Internet Safety Microsoft’s Anti-SPAM Strategy and Initiatives Meng-Chow Kang, CISSP, CISA Chief Security & Privacy Advisor Microsoft Asia Pacific Anti-SPAM.

Slides:



Advertisements
Similar presentations
Eloqua Providing Industry-Leading Management Tools.
Advertisements

Basic Communication on the Internet:
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Sender ID Drafts Jim Lyon Microsoft Corporation 4 August 2004.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
Lisa Farmer, Cedo Vicente, Eric Ahlm
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Security Jonathan Calazan December 12, 2005.
Sender policy framework. Note: is a good reference source for SPFhttp://
© Copyright MX Logic, Inc. All rights reserved. 1 Strictly Confidential MX LOGIC CORPORATE OVERVIEW MARCH 2005.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Guide to Operating System Security Chapter 10 Security.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Spam Sonia Jahid University of Illinois Fall 2007.
SIM334. Internet Comprehensive Protection Multi-Engine Antivirus and Multi layered continuously evolving Anti-spam In the Leader’s quadrant in the.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
SIM309. Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving –borne viruses.
© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.
1 The Business Case for DomainKeys Identified Mail.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Mail Services.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Wireless and Security CSCI 5857: Encoding and Encryption.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
CH2 System models.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .
Module 6 Planning and Deploying Messaging Security.
A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Responsible Submitter An SMTP Service Extension IETF 60 San Diego, CA Harry Katz Microsoft Corp. 8/4/2004.
Module 12 Integrating Exchange Server 2010 with Other Messaging Systems.
Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.
“SaaS secure web and gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.
LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Exchange Server 2003 SP2 Krittiya Eamsiri - Product Marketing Manager Smith Mangmeetakun - Technology Specialist Microsoft (Thailand) Limited.
SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.
Security fundamentals Topic 9 Securing internet messaging.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Sender policy framework. Note: is a good reference source for SPFhttp://
CITA 310 Section 6 Providing Services (Textbook Chapter 8)
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.
sender policy framework
BUILD SECURE PRODUCTS AND SERVICES
Sender ID: An Overview for Registrars ICANN Vancouver December 1, 2005
TMG Client Protection 6NPS – Session 7.
draft-lemonade-imap-submit-01.txt “Forward without Download”
Module 4 System and Application Security
Slides Credit: Sogand Sadrhaghighi
Presentation transcript:

Internet Safety Microsoft’s Anti-SPAM Strategy and Initiatives Meng-Chow Kang, CISSP, CISA Chief Security & Privacy Advisor Microsoft Asia Pacific Anti-SPAM Strategies – The Way Forward ASEAN Telecommunications Regulatory Council (ATRC) May 3-4, 2005, Cyberjaya, Malaysia

Evolving SPAM Attacks VirusWorm Scams Spyware Trojans Identity Theft Identity Theft Data Leakage/Theft Data Leakage/Theft DDoS Extortion DDoS Extortion Frauds Frauds Software Piracy Software Piracy Illegal Downloads Illegal Downloads

Education & Enablement Industry Collaboration & Partnerships Govt Partnerships Strong Laws Strong Laws & Enforcement & Enforcement user Prevention Agents Attack detection Sender reputation Outbound filtering Proof: Identity & Evidence “Sender ID” Computational Cycles Certificates Sender Safelists Protection Filters SmartScreen At gateway, server & desktop Update Service Microsoft Anti-Spam Strategy

Technology Strategy Build an integrated, distributed system of inter- connected countermeasures Target key choke points Proof, Prevention and Protection Prevent before it happens Protect against attacks Proof of identity and evidence A foundation based on authentication, accreditation and reputation

Content Filtering Major improvements in last year Major improvements in last year Catch rates ~90% Catch rates ~90% False positive problem persists False positive problem persists Why Authentication? Sender Reputation IP-based reputation IP-based reputation Domain-based reputation * Domain-based reputation * Feedback to help senders improve * Feedback to help senders improve * Sender Practices Port 25 blocking Port 25 blocking Rate limiting Rate limiting Publish SPF record Publish SPF record Digital signatures Digital signatures Proof of work Proof of work * Requires sender authentication

Sender ID Framework An Emerging Standard A merger and refinement of proposals SPF (Sender Policy Framework) Microsoft Caller ID for IETF MARID working group feedback Industry collaboration including AOL, Bell Canada, Cisco, Comcast, IBM, Interland, Port25, Sendmail, Symantec, Tumbleweed, VeriSign…. Service Providers Coalition, Opengroup Messaging Forum, TRUSTe…. A first step and on a fast track….

Design Goals & Tradeoffs Protection Senders can take immediate steps to protect their brand & domain names Accountability Senders can be held accountable for mail they send Ease of adoption No software changes required for most senders Openly published specification that can be broadly adopted Scalability From small businesses to largest ISPs Non-Goals Silver bullet for spam & phishing Solve all authentication problems Zero cost

What Is Sender ID? A framework of technical specifications Sender ID Framework All Mail Senders MTA Vendors & Receiving ReceivingNetworks SPF Record Purported Responsible Address (PRA) Check Submitter SMTP Optimization MAIL FROM Check

One time: Publish SDIF record in DNS using SPF text format One time: Publish SDIF record in DNS using SPF text format No other changes required No other changes required sent as normal sent as normal Determine which domain to check; PRA or MAIL FROM Determine which domain to check; PRA or MAIL FROM Look up sender’s SPF record in DNS Look up sender’s SPF record in DNS Compare connecting IP address to authorized list from SPF record Compare connecting IP address to authorized list from SPF record Match  positive filter input Match  positive filter input No match  negative filter input No match  negative filter input Message transits one or more servers en route to receiver Message transits one or more servers en route to receiver How Does Sender ID Work?

PRA and Mail From Checks PRA MAIL FROM Derived from RFC2822 message headers Resent-Sender, Resent-From, Sender, From Identity most often seen by users RFC2821 “bounce” address Helps reduce phishing Easier adoption for forwarders Helps reduce “joe jobs” Checking can begin before message data is received Headers can be spoofed Headers must be received and parsed Headers seen by users are not validated More difficult for forwarders

Interpreting the Results Range of actions based on check results: Accept message Reject message Use result as input into spam filters Indicate result to end users “Pass” does not mean “good mail” Sender could be a spammer with a domain Increasing adoption will enable stricter tests Domains with no Sender ID records will have their mail subject to increased scrutiny Increase weighting in filtering algorithms

Sample SPF Records example.com TXT “v=spf1 -all” This domain never sends mail example.com TXT “v=spf1 mx -all” Inbound servers also send outbound mail example.com TXT “v=spf1 ip4: /24 –all” Specify an IP range example.com TXT “v=spf1 mx include:myesp.com –all” Outsourced service example.com TXT “spf2.0/pra ip4: /24 –all” Different configuration for PRA checking

SPF Record Wizard

Implementation Considerations Senders Administrative (immediate): Publish DNS records identifying authorized outbound servers On-going maintenance of same Coordination of marketing initiatives No hard costs or technical overhead Receivers Software (near term): Upgrade inbound gateway servers to perform Sender ID checks Software (optional - medium-long term): Upgrade client software to display results of Sender ID check “Intermediaries” (forwarders, lists, etc.) Software (near term): Upgrade outbound servers to identify their own domains in messages

Sender ID Supports

Outcome Over 1 million domain have published their records 19.5% of volume, after IP blocking and BM Over 16% of the domains sending to Hotmail Top sending domains records are cached Internal tests and “training” since Nov 2004 Heuristics integrated into SmartScreen & User feedback loop Live worldwide implementation since Jan 2005 Transparent to the user ~14.5% of mail rated “good” passes Sender ID check* ~3.9% of mail rated “spam” passes Sender ID check* ~15.7% of mail fails Sender ID check No match, no PRA, nonexistent domain * Source: Participants in Hotmail Feedback Loop, as of 4/25/2005

Hotmail Sender ID Verification

Benefits of Sender ID Protect senders’ brand and domain names from spoofing and phishing Rapid adoption Senders can publish SPF records today Most senders require no software upgrades A foundation for the reliable use of domain names in accreditation, reputation systems & safe lists Receivers validate the origin of mail Input into more aggressive spam filtering with reduced false positives The first step industry will need to take together – there will be more to come including signing solutions

Sender ID Framework Sender ID Framework Proof, Protection & Prevention Signing Solutions Computational Cycles / Challenges Today 3 years + Microsoft Smart Screen TM – Hotmail, Exchange & Outlook Accreditation / Reputation – Safelist / Bonded Sender Industry Accountability - Port 25 / Open proxy / Zombie Detection….. Phishing URL detection / mail / browsers

Take Aways No silver bullet Blended evolving threats Nailing one problem may help or expose others “Takes a village” Cooperation & collaboration Multiple players in the ecosystem Will take time New freeways do not happen overnight

Summary All senders and domains should publish their SPF records today Microsoft will initiate checking by year-end Network administrators should contact ISP/MTA Vendors for Sender ID Framework integration Resourceshttp:// Specs, resources, record wizard

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Appendix Sender ID Scenarios Direct Delivery List Server Mobile Carrier Guest Service

Mail Delivery Scenarios What Must Senders Do? Direct Delivery List Server Mobile Carrier Guest Service Forwarder List Server Forwarder SenderAgentRecip.Agent SenderAgent Recip.Agent

Direct Delivery Publish outbound server records in DNS using the SPF format Optional: Transmit SUBMITTER parameter on MAIL command

S: 220 woodgrove.com ESMTP server ready C: EHLO example.com S: 250-woodgrove.com S: 250-DSN S: 250-AUTH S: 250-SUBMITTER S: 250 SIZE C: MAIL FROM: S: 250 sender ok C: RCPT TO: S: 250 recipient ok C: DATA S: 354 okay, send message C: From: C: (message body goes here) C:. S: 250 message accepted C: QUIT S: 221 goodbye Direct Delivery SUBMITTER extension advertised in EHLO response RFC2821 MAIL FROM = RFC2822 From

Mailing List  Publish outbound server records in DNS  Ensure “list-owner” style address is present in the message E.g. Sender: Vast majority of mailing list servers do this today  Optional: Transmit SUBMITTER parameter on MAIL command ListServer

Mailing List S: 220 woodgrove.com ESMTP server ready C: EHLO listexample.com S: 250-woodgrove.com S: 250-SUBMITTER S: 250 SIZE C: MAIL FROM: S: 250 sender ok C: RCPT TO: S: 250 recipient ok C: DATA S: 354 okay, send message C: Received By:... C: From: C: Sender: C: To: C: (message body goes here) C:. S: 250 message accepted C: QUIT S: 221 goodbye SUBMITTER extension advertised in EHLO response SUBMITTER parameter added to MAIL command Sender header added to message

Mail Forwarder 1.Publish outbound server records in DNS 2.Ensure forwarding address is present in the message E.g. Resent-From: 3.Optional: Transmit SUBMITTER parameter on MAIL command indicating forwarding address MailForwarder

S: 220 woodgrove.com ESMTP server ready C: EHLO alumni.almamater.edu S: 250-woodgrove.com S: 250-DSN S: 250-AUTH S: 250-SUBMITTER S: 250 SIZE C: MAIL FROM: S: 250 sender ok C: RCPT TO: S: 250 recipient ok C: DATA S: 354 okay, send message C: Resent-From: C: Received By:... C: (message body goes here) C:. S: 250 message accepted C: QUIT S: 221 goodbye Mail Forwarder SUBMITTER extension advertised in EHLO response SUBMITTER parameter added to MAIL command Resent-From header added to message

user with enabled client composes and sends message Computational puzzle is solved taking up to 20 seconds Solution is attached to the message Receiver confirms the puzzle solved correctly If yes, the mail is delivered If not, the message is flagged Message is sent Transits through Sender’s server Transits through Recipients server

Sample fill color PowerPoint Guidelines Font, size, and color for text have been formatted for you in the Slide Master Use the color palette shown below See next slide for additional guidelines

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.