/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
How do you typically deal with spam? Clean your email box a few times a day?
That is what most people do. And they try to do some work undisturbed during the
rest of the day.
How will you feel if a popup blocked your screen every time spam landed in
your mailbox. Worse, it would not go away till you had at least a look at the
spam. For the sake of argument, that popup also keeps screaming at you (in loud
ringing tones) seeking attention. And how would you feel on a really bad day,
when this entire circus played out while you are making a presentation on your
Wi-Fied laptop.
Spam has been a part of the business of communications for as far back as one
can think. We have been unable to eliminate it till now, and there is very
little reason to believe claims that newer forms of communications will be any
safer from spam.
/vnd/media/post_attachments/d3d86b6ab0d22a10fc9d81fe6f9a4de4d83d4bccfbfe1a4258e4a1e55b19674c.jpg)
E-mail
spam needs no elucidation. Look further back, and the harrowing specter of
losing that one 'urgent' letter among the bundle of junk mails will come
back to haunt you. And, wasn't it yesterday, that five agents called up your
cell phone in thirty minutes, to sell two credit cards, a loan, and (in case you
had enough liquidity) two investment plans. Its nomenclature may change but spam,
it seems, will always be there. It will eat into precious resources, and make it
more cumbersome and expensive for everyone to stay in touch.
While customers seem to bear the brunt of spam, service providers are also
paying heavily for it. "If one looks at e-mail alone, up to 50 percent of a
service provider's resources can go towards tackling spam over e-mail,"
says Deepak Maheshwari, secretary, ISP Association of India (ISPAI).
How Can You Ignore It?
While spam over email is a menace, it does not render the e-mail system
useless. But, that comfort will not be available to the providers of Internet
telephony, especially after it is adopted by larger and larger number of users.
|
Internet telephony, the newest kid in the communications block, works on the
same IP networks that e-mail does. This means that while it has the potential to
be a killer application, like e-mail and Web browsing are today, it is also
prone to the tricks of the same spammers who are today experts in spoiling the
user experience with spam, annoying pop-ups, and cold callers.
And very few service providers or even users of VoIP are taking spam over
Internet telephony seriously. Perhaps the only significant response to this
threat has been that it has been given a name-SPIT or Spam over Internet
Telephony.
How Bad Can Spitting Be?
However bad e-mail spam gets, the only annoyance it will cause is a delay of
a a few hours in receiving the e-mails.
Spit differs from spam in this effect. The voice mails and messages are
bandwidth and resource hungry and very heavy (compared to the e-mail spam) and
overload the network. They can create a level of latency (or delay) that can
render the IP network useless for voice communications. And although this
latency did not hinder the adoption of e-mail, it could devastate the take-up of
Internet telephony.
Spit can take many forms. It can allow tele-callers to reach a larger number
of people at a much lower cost. And it can also enable (advertisers) to send
"sweet little" 2—3 Mb voicemails to thousands of subscribers,
thousands of times over-just like they do with spam. These will not only clog
the network, but also tire out the users if they had to listen to every
voicemail before knowing if it is spit. And DoS and DDoS will become easier
(even a little spit will have the effect of more than a hundred pieces of spam).
Then there are the usual suspects: viruses, spyware, and any other malware
hiding behind the voicemails. (See box on next page.)
There will of course be the usual firewalls to deal with them too. But they
are likely to be only as effective as they are with email.
How Will the Spammers Spit?
Spitting-if you get the drift-will work more or less on the same lines
as spamming. The IP phone number will basically be just another IP address.
These can be easily harvested, especially in the case of open, IP-based phone
system such as Free World Dialup, SIPPhone, and Earthlinks Free Online Calling,
the spitters can then voicemail messages and blast those unsolicited voicemails
to the entire list. A small percentage will respond to them and ensure that the
spitters stay in business. Services that have some part of their operations over
a closed user group, such as Skye, Vonage, and Comcast would be immune to such
general-purpose attacks. However, if these systems gained mass popularity, it
would be a matter of time, before a spitter hacks these systems and starts
sending spit to the members of the services.
Because the voice and e-mail systems share the same pipe, an increase in spam
could effectively turn into spit as it would eat into the bandwidth available
for voice services, creating latency in the service degrading it to a point
where the system cannot be used.
It will be very difficult to examine all IP-voice packets for malware, as can
be done over email, as this process could kill the ability to communicate in
real time.
And, with VoIP, many additional nodes will become available to the spitters,
such as network equipment like soft switches, signaling gateways, and media
gateways; and CPE like IP phones and broadband modems.
The danger is real. Meheshwari says, "We need to engage much more
closely and cohesively to fight the menace of spit...that undermine the very
fundamental values of the Internet."
Does Anybody Care About Spit?
Spitting is not happening now-for the only reason that there are just not
enough users of Internet Telephony services. But usage is set to increase, as
Internet telephony is not only more economical, but also offers many
productivity enhancers. VoIP service providers thus have an opportunity now, in
which they can evolve means of tackling spit. Initiatives like VoIP Security
Alliance (VOIPSA) are a welcome effort in this direction. The organization
claims to "fill the void of VoIP security-related resources through a
unique collaboration of VoIP and information security vendors, providers, and
thought leaders." And it aims to "promote the current state of VoIP
security research, VoIP security education and awareness, and free VoIP testing
methodologies and tools."
Sadly, there is also a view that such forums can play into the hands of
spitters. By being members of these organizations, the spitters can keep track
of the counterinsurgency. To be fair, at least VOLPSA is thinking about the
problem.
A leading conferencing solutions provider, pleading anonymity, said that in
India, even some of the banks were not taking this threat with any seriousness
yet. They are satisfied as long as the IP-based solution can integrate with
their firewall. The fact that spam (or spit) is as serious a threat to the VoIP
system, as viruses are to an e-mail system, is yet to permeate down to the
market. The reason for this complacency could be that e-mail is still a bigger
application than voicemail, and the spammers are in no hurry to start spitting.
But It Is Not That Bad Really
The technology is supposed to be inherently capable of handling most of the
spit. Just as spitters can use its features to carpet bomb, users can check the
spit at their level with features such as a more refined caller ID, and an
ability to process the data streams in whatever way they desire. For example,
they can require the authentication of callers before they get through. But if
such trickery could work, we would have tackled e-mail spam long ago. In any
case, this feature would disable genuine broadcasts that a user may be
interested in. For business users then, permitting spit is preferable to losing
business, but this is only till the level of voice spam is low.
One sure way to avoid a DoS or DDoS attack over the e-mail system from
affecting the VoIP system is to separate the voice and data systems, virtually
if not physically. This way, even if the email system is close to crashing, it
will not affect the voice traffic.
Vonage has come up with a very simple way of avoiding spitting from voicemail
messages. Over a fat pipe, the spitter can send a two minute long voicemail
within seconds. Mandating that voicemails can only be recorded in real time
thwarts the effort of the spitter. Again, while this may work for individuals,
it may not be very attractive to enterprises.
The Political Angle
Like all good things in life, spit is also acquiring a political angle.
Blocks in the US are rife with rumors that tele-marketers from India and other
outsourcing destinations will be able to reach the lucrative customers, with
much less cost, if VoIP becomes a hit with the customers in economies like the
US. Call from these destinations will not be in the form of voicemails but come
from Live agents. With human operators behind those IP phones, these calls may
not be spit technically, but they will sure have just as much nuisance value.
The Verdict?
A reason for the success of e-mail is that it complements the basic human
need to communicate. Therefore, it remains a killer application on the Internet
despite major hurdles.
Email revolutionized the way the world communicated the written word and VoIP
will do the same for voice communications. One had just hoped that the users and
industry would have learnt lessons from the email experience and tackled spit,
before launching commercial operations. But as usual, the powers that be have
chosen to learn on the job. The adage, prevention is better than cure, it seems
has not gained currency with our operators.
"First, we had SPAM then came SPIM and of late, the SPIT"
Deepak Maheshwari, secretary, ISP Association of India
Is spam is responsible for making the provision of email service more
expensive?
During the initial design and development, the protocol and the system was
designed such that in case a message was to be sent to more than one person, the
same was replicated at the server nearest to the recipient.
|
/vnd/media/post_attachments/2a860a2b2111f0f5219607ea7f878772d73a23a65db5c561e9ebb926b1fef1c2.jpg)
The spammers are abusing the design parameters used for more effective usage
of bandwidth as the originator of a spam does not have to pay much for the
bandwidth but at the recipients' end, hundreds, thousands and at times,
millions end up wasting their time, bandwidth and money. Though many e-mail
services today may be free per se, the access to them does take time and once
you add the value of time to sort and delete the spam, it becomes obvious that
spam is a definitely eroding the fundametal value of e-mail while also
increasing the cost thereof, albeit indirectly.
What amount of a service provider's resources go towards tackling spam
over email?
For any communication on the Internet, various resources like bandwidth,
servers, and routers are inevitably used. Besides, tackling spam requires
significant investment in training and deployment of additional human resources.
The proportions may vary depending upon the type of service provider, its
subscriber mix, type of services being provided and the systems and procedures
that the service provider deploys. However, if one looks at e-mail alone, it may
be as high as 50 percent.
How much damage does spam cause?
Some 50 billion e-mail messages transmit every day on the Internet, implying
some 50 messages per Internet user per day, considering that there are about 1
billion people online now. However, over two-third of these are spam.
Interestingly, just a few hundred spammers are generating more than two-third of
the spam of any kind.
Even if these major offenders are reined in, it would result in a major
saving. A look at http://www.spamhaus.org/statistics.lasso would show which
countries are more affected due to spam but as Internet usage grows in India, it
may become a big problem here as well.
However, beyond, e-mail the major problem today is that often spam is being
used to install malware and virus software on computers of unsuspecting and/or
ignorant customers.
Life would have been definitely much better without the menace of spam. For
the service providers, it would result in saving of bandwidth and server space
but more importantly, it would result in more and more adoption of e-mail while
saving the time and money in accessing, downloading, sorting and deleting such
mails by the end-users.
Have there been any incidents of Spit (spam over Internet telephony) in
the world or in India?
First, we had SPAM that was related to e-mail, then came the SPIM related to
instant messaging and of late, the SPIT has been added to the lingua franca of
the netizens. Of course, there have been reports of SPIT causing problems to
users, occasionally.
What is the awareness about Spit among the equipment vendors, ISPs, telecom
service providers, and the enterprises.
SPIT is a relatively new phenomenon but can assume alarming dimensions, if
not tackled properly. While spam can be sorted out at leisure, SPIT has higher
nuisance value as it has to be tackled here and now, while one is engaged in
Internet telephony. Moreover, this can cause adverse psychological impact
amongst the users.
We need to engage much closely and cohesively to fight the ugly menace of
SPIT and other malpractices that undermine the very fundamental values of the
Internet.