E-Mail Address Privacy via PEA\'s (Proxy E-Mails Accounts)

2009 Second International Symposium on Electronic Commerce and Security

E-Mail Address Privacy via PEA’s (Proxy E-Mails Accounts) Syed Rahman Mashwani1, Shah Khusro2, 3, A. Min Tjoa3 1

Institute of Business and Management Sciences/ Computer Sciences NWFP Agricultural University Peshawar, Pakistan [email protected] 2 Department of Computer Science, University of Peshawar, Pakistan [email protected] 3 Institute of Software Technology and Interactive Systems Vienna University of Technology, Vienna, Austria [email protected]

Abstract— Doing business electronically is a major tendency among customers and businesses but there is always a threat about personal information privacy. E-mail address is one thing about which customers expect that e-businesses will not misuse it. Most e-businesses have privacy policy but that usually changes with time. And in case of violating privacy it is difficult to find the original source of violation. A lot of research work has been done to protect mailboxes from spam messages and to make e-mail addresses difficult to be harvested. However, these methods do not prove helpful in finding the original source of violation and those that do exist often require modification in either mail server or mail client. The main feature of our proposed system is to help users detect the exact source from where e-mail address was misused and to find the violators who violated the e-mail privacy policy by sending spam messages or selling e-mail addresses to third parties. Finding the exact privacy policy violators enables us to take legal action against them. And after finding a specific source, through this system users can easily cut-off their relationship with them and by doing so they will not be able to send e-mails in future. So, people will not have to change their e-mail addresses again and again. If e-mail address is placed at “n” different places and is misused from one place then instead of making and redistributing new e-mail address to all correspondents, the exact correspondent is found out and dealt with, and for others the e-mail address does not change. It also indirectly helps the e-businesses in making the decision to change the format of placing e-mail addresses on site to make it difficult for harvesting. The Proposed system can be installed easily and does not need any change in the existing email infrastructure.

it also includes a promise not to use that collected information including e-mail address for advertisement purposes without customer’s free consent. But despite all these promises customers seldom trust them because some of them still very often send spam e-mails, sell customer information to other e-businesses for pecuniary purposes and usually e-businesses change their privacy policy at any later time for their own business interests [17]. So in many cases the privacy policy is violated and the information is leaked out. In such situation the task of finding out particular sites/correspondents precisely that violated privacy policy is difficult. Most people change their e-mail addresses to get rid of spammers/violators and redistribute new address among friends and families. This is a tedious job with a lot of overhead in personal information management. A. OBJECTIVES The scope of this work is defined to achieve the following objectives: • Finding all e-mail privacy policy violators • Finding the exact source from where e-mail address was misused • Making it easy to cut-off the relationship with violators/ spammers/ offenders • Informing e-businesses for changing the antiharvesting scheme in case of violation detection • Eliminating the need of changing and redistributing e-mail address in case of any abuse • Motivation of individuals for taking legal action against violators • Creating no problem for a user if he is away from home environment • Achieving all this without the need of modification to MUA or MTA.

I. INTRODUCTION Personal data privacy is a topic worth debatable between e-businesses and customers. It is obvious that customers want to be facilitated with web site browsing and even shop at any particular website with the surety that their personal information will not be leaked out for other purposes without their free consent. Most websites through their privacy policies try to deal with this feeling of their customers. Generally, privacy policies are statements by e-businesses regarding personal information of customers, that what they collect and how will they use the collected information. And

978-0-7695-3643-9/09 $25.00 © 2009 IEEE DOI 10.1109/ISECS.2009.257

B. PROBLEM SPECIFICATION E-mail addresses are frequently used while interacting with websites. A website assures customers’ privacy by their privacy policies that users’ e-mail addresses will not be misused. But in spite of their assurance some of them still misuse the e-mail addresses. Also such violation is hard to prove. And when e-mail address circulates through 346

spammers then to get rid of spam messages, most people change their e-mail addresses which is a wastage of time and results in several inconsistencies. C. SOLUTION The system that we suggest not only provides a mechanism to secure mail box from spam in future but also finds the exact source from where the e-mail address was misused. By using our proposed system people do not have to change there e-mail addresses. And it requires no modification in either e-mail server or e-mail client. II. RELATED WORK A. SPAM E-mail is the most widely used source for communication. It is also a cheap source for e-mail marketers to reach customers. Spammers send spam e-mails (also known as unsolicited commercial e-mails UCE and unsolicited bulk emails UBE) to people inboxes. These messages contain advertisement of the products which are usually illegally imported or sold, cracked software, fake lottery or the purpose of the message in some cases is just to steal your credit card data [15]. All these acts are illegal and is a crime. The statistics show that crime on internet is ten times that of the real world [8]. Sending spam messages, using or making of e-mail address mining programs or address harvesting software is illegal according to the Australian Spam Laws [2] and the CAN-SPAM Act [5] in Australia and United States of America respectively. The UK and the European Union also have their own laws but laws are bounded by borders. Globally, the number of spam messages per day is 14.5 billion; in other words spam makes up to 45% of all e-mails. Some research companies have estimated a greater figure i.e. 73%. United States is the largest spam e-mail generator [20]. To stop messages from robots some people use the technique of bouncing back the message to the sender along with a magic phrase (CAPTCHA [6]), and asks the sender to copy the magic phrase into the subject of e-mail and reply back to the same message. This helps to distinguish between a robot and a human but its disadvantage is that it also discards some valid messages as most e-businesses send messages to customers using automated software. There are also some tools for filtering the e-mails based on content. To escape such detections spammers use several techniques like delivering messages in image format instead of text. And to send it in such a way that is not recognizable by image recognition software. Sending messages by spammers in ZIP, PDF and even audio and video format attachments is a recent phenomenon. Shifting of spam formats are described by Elsevier [9]. Keyword based filtering techniques declare a mail as spam if black listed words occur with a specific probability, but spammers can also make use of Unicode to obfuscate emails by mixing up Unicode characters in between blacklisted word. This is because that in Unicode there are many visually same but technically different characters e.g. replacing “free tour and TRIP” with “fґee Łour and TR1P”.

An English language dictionary can also be employed in spam filtering but it may slow down the process. A countermeasure against Unicode obfuscated spam is described by Changwei Liu [13] In short both camps are striving to enhance their modus operandi. The detectors are finding new and intelligent ways to filter out spam messages while the spam professionals are also busy in finding intelligent ways of escaping from the detection. B. E-MAIL ADDRESS PRIVACY Unfortunately legal organizations for protecting user privacy against abuse are few and those that do exist are often ineffective [4]. And also most of the third world countries have no legislation for this purpose. As we mentioned that some of e-businesses sell user information to third party, which is one of the data source for spammers. The second source is that the e-mail addresses are placed on internet (web pages, newsgroups, chat rooms, message boards, online resume and dating services etc) by people/e-businesses in such a way that encourages spammers to harvest these e-mail addresses using e-mail harvesting software (Email Spider Gold [10] and Power Email Extractor [16] etc). Forwarding an e-mail results in sending of all the antecedent addresses and thus opens door for spammers. This can be avoided by using BCC (Blind Carbon Copy) to mask recipients a message from each other or by deleting the message header containing the list of previous recipients from the body of the message [7]. Schryen [18] addressed the analysis of receipt of spam caused by placing e-mail addresses on the Internet. His experimental results show that most spam e-mails result from web placements (62.3%), followed by spam caused by newsgroup placements (6.3%) and then newsletter subscriptions (1.27%). However, address obscuring techniques (AOTs) are used to make e-mail address harvesting difficult. These techniques include [1, 18]: Changing visual appearance of an e-mail abc+domain.com, abc(at)domain(dot)com, abc(8)domain.com, [email protected], writing each character in separate line, a b c @ d o m a i n . c o m.

By modifying html code By adding comments: abc< ! - -This text confuses harvesters. - - >@domain.com

By placing each character in separate column: a b c @ d o m a i n . c o m

Using java script e-mail ”);

OR var name = 'abc'; var at = '@'; var domain = domain.com'; document.write(name + at + domain);

347

And Embedding e-mail address in an image

Figure 1: Embedding e-mail in image

But still it is possible to harvest when a technique becomes common. The third data source for spammers is guessing e-mail addresses i.e. the e-mail addresses like [email protected], [email protected], [email protected] etc are very common in about all organizations. Spammers use brute force or dictionary attacks for this purpose. And the fourth source is an attack on mail server which doesn’t rely on collection of e-mail addresses at all. Whatever the source for spammers may be, making their job harder is the ultimate goal. Hall [12] proposed the idea of a channelized e-mail address. An e-mail account is made accessible via a usercontrolled set of channels each with a distinct address containing the account name and a security string known as a channel identifier known to a legitimate correspondent. The account owner is provided simple controls for opening a new channel, closing a channel, and switching a channel by notifying selected correspondents that a new channel is replacing the current one. For implementation purposes, Hall modified Sendmail which is a mail server agent on Linux. The foremost objective of Hall’s work is to stop spam from reaching the mailbox disregarding the others goals on which this work is based e.g., finding the exact source of violation. Gburzynski & Maitan [11] extended the work of Hall. In their work a Channel can be dedicated to One Sender (or to a narrow set of senders), Sender’s Domain, and All Senders. This system does not allow emails from unknown senders, accepts emails from only specified addresses. And additionally it allows patterns to set for From, Subject and Body of message i.e. Allow message only if a specific keyword(s) occurs in From, Subject or Body of message. The work of Boers & Gburzynski [3] is based on automation of Mail Channels. Messages arriving at master address receive an automated reply from the server, asking the sender to prove his/her humanity and to resend his message to a new mail channel. When the mail channel receives its first message, it becomes personalized to the sender. But this technique does not work if a legitimate sender is a robot. Seigneur & Jensen [19] suggested the use of disposable email addresses (DEA’s) for privacy recovery. To use the service the user first connects to REAP (rolling e-mail address protocols) server and generates a new DEA, which he passes to the correspondent. The new correspondent later sends an e-mail, which REAP adds to user’s inbox. After opening and reading the e-mail using REAP e-mail reader, a user can select from one of three options: “Okay,” this moves the mail to users’ inbox; “Ban,” which closes the

address; and “Roll,” which closes the address and creates a new DEA to replace it. But its disadvantage is that it is dependable on a modified e-mail client, which should be installed on each and every user’s computer. So it makes harder for users to manage DEAs when they’re away from their home environments. III. RESEARCH METHODOLOGY Normally a user directly interacts with an e-business. As some of e-businesses are hard to trust therefore the mechanism we propose here gives protection to customers at client side1. We use two software agents. A Client Machine Agent (CMA) is installed on client side user machine and an E-mail Server Agent (ESA) is installed on the e-mail server machine. The ESA has read access to the e-mail database. The role of ESA is to create proxy e-mail accounts (PEA’s) and to forward e-mails to the appropriate end. The role of CMA is to automate the process of creating PEA’s to some extent. A user gives his personal information (e-mail address, phone number, zip code etc) to CMA and CMA saves this information in its database at local machine. In order for the CMA to start its operation a user must have to login using a web user interface. However, the system is not dependant on CMA and can work without its presence. A. REGISTERING NEW SITE WITH THE AGENT The CMA uses user information to fill the transaction or registration form automatically whenever an e-business or a web site in general asks a user. While the form is being filled the CMA asks ESA to create a (new) proxy e-mail account for the logged on user and the current web site. The ESA then creates a PEA (assume pe-1) using mail server API and saves the proxy e-mail address (pe-1) along with the domain name of the site (assume s-1) in its database on the e-mail server machine and sends this new e-mail address to the CMA. The CMA then uses this address (pe-1) to fill the form instead of the original e-mail address of the user. Whenever a user interacts with a distinct website or correspondent (e.g., s-2, s-3, s-4 ...), these agents create and use a proxy e-mail address (e.g., pe-2, pe-3, pe-4 ...). This is shown in Table 1. CMA cannot doing this automatically for some sources like blogs, chat, business cards etc therefore the user should use its web user interface to manually register a correspondent. TABLE 1: ESA DATABASE

ID

PEA

1 2 3 4

pe-1 pe-2 pe-3 pe-4

n

pe-n

Site/ Correspondent Name s-1 s-2 s-3 s-4 s-n

Correspondent E-Mail

se-3, se-4, se5 se6 se-n

1 Assume the client machine and the e-mail server as client side of ebusiness.

348

B. HANDLING AN E-MAIL FROM A SITE/ CORRESPONDENT The ESA continuously checks mail box of each PEA for a new e-mail arrival. Whenever a mail arrives the ESA finds direction of email i.e., from the user or a site to a PEA. When sent by the user to a PEA it is intended to be forwarded to a site with corresponding PEA of the sender. When an email is received from a site with the user’s PEA as the receiver address, the ESA finds the original address of the user from the database and resends the email to that address. Assume that it is addressed to pe-1, it compares the sender’s address of this e-mail to the user’s original e-mail address. If not matched then it means that this e-mail is from site (s-1) indirectly for user via PEA (pe-1). The ESA updates the record of the PEA (pe-1) in its database by copying the sender’s e-mail address (se-1) in correspondent e-mail column of the database if not already inserted, see Table 2. Then the ESA forwards the e-mail to the original email address of the user from proxy account (pe-1) after concatenating ## symbols and correspondent e-mail address with subject text2. So, the user receives e-mail from PEA (pe-1). C. HANDLING AN E-MAIL FROM A USER After reading e-mail if user wants to reply to that mail or wants to send new e-mail to the site (s-1), he simply replies to the same message or sends new e-mail to the PEA (pe-1) of appropriate site (s-1). The user can use a web user interface for confirmation for a PEA of a correspondent. Whenever an email is sent to a PEA (pe-1) from user, the agent forwards it to its appropriate correspondent’s address. D. HANDLING THE SITUATION WHEN A USER WANTS TO SEND E-MAIL TO A SITE ADDRESS WHICH IS NOT YET REGISTERED WITH THE ESA The second record in Table 2 has still no correspondent email address because no communication is done yet between the site and the user. Correspondent e-mail addresses are entered automatically in the database by ESA when a site first sends an e-mail. But here is the situation where a user wants to send an e-mail to a site first. There are two methods for this. TABLE 2: ESA DATABASE (UPDATED 1)

ID

PEA

1 2 3 4

pe-1 pe-2 pe-3 pe-4

n

pe-n

Site/ Correspondent Name s-1 s-2 s-3 s-4 s-n

Correspondent E-Mail se-1 se-3, se-4, se5 se6 se-n

First one is that the user manually enters the e-mail address via web user interface, then as earlier, simply sends the e-mail to PEA (pe-2) and the ESA forwards it from PEA

(pe-2) to the site’s e-mail address. Secondly, the user types e-mail address of a site in the subject field after the subject text. To distinguish the explicit entered e-mail address from the subject text we use two consecutive Number Symbols “##“ in the beginning of an email address. We chose this pattern because the same is very rarely used in email subjects. The user then sends it to PEA (pe-2) from which, when received, the ESA extracts e-mail addresses from subject text and inserts it in the database and forwards the email to the extracted e-mail. See Table 3 for the updated entry. E. HANDLING A USER E-MAIL TO A SITE WITH MULTIPLE E-MAIL ADDRESSES Most sites have a separate e-mail address for each of its department such as [email protected] , , [email protected] and [email protected] [email protected] etc. We have the same situation in the third row of Table 3, which has three e-mail addresses (se-3, se-4 and se-5) for a single site/correspondent. So in this situation the user enters the exact e-mail address after the subject text and sends it to the PEA (pe-3) of that site (s3). The ESA simply forwards the mail to the e-mail address which is mentioned by the user after the subject text. Note that the user can also send an e-mail to multiple e-mail addresses of a site by mentioning all addresses in the subject field after the subject text separating each address by “;”. TABLE 3: ESA DATABASE (UPDATED 2)

ID

PEA

1 2 3 4

pe-1 pe-2 pe-3 pe-4

n

pe-n

Site/ Correspondent Name s-1 s-2 s-3 s-4

s-n

Correspondent E-Mail se-1 se-2 se-3, se-4, se5 se6

se-n

F. DETECTING THE EXACT SOURCE The above procedure makes it very simple for the users to detect the exact source from where an e-mail address was misused. This can be easily done manually by the user e.g., if a user receives an e-mail from a PEA (suppose “pe-1”) and if the e-mail does not belong to its correspondent, say “s-1”, but belongs to another e-business then it clearly indicates that the site “s-1” has violated the privacy policy or spammer has succeeded to harvest e-mail addresses from that site. G. DISTINGUISHING BETWEEN E-MAIL PRIVACY POLICY VIOLATORS AND HARVESTERS Some e-businesses store e-mail addresses in a database without publishing on a page eliminating the chance of harvesting. So, if a user receives a spam e-mail from a proxy e-mail address registered with that e-business then it clearly indicates that the e-business has violated its policy.

2 This helps the ESA when user replies back to message and if a particular PEA has more than one correspondents registered

349

(E-Business) SERVER

C L I E N T U S E R

M A C H I N E

Websites etc CMA DB

Client Machine Agent CMA

User

MUA

EMAIL SERVER MACHINE

ESA DB E-mail Server Agent ESA

M.Box

MDA

MTA (mail server)

Figure 2: E-mail Address privacy via PEA’s

But some e-businesses publish users e-mail addresses on their sites which can be harvested. So in this case it is still difficult and hard to prove that either the site has violated its policy or the spammers have harvested the e-mail. But the advantage here is that the user can inform the site authority about the violation. If the site is not directly involved then they need to change the way of publishing e-mail addresses making it difficult for harvesting. H. GETTING RID OF VIOLATORS AND SPAMMERS If a user finds someone violating the privacy policy by sending him spam messages or sold his e-mail address information to another e-business or e-mail address reached to spammer through any other means and now he wants to cut-off his relationship with that specific e-business then it can be done simply by deleting the PEA of that site. By doing this neither that e-business nor a spammer can send email to the user. Or if a user wants to continue relationship with e-business and only wants to get rid of the spam then he has to change the proxy e-mail address of the related ebusiness and to inform that specific e-business only.

Outlook Express. To connect it to Lumi Soft Mail Server we entered “localhost” in both the SMTP and IMAP/POP3 fields while setting up user account in Microsoft Outlook Express because in our case both the mail server and mail client are installed on the same computer system. After configuration of Lumi Soft Mail Server and Outlook Express on a system of 1.6 GHZ Intel Dual-Core and 1 GB of DAM, We ran the MSA on the Mail Server Machine and started sending and receiving of e-mails. To examine the role of MSA we tested different situations like: • Sending message to the proxy e-mail address from an existing correspondent • Sending message from an unknown correspondent • Sending message from user’s original e-mail address to a correspondent that does exist in ESA database. • Sending message from user’s original e-mail address to a new correspondent that does not exist in ESA database. Etc. After thorough testing we noted that our system was accurately performing as expected.

IV. IMPLEMENTATION AND EVALUATION Currently the system is implemented as a desktop version. The CMA and ESA modules are implemented in C#.NET, the database is implemented in SQL Server 2000 and the web interface is implemented in ASP.NET using C#. We used freeware Lumi Soft Mail Server [14] as Mail Server which is written in C# too. For sending and receiving e-mails / Mail User Agent (MUA) we used Microsoft

V. LIMITATIONS, DRAWBACKS AND IMPROVEMENTS Our system works well with both the first and the second data sources for spammers but is struggling against the remaining two. For example, consider that a spammer guessed proxy e-mail address pe-1 which belongs to site s-1 and then sent spam message on that address. After receiving spam message the user will guess that site s-1 violated the 350

privacy but in fact it didn’t. And after this false guess the user can also cut-off his relationship with the site s-1 because of the false information. A simple solution for this situation would be to use a random un-guessable alphanumeric code in proxy e-mail address. This can be generated by any robust cryptographic algorithm. An example is to use [email protected] instead of [email protected]. But such addresses are not user friendly which is a trade-off between security and user friendliness. Still it is difficult to distinguish between a violator and a harvester in case when e-mail addresses are published on websites. Our system makes an extensive use of PEA’s, although a PEA acts as an email forwarder and does not let emails remain in its inbox but it may create storage space problem. This can be resolved by space sharing technique. For example if an original e-mail account has 1 GB of space then all its proxy PEA’s will use the same space. And also on other side our system saves storage and bandwidth by stopping unwanted e-mails at the earliest stage. There is also no need of processing the content of incoming e-mails for filtering out spam. The management of PEA’s information may bring an extra load on a user. The number of PEA’s may grow with the passage of time which will make it more difficult for a user to manage and will waste user’s precious time making the system impractical in certain cases. So the system needs more automation to reduce the extra burden from the user. I used CMA, which automates the process of creating PEA’s to some extent. However, it can also be automated by using a reserved unique e-mail account like [email protected]. Whenever mail is sent to this address from a real e-mail address with destination address embedded after the subject text. The ESA will make a new PEA and will extract the destination address from the subject text. After updating the database the ESA will direct the mail message to its destination. Mails except from original e-mail address to this address will automatically be deleted by ESA to protect it from flooding attack. The same solution with a slight difference is given by Boers & Gburzynski [3] Access of intruder to ESA Database and E-mail address spoofing can create problem for our system. The network security must be ensured to be high enough that the system is not threatened by such type of actions. VI. CONCLUSION There are many ways to protect inbox from spam but only those techniques and tools are commonly used that can be easily installed, configured and don’t need a vital change in email clients and servers. Content based filtering techniques/tools e.g., Spam Assassin is the example which can easily be installed and doesn’t need any modification. Unlike content filtering techniques most of the email address privacy techniques requires modification in either MUA or MTA. But beside these techniques our proposed system is easily installed, configured and does not require any modification in MUA or MTA. Our proposed system provides a mechanism to identify the exact privacy policy violators and the exact source from

where an e-mail address reaches to spammers. It also provides an easy way to get rid of spam e-mails without changing e-mail address. We used an extra software agent MSA to act as a bridge between a user and a correspondent. All the e-mails which are sent directly to a user’s original address are automatically deleted by the MSA. To facilitate a user we used CMA for automation of the process to some extent. The system does not require any modification in either the MTA or the MUA. A user faces no problem in case he is away from home environment. ACKNOWLEDGMENT We would like to thank Dr. Jean-Marc Seigneur (http://cui.unige.ch/~seigneur/) of University of Geneva Switzerland, Nicholas M. Boers of University of Alberta Edmonton Alberta Canada and Ivar Lumi the coder of Lumisoft Mail Server for their meaningful conversation with us during this work. REFERENCES [1] [2] [3]

[4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20]

351

"Address Munging ." http://en.wikipedia.org/wiki/Address_munging (accessed September 2008). "Australian Spam Laws." Electronic Frontier Australia. http://www.efa.org.au/Issues/Privacy/spam.html (accessed September 2008). Boers, Nicholas M., and Pawel Gburzynski. "An Automation of Mail Channels." Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services (AICT/ICIW). 2006. Butler, Kevin et al. "Privacy Preserving Web-Based Email." LNCS 4332 (ICISS), 2006: 116–131. "CAN-SPAM Act." 2003. http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=108_cong_public_laws&docid=f:publ187.108 .pdf (accessed September 2008). "CAPTCHA." http://www.captcha.net/ (accessed September 2008). Curtis, Chris. Email Address Privacy. 2008. http://www.bellaonline.com (accessed January 2009). Electronic Frontier Foundation. http://www.eff.org (accessed September 2008). Elsevier. "Spam formats shift again." Network Security 2007 (2007): 2. "Email spider gold." www.sharewareconnection.com/downloademail-spider-gold-from-sharecon.html (accessed September 2008). Gburzynski, Pawel, and Jacek Maitan. "Fighting the Spam Wars: A Remailer Approach with Restrictive Aliasing." ACM Transactions on Internet Technology 4 (2004): 1–30. Hall, Robert. "How to Avoid unwanted emails." communications of the ACM 41 (1998): 88–95. Liu, Changwei, and Sid Stamm. "Fighting unicode-obfuscated spam." Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit. Pennsylvania, 2007. 45-59. Lumi Soft Mail Server. http://www.lumisoft.ee/ (accessed December 2008). Pasquinucci, Andrea. "Inside the mind of a spammer." Computer Fraud & Security. 2007. 7-8. "Power Email Extractor." www.sharewareconnection.com/poweremail-extractor-lite.htm (accessed September 2008). Schafer et al. "E-Commerce Recommendation Applications." Data Mining and Knowledge Discovery (Kluwer Academic Publishers) 5 (2001): 115–153. Schryen, Guido. "The impact that placing email addresses on the Internet has on the receipt of spam: An empirical analysis." computers & security 26 (2007): 361–372. Seigneur, Jean-Marc, and Christian Damsgaard Jensen. "Privacy recovery with disposable email addresses." Security & Privacy Magazine, 2003: 35-39. Spam Statistics. http://www.spamlaws.com/spam-stats.html (accessed September 2008).