Exploration of Email Spam, with a Focus on its Effects and Mitigation in Saudi Arabia

Author: Hasan Alkahtani

Alkahtani, Hasan, 2015 Exploration of Email Spam, with a Focus on its Effects and Mitigation in Saudi Arabia, Flinders University, School of Computer Science, Engineering and Mathematics

This electronic version is made publicly available by Flinders University in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. This thesis may incorporate third party material which has been used by the author pursuant to Fair Dealing exceptions. If you are the owner of any included third party copyright material and/or you believe that any material has been made available without permission of the copyright owner please contact copyright@flinders.edu.au with the details.

Abstract

Email spam is an international issue that has caused many challenges in different

countries. In Saudi Arabia, the volume of email spam is high compared to other

countries. This research investigated the nature of email spam in Saudi Arabia and

the awareness of email users about it and efforts to combat it; and provided

suggestions for strategies mitigate it. The study was conducted among three groups

in Saudi Arabia: public users, businesses and ISPs.

This research adopted a quantitative approach, using self-administrated

questionnaires to collect data. In this descriptive and cross-sectional study, data was

collected to answer the research questions from February 2011 to July 2011.

Multiple cluster random sampling was used to select public users and businesses, and

convenience sampling was used to select ISPs. A total of 1,500 public users from

universities, schools, hospitals, and government departments, and 300 businesses

were selected randomly from five regions; and all 27 ISPs. The validity of the

questionnaires was examined through a pilot study.

During data collection, public users, businesses and ISPs were asked to forward

Arabic and English email spam that they received in their email inboxes (i.e. email

spam that was bypassed anti-spam filters) to a specific email address created for the

purpose of this research. An email spam corpora was collected to investigate the

tricks used in the Arabic and English spam to bypass filters, affecting their

effectiveness. A total of 1,270 email SPAMs were analysed: 1,035 Arabic, 179

English, and 56 mixed Arabic and English spam. A taxonomy of email spam filters

(mostly developed to detect English spam) was constructed to develop methods to

counter the tricks used in Arabic spam. Using a phenetics approach, filters were

classified according to similarity between the methods used to detect spam.

Statistical tests such as chi-square and independent-samples t-test were used to

analyse the data.

Email users in Saudi Arabia had limited awareness of spam and ways to combat it,

although a large portion of them were well-educated professionals. ISPs, businesses

and public users believed that most of the spam was written in English, followed by

a large minority in Arabic. The most common types of Arabic spam were related to

forums, and religion and politics; and most English spam was pornographic, and

phishing and fraud emails. Saudi Arabia was the greatest source of Arabic spam;

whereas most of the English spam was sent from non-Arabic countries.

ISPs indicated that anti-spam filters were not completely effective, and these filters

performed better in detecting English spam than Arabic spam. The highest

percentage of Arabic spam originated from Saudi Arabia. Different tricks were used

in Arabic and English spam to bypass the filters. More Arabic than English spam

included attractive words in the subject line, contained an image in the body of the

message, and was sent by obfuscated or fake email addresses. Malicious contents

(e.g. viruses) appeared more often in English spam than Arabic spam.

The greatest effect of email spam on the performance of public users and

organisations in Saudi Arabia was reduced productivity, which can affect the

country’s economic growth.

More work is needed to combat spam in Saudi Arabia. Recommended strategies for

government and ISPs to reduce its effects in Saudi Arabia are: adopt an agreed

definition; enact culturally fit anti-spam laws; investigate effective ways to educate

email users; and refine and develop more effective filters, especially for Arabic

spam.

Keywords: Email, Spam, Arabic, English, Saudi Arabia

Subject: Computer Science thesis

Thesis type: Doctor of Philosophy
Completed: 2015
School: School of Computer Science, Engineering and Mathematics
Supervisor: Dr. Robert Goodwin