Tuesday, December 18, 2012

Hashing Web Services for Spam Detection

For many web services, it is necessary to provide your email address as well as other related personal information, such as your name or date of birth. The problem with this is that you have no idea what they do with your information.

One approach that several people use is to put in false information, which sidesteps the privacy issue. Still, for several web services an email address is still required, if only to provide an authentication link to verify your account. A secondary email address dedicated for such purposes is often used.

It is possible to detect the origin of the spam by clever selection of the personal details provided. For example, when prompted to provide a name or user name, the title or address of the web service can be used instead. Thus, when the information is sold and used to address spam to you, the name the spam mail identifies you by can be used to determine the source.

Similarly, more complex hashing schemes can be used to encode such identifier information into birth dates.

No comments: