Methods for Stopping Spam James Lick

Slides:

Advertisements

Similar presentations

Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001 United Kingdom Education & Research Networking Association.

Advertisements

Justin Mason, SpamAssassin Project & Deersoft

What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via , text message, online chat, blogs or various other.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Using Traffic Analysis to Detect Spam Richard Clayton TERENA, Lyngby, 22 nd May 2007.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 VMO and SMTP TOI Aaron Belcher.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

Netiquette Rules.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.

COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.

Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Fighting Spam Randy Appleton Northern Michigan University

Sender policy framework. Note: is a good reference source for SPFhttp://

1 Fighting Spam at AOL: Lessons Learned and Issues Raised Carl Hutzler Director of Anti-Spam Operations America Online, Inc. 12/9/2005.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Spam Sonia Jahid University of Illinois Fall 2007.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

September 16, 2009 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

1 RedIRIS Reputation Block List September RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly.

Anti-Spam & Anti-Virus WiscMail Implementation University of Wisconsin - Madison CSG Workshop September 21, 2004.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com.

Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.

Should there be a law that forbids people from sending to thousands of people (spam)? By: Bennett Moss Daniel Hoyt Hizkias Neway Junyu Wang.

Sending Mark Kruger Coldfusionmuse.com Cfwebtools.com.

1 The Business Case for DomainKeys Identified Mail.

Combating Abuse Brian Nisbet NOC Manager HEAnet.

© 2007 Convio, Inc. HOW TO: Best Practices for Sending to Organizations Confidential for use by American Cancer Society and Convio – Copyright ©

Taking Common Action Against Spam Internet Society of China Beijing – 2004 Dave Crocker Brandenburg InternetWorking

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Security and Privacy on the Internet Fall Project1: Security Tools Sam Spade Presentation by Costel Iftimie.

Spam - It’s YOUR Mailbox Costs Top 6 lies of spammers Spam law 101 What your ISP can do to reduce spam What you can do to fight or limit spam –Things not.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.

1 Fighting Comment Spam Employing the site’s audience, coding skills, and free distributed solutions to fight back.

Technology Considerations for Spam Control 3 rd AP Net Abuse Workshop Busan Dave Crocker Brandenburg InternetWorking

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.

Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.

Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

Understanding Microsoft Forefront Online Protection for Exchange Nathan Winters Microsoft Corporation EXL201.

1 Information Systems 2/26/03 Tom Coppeto Mark Silis MIT Mail System Update 26 February 2003.

ISPA’s Antispam Activities Bretton Vine, Future Foundation /

Marketing with Lyris. Agenda Why marketing? best practices Tips for effective messaging Writing good content Things to avoid.

Machine Learning for Spam Filtering 1 Sai Koushik Haddunoori.

Sender policy framework. Note: is a good reference source for SPFhttp://

I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 1 Points of Control UA = User Agent MTA = Message Transfer Agent o =originator.

The problem of spam from IPv6. Modern filters.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Don’t click on that! Kevin Hill.  Spam: Unwanted commercial ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged.

28th March 2003 SPAM Presenter: Matthew Sullivan.

Deliverability and IP Warming

sender policy framework

Unit 4 IT Security.

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Presentation transcript:

Methods for Stopping Spam James Lick

The Problem AOL blocks 780,000,000 spams each day (Feb 2003) I am sent ~900 spams each day (Jan 2003)

Methods for Stopping Spam ● Security ● Policy Enforcement ● Blocking ● Filtering ● Avoidance

Disclaimer No method will block all spam Every method will sometimes block real mail Spammers always get more aggressive These tools are just a sample Combining tactics works best Blocking/Filtering hides extent of problem

Security ● Make sure you aren't part of the problem ● Check infrastructure and customers: – Open relays – Open proxies – Use of latest security patches ● A lot of spam is sent through security holes ● Notify authorities for extreme cases

Policy Enforcement ● Have a reasonable AUP ● Have users agree to it (legal contract) ● Enforce it! – This is a contract, lack of spam law is no excuse – Don't give second chances too easily ● Respond to complaints

Policy Enforcement (cont) ● If you get a reputation of soft on spam: – You will get more spamming customers! – Your mail will be blocked more and more – You lose customers – You go out of business ● The earlier you address problems, the easier it is to solve ● Policy enforcement is an ongoing responsibility

Blocking ● Bad sender address ● Spam Source lists ● Open Relay lists ● Open Proxy lists ● Dialup/Dynamic IP lists ● Other ● Local blocks

Bad sender ● Most spam is sent with forged sender ● Look up sender domain – Reject message if it doesn't exist – Defer message if lookup fails ● Supported by most mail servers ● Default in modern sendmail ● You can also check sending hostname, but this is not reliable as spam sign

Spam Source lists ● Lists IP addresses which belong to spammers ● MAPS RBL ( ● Spamhaus BL ( ● Sometimes widens block to whole networks, but usually in extreme cases

Open Relay lists ● Blocks mail from old servers which allow anyone to send mail through them ● MAPS RSS ( ● ORDB ( ● Can block real mail from insecure sites ● Sometimes listings are based on old information

Open Proxy lists ● Blocks mail from insecure open proxies ● OPM ( ● Usually doesn't block any real mail ● Most lists incomplete – finding open proxies is hard

Dialup/Dynamic IP lists ● Blocks direct mail from dialups and dynamic IP addresses ● Be sure to whitelist your own customers! ● Dynamic clients should use ISP mail server to send mail ● SMTP MSP can be used to send mail remotely safely ● Usually does not block real mail

Dialup/Dynamic IP lists (cont) ● MAPS DUL ( ● PDL ( ● Dynablock (basic.wirehub.nl/dynablocker.html)

Other ● As spammers get more aggressive, anti-spammers get more aggressive in blocking ● Blocking is often done by: – Any IP sending any spam ever – Countries/regions perceived as soft on spam – Networks perceived as soft on spam – Faulty methods of identifying spam – Other forms of 'spite' listings

Other (cont) ● Most of these methods are not used widely ● As spam problem gets worse, these methods may become more widespread. ● Before using a blocking service – Make sure their policies match your expectation – Make sure it is reputable – Test it out first

Local blocks ● Setup your own local blocks (access_db, local dnsbl) ● Requires diligence and upkeep ● Do it only if you can devote resources to it every day! ● Better yet, get involved with contributing to public blocking lists

Filtering ● Analyze content, not where it came from – Pattern matching – Bulk detection

Pattern Matching ● Spams have common 'spam signs' – Common types of header forgery – Common disclaimers – Common wording of sales pitch – Garbage strings, header style, etc. ● Filters can detect and score based on how many spam signs are in a message

Spam Assassin ( ● Has a set of rules, each with a score ● If a message scores over a threshold, marked as spam ● Can also use bulk detection, blocking lists ● Uses a lot more CPU – Can scale to large mail loads by using a cluster of cheap servers running SA's spamd ● Can be run on a client system too

Spam Assassin 2.50 ● Just out! ● Adds Bayesian filtering ● Bayesian filtering statistically analyzes what content shows up in spam more often than real mail ● For best results, needs training on what is and isn't spam ● SA 2.50 auto-trains based on SA scoring

Bulk Detection ● Razor (razor.sourceforge.net) aka SpamNet ( ● DCC ( ● Reliably detects messages sent in bulk ● Razor designed to detect unsolicited bulk ● Not perfect, sometimes blocks large mailing lists (recently Crypto-Gram)

Avoidance ● Try not to expose addresses – Don't publish user directories – Give users help and tools to do filtering ● Advise users – Use spam filtering software (in addition to ISP) – Don't give out address freely – Use disposable addresses – Change addresses periodically

Q&A Questions Answers Discussion