Exploration of Email Spam, with a Focus on its Effects and Mitigation in Saudi Arabia

Author: Hasan Alkahtani

Alkahtani, Hasan, 2015 Exploration of Email Spam, with a Focus on its Effects and Mitigation in Saudi Arabia, Flinders University, School of Computer Science, Engineering and Mathematics

This electronic version is made publicly available by Flinders University in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. This thesis may incorporate third party material which has been used by the author pursuant to Fair Dealing exceptions. If you are the owner of any included third party copyright material and/or you believe that any material has been made available without permission of the copyright owner please contact copyright@flinders.edu.au with the details.

Abstract

Email spam is an international issue that has caused many challenges in different countries. In Saudi Arabia, the volume of email spam is high compared to other countries. This research investigated the nature of email spam in Saudi Arabia and the awareness of email users about it and efforts to combat it; and provided suggestions for strategies mitigate it. The study was conducted among three groups in Saudi Arabia: public users, businesses and ISPs. This research adopted a quantitative approach, using self-administrated questionnaires to collect data. In this descriptive and cross-sectional study, data was collected to answer the research questions from February 2011 to July 2011. Multiple cluster random sampling was used to select public users and businesses, and convenience sampling was used to select ISPs. A total of 1,500 public users from universities, schools, hospitals, and government departments, and 300 businesses were selected randomly from five regions; and all 27 ISPs. The validity of the questionnaires was examined through a pilot study. During data collection, public users, businesses and ISPs were asked to forward Arabic and English email spam that they received in their email inboxes (i.e. email spam that was bypassed anti-spam filters) to a specific email address created for the purpose of this research. An email spam corpora was collected to investigate the tricks used in the Arabic and English spam to bypass filters, affecting their effectiveness. A total of 1,270 email SPAMs were analysed: 1,035 Arabic, 179 English, and 56 mixed Arabic and English spam. A taxonomy of email spam filters (mostly developed to detect English spam) was constructed to develop methods to counter the tricks used in Arabic spam. Using a phenetics approach, filters were classified according to similarity between the methods used to detect spam. Statistical tests such as chi-square and independent-samples t-test were used to analyse the data. Email users in Saudi Arabia had limited awareness of spam and ways to combat it, although a large portion of them were well-educated professionals. ISPs, businesses and public users believed that most of the spam was written in English, followed by a large minority in Arabic. The most common types of Arabic spam were related to forums, and religion and politics; and most English spam was pornographic, and phishing and fraud emails. Saudi Arabia was the greatest source of Arabic spam; whereas most of the English spam was sent from non-Arabic countries. ISPs indicated that anti-spam filters were not completely effective, and these filters performed better in detecting English spam than Arabic spam. The highest percentage of Arabic spam originated from Saudi Arabia. Different tricks were used in Arabic and English spam to bypass the filters. More Arabic than English spam included attractive words in the subject line, contained an image in the body of the message, and was sent by obfuscated or fake email addresses. Malicious contents (e.g. viruses) appeared more often in English spam than Arabic spam. The greatest effect of email spam on the performance of public users and organisations in Saudi Arabia was reduced productivity, which can affect the country’s economic growth. More work is needed to combat spam in Saudi Arabia. Recommended strategies for government and ISPs to reduce its effects in Saudi Arabia are: adopt an agreed definition; enact culturally fit anti-spam laws; investigate effective ways to educate email users; and refine and develop more effective filters, especially for Arabic spam.

Keywords: Email, Spam, Arabic, English, Saudi Arabia
Subject: Computer Science thesis

Thesis type: Doctor of Philosophy
Completed: 2015
School: School of Computer Science, Engineering and Mathematics
Supervisor: Dr. Robert Goodwin