol. 41, no. 8, pp. 74-83, 1998. [5] Everett C., "Stronger laws needed to stem spam", Computer Fraud & Security, 2004, pp. 1-2, 2004. [6] Leng T. K., "Singapore's multi-pronged strategy against spam", Computer Law & Security Report, 22, 5, pp. 402-408, 2006. Communication and Information Technology Commission (CITC) viewed 15/03/2010, http://www.spam.gov.sa/eng_stat2.htm , 2008. [8] Rogers K. M., "Viagra, viruses and virgins: A pan-Atlantic comparative analysis on the vanquishing of spam", Computer Law & Security Report, 22, 3, pp. 228-240, 2006. [9] Schaub M. Y., 'Unsolicited Email : Does Europe Allow SPAM? The State Of The Art Of The European Legislation With Regard To Unsolicited Commercial Communications', Computer Law & Security Report, 18, 2, pp. 99-105, 2002. [10] Sorkin D. E., The Center for Information Technology and Privacy Law, viewed 01/03/2010, http://www.spamlaws.com/, 2009. [11] SPAMfighter, SPAMfighter news, viewed 01/03/2010, http://www.spamfighter.com/News-12056-Oman-Receives-92-Million-Spam-Every-Day.htm , 2009. [12] SPAMfighter, SPAMfighter news, viewed 01/03/2010, http://www.spamfighter.com/News-13723-UAE-Spam-Level-Hit-an-Average-of-834-in-2009.htm , 2009. [13] Wittel G. L. and Wu S. F., "On Attacking Statistical Spam Filters", Proc. of the Conference on Email and Anti-Spam (CEAS), Mountain View, CA, USA, pp. 1-7, 2004.

Source: http://www.nauss.edu.sa/En/DigitalLibrary/Researches/Documents/2011/articles_2011_3118.pdf