Top Story

Yes it’s the word that starts in s and ends in m: the technical term is unsolicited bulk mail. Whisper it quietly because if we spell the word out this e-letter might be blocked by measures taken to prevent it. Every morning your e-mail browser is awash with unwanted messages from people offering you unlikely business offers (419ers) and various chemical and medical solutions to what me might euphemistically describe as “personal problems”. But this is a worldwide problem. What’s this got to do with Africa? Well because all round the world many peoples’ first encounter with Africa is through 419 e-mails. ISPs and cyber-cafes need to take the subject seriously if the continent is to get to grips with its share of world unsolicited bulk mail and cyber-fraud. Russell Southwood investigates and looks at how it might be combated.

The SA (unsolicited bulk e-mail) Summit held last October in Johannesburg estimated that unsolicited bulk mail costs South African businesses between R7-billion and R13,1-billion per annum just in terms of lost productivity, according to Mark Walker, director for vertical programmes and Africa Research Group at BMI-TechKnowledge

The Summit concluded that unsolicited bulk mail is a problem of global proportions with the bulk of it originating outside South Africa, in the USA, Europe and the Far East, it is impossible for local legislation and regulation to eliminate all of it. Therefore, education of users is vital, through the media, via Internet Service Providers (ISPs) and of employees by companies to ensure that people are aware of the problem and how to deal with it.

At the West African Internet Forum (which took place alongside ACT 2003 in Abuja), Sunday Folayan of Ibadan ISP Skannet and Secretary of the ISPs Association of Nigeria showed participants a week’s analysis of the ISP’s traffic. In the table below, UCE stands for unsolicited commercial e-mail and NSM stands for Nigerian Scam e-mail (and all its variants from any other country):

Joseph Sanusi, the current governor of the Central Bank Nigeria (CBN), in a speech to an anti-Money Laundering group in Lagos, on 3 June 2003, took the view that the problem was declining: ”When the technology was installed, an average of 150 complaints per day on 419 transactions were logged on the CBN’s Web Site, following which Information of the activities of the scam group and advice on what to do was given to the complainants. The number has reduced to an average of 26 complaints of per day, as at the end of March 2003” However this reduction may simply represent a fall in the number of people bothering to report what is a largely unpunished scam.

A recent correspondent to a mail-list complained: ”I have been receiving several offending emails, with attachment files which are obviously viruses, from someone who has registered an email address, which is a portion of my real address. The user’s email address is (address witheld) which is a portion of my own email address”. The culprit has hijacked the user’s address and is using it to relay unsolicited bulk e-mailings.

In a speech at iWeek in Johannesburg, Greg Massel stressed the responsibility of ISPs and cyber-cafes to address the problem: ” Many end- users - both individuals and companies - lack the expertise to protect themselves. They find the inconvenience costly and unacceptable and can’t and don’t install (security) updates or patches in time. (Unsolicited bulk mail)is often offensive or contains content unsuitable for minors. This discredits the use of the Internet in schools. It reduces confidence in the Internet and e-mail and leads to reduced revenue for ISPs. Wasted bandwidth is costly to ISP’s and their customers. Traffic floods threaten the speed and stability of ISP’s networks.”

So what can be done? Well there are a number of places you can block its intrusion at the network level: network devices, firewalls, routers, mail servers and proxy servers. Likewise on the PCs themselves: personal firewalls, anti-virus software and anti-(unsolicited bulk mail) software.

Filtering can be used in the following ways:

IP Filtering
NBAR (Network Based Application Recognition)
Proxy servers
URL / Mime-Type filters
Virus scanning ¬ web & downloads
IP Filtering
IDS (Intrusion Detection Systems)
Virus scanning ¬ web, downloads & e-mail

The filtering on e-mail servers can be used to make checks prior to receiving message data and can offer:

Relay prohibition
SMTP authentication if relay required
DNS-based blacklists
Register of known spammers (e.g. SpamHaus)
Open Relays (e.g. ORDB)
Envelope address verification
Local-part hacks
Domain & MX validity
Address and domain blacklists
Call-out verification (Exim)
Simultaneous recipient limit

Checks on message data offer a further line of defense:

Format errors (Header syntax & Mime errors)
Header sender address validity
Rogue attachment types (e.g. PIF, VBS)
Virus scanning
Pattern matching (e.g. “Get rich quick!”)
Spam scoring (e.g. SpamAssassin)
Distributed hash databases (Razor, DCC, Pyzor)
Rejection during SMTP session
Avoid sending bounces to invalid addresses

At the PC level, users can use filtering on their e-mail clients to implement many of the same checks that have been listed for the server side above:

User-specific filtering rules
Bayesian classification
White lists
Mail client interaction with anti-virus / anti-spam software via local proxies.

None of these strategies offers absolute protection. The senders of unsolicited bulk mail will always be looking for new ways to avoid existing defences but they do allow you to cut down on the volume of likely unsolicited bulk mail.

Sky 2 Net is the exclusive agent for PineApp AntiFlood. It is a dedicated appliance that offers defense against in-house spammers. It allows monitoring, isolation and blocking of in-house spamming sources. It prevents overload of the ISP’s or cybercafe’s upstream and it denies access to all web-based mail services when used by spammers to spread large amounts of mail. It comes with two licences: model 1510 for 50 computers and mode 2530 for unlimited computers. Over ten machines have been installed in Nigeria and Sky 2 Net is making a sales push in West Africa.

But surely there must be some legal protection against this blizzard of unwanted messages? The Johannesburg Summit on unsolicited bulk e-mail concluded that while the issue of unsolicited bulk mail is covered by section 45 of South Africa’s Electronic Communications and Transactions (ECT) Act of 2002, there are several loopholes in section 45 arising largely from the lack of a definition of “unsolicited commercial communication” as it is referred to in the Act, according to Lance Michalson, partner at Michalsons IT Attorneys.

The Department of Communications is likely to amend the ECT Act, taking in to consideration the fact that at the time at which the legislation was developed unsolicited bulk e-mail did not present the current challenges. The provisions in the ECT Act have, however, served to create awareness of the problem, according to Envir Fraser, senior eBusiness manager at the Department of Communications.

However few African countries have legislation to combat unsolicited bulk mail and even fewer have the expertise to make a reality of legislation were it in place.

According to Greg Massel, the European Union’s Directive 2002/58/EC offers a clear way to go. It places the following restrictions on automated calling machines, telefaxes, e-mails and SMS’es: marketers require the “prior explicit consent of the recipients” before sending unsolicited communications to them. In the context of a “customer relationship”, it is reasonable to contact the customer regarding offerings of “similar products or services” but, “only by the same company.” “The use of false identities or false return addresses or numbers while sending unsolicited messages for direct marketing purposes” is prohibited. But whilst the Directive has a pleasing clarity of intent, our browser and “unsolicited bulk mail” folder is still besieged by floods of unwanted mail of all kinds.

If you have had bad experiences with unsolicited bulk e-mail or have found good ways to counter it please let us know.

Our thanks to Greg Massel on whose presentation at ISPA Week last autumn the description of anti “unsolicited bulk e-mail” measures is based.