Justin Mason, SpamAssassin Project & Deersoft

Slides:

Advertisements

Similar presentations

Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.

Advertisements

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

Internet – Part I. What is Internet? Internet is a global computer network of inter-connected networks.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

© 2012 Eloqua, Inc. Confidential 1 Deliverability and IP Warming Overview and Implementation Using Eloqua.

Basic Communication on the Internet:

Karam al-sofy & Faten alhasan. Overview HMailServer is an server for Microsoft Windows. It allows you to handle all your yourself without.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Fighting spam: the thin grey line Alun Jones,

Spam Edward W. Felten Dept. of Computer Science Princeton University.

Dealing With Spam The kind, not the Food product.

Methods for Stopping Spam James Lick

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Fundamentals of Electronic Mail From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Advantages.

Guide to Operating System Security Chapter 10 Security.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Spam Sonia Jahid University of Illinois Fall 2007.

Fighting Spam Enterprise Spam Filtering Using Open Source Tools.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

CT NIKHEF Nov Mail NIKHEF CT system support.

September 16, 2009 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

Filtering with Open Source Software OLUG – June 7, 2005.

Anti-Spam & Anti-Virus WiscMail Implementation University of Wisconsin - Madison CSG Workshop September 21, 2004.

Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Final Lab - Spam Group 10: Scott Durr Stephen Thompson.

INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

Department of Computer Sciences The University of Texas at Austin Zmail : Zero-Sum Free Market Control of Spam Benjamin J. Kuipers, Alex X. Liu, Aashin.

(or ?) Short for Electronic Mail The transmission of messages over networks.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

A Technical Approach to Minimizing Spam Mallory J. Paine.

Filtering Mail with Mail::Audit and Mail::SpamAssassin Creede Lambard penguinsinthenight.com 20 August 2002.

SpamAssassin Filter Rodney Weakly April 26, 2006.

Spam Solutions Group 7 Leo Leung Peter Gorzkowski Seema Yadav Tobby Mathew You’ve Got Mail!

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.

SpamAssassin An Introduction PacNOG I Workshop June 20, 2005 Nadi, Fiji Hervey Allen.

Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.

Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.

1 Figure 9-6: Security Technology  Clients and Mail Servers (Figure 9-7) Mail server software: Sendmail on UNIX, Microsoft Exchange,

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

Security fundamentals Topic 9 Securing internet messaging.

Linux Operations and Administration Chapter Twelve Configuring a Mail Server.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010.

28th March 2003 SPAM Presenter: Matthew Sullivan.

TMG Client Protection 6NPS – Session 7.

Internet Networking recitation #12

HmailServer Karam al-sofy & Faten alhasan.

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Presentation transcript:

Justin Mason, SpamAssassin Project & Deersoft Filtering Spam With Justin Mason, SpamAssassin Project & Deersoft http://SpamAssassin.org/

What Is Spam? Best description: "Unsolicited Bulk E-mail" In human terms: bulk e-mail you didn't want, and didn't ask for Mailing lists, newsletters, "latest offers": not spam, if you asked for them in the first place Name courtesy of Monty Python: “spam, spam, spam and spam”

Why Bother Filtering Spam? Seems to be about 30% to 60% of mail traffic, and increasing Users are forced to waste time wading through their inbox costs their employers money Impossible to unsubscribe “unsubscribe” addresses work only 37% of the time, according to the FTC Legal retaliation not possible, yet Just plain irritating!

Spam Volume Is Increasing (data from Brightmail.com)

Filtering: Homebrew Blacklists First round of "spam filters": internal blacklists, maintained by in-house admin staff Match addresses, and delete those from known spammers Later, match "bad words" (Viagra, porn) Quite hard to configure; centralised; lots of work to keep up to date

Filtering: DNS Blacklists Identify spam source computers by IP address Allow mail system to look up a public database on the internet as mail arrives Block the message, if its sender's address is blacklisted Now at least 20 DNS blacklists, with varying reliability Many false positives eircom.net's main mail server!

SpamAssassin Concepts Zero-configuration where possible Lots of rules to determine if a mail is spam or not "Fuzzy logic": rules are assigned scores, based on our confidence in their accuracy These are combined to produce an overall score for each message If over a user-defined threshold, the mail is judged as spam No one rule, alone, can mark a mail as spam

SpamAssassin Concepts, pt.2 Combines many systems for a "broad-spectrum" approach: Detect forged headers Spam-tool signatures in headers Text keyword scanner in the message body DNS blacklists Razor, DCC (Distributed Checksum Clearinghouse), Pyzor Spammers cannot aim to defeat 1 system; the others will catch them out

Integration Into Mail Systems Wrote SpamAssassin with flexibility of integration in mind Many have been written: Integration into Mail Transfer Agents (sendmail, qmail, Exim, Postfix, Microsoft Exchange) Integration into virus-scanner MTA plug-ins (MIMEDefang, amavisd-new) IMAP/POP proxies and clients Commercial plug-ins for Windows clients (Eudora, MS Outlook) And many more I don't know about!

Accuracy and False Positives The big issue with filtering to date: not just “how much spam does it catch?” but “how many legitimate mails get caught, too?” Many systems do not pay attention to this problem Some blacklists even use "false positives" as a weapon against service providers selling to spammers FPs are much worse than spam getting through much more inconvenient to user

Evolving a Better Filter SpamAssassin assigns scores using a genetic algorithm Given a big collection of human-classified mail, determine what tests each mail triggers Use this to "evolve" an efficient score set Exactly the kind of problem a genetic algorithm is good at Allows "shotgun" rules to be scored low, where they cannot do damage

False Positive Rate SpamAssassin is 98.5% accurate on our test corpora, with default settings 0.6% false positives 91% of all spam caught correctly with network tests on, spam hit-rate probably increases to about 93-95% Highest rate available among present tools Tunable by the user -- reduce FPs by increasing the threshold, ditto vice-versa

Effect of the Threshold Setting

What To Do When You've Caught It Since classifiers are imperfect, blind deletion is bad Better to mark the mails, and allow user to check over them infrequently Also good to mark for legal reasons In the UK, it may be illegal to hold mail (even spam) for more than 3 days

Features For Large-Scale Use: "spamd" Client-server interface to SpamAssassin Pre-loads, so much faster for high volumes Can load user preferences from an SQL database Can load-balance -- uses TCP/IP Deployed at several large organisations and ISPs: The Well, Salon.com, Panix, Transmeta, SourceForge, Stanford

Large-Scale Filtering For Your Network Different from filtering for yourself Many users get little spam Should use conservative settings Better to use “opt-out by default” notify that spam filtering is available, and ask them if they want it

How Can Network Administrators Fight Spam? Scan for Open Relays & Proxies on your network Block proxy ports at the firewall Audit web servers for “FormMail” or other insecure web-to-mail scripts Spam traps reporting to network blacklists: Razor, DCC, Pyzor Run SpamAssassin, or SpamAssassin Pro!

How Do The Spammers Feel? Already hurting, according to CBS: “[I’ve gone through] unbelievable hardships [to keep spamming] ... My operating costs have gone up 1,000% this year, just so I can figure out how to get around all these filters” Spam relies on low overheads and extremely cheap delivery Disrupt the equation and they will give up!

Future Directions Learning filters (Bayesian probability etc.) Learn automatically, to detect what "good" mail to your network looks like "Hash-cash" Sending mail currently more-or-less free With hash-cash, each recipient requires CPU time for the sender SpamAssassin can provide "bonus points" for hash-cash users

Fin http://spamassassin.org/ http://www.deersoft.com/ SpamAssassin for UNIX (free software) http://www.deersoft.com/ SpamAssassin Pro: MS Outlook, Exchange (commercial version) (my employers!)