1 Fighting Spam at AOL: Lessons Learned and Issues Raised Carl Hutzler Director of Anti-Spam Operations America Online, Inc. 12/9/2005.

Slides:



Advertisements
Similar presentations
1 Eloqua Providing Industry-Leading Management Tools May 2009.
Advertisements

Eloqua Providing Industry-Leading Management Tools.
Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001 United Kingdom Education & Research Networking Association.
IP Warming Overview and Implementation Using Eloqua.
© 2012 Eloqua, Inc. Confidential 1 Deliverability and IP Warming Overview and Implementation Using Eloqua.
Basic Communication on the Internet:
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Using Traffic Analysis to Detect Spam Richard Clayton TERENA, Lyngby, 22 nd May 2007.
Methods for Stopping Spam James Lick
Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
Copyright 2012 Trend Micro Inc. Raimund Genes, CTO Innovation In Cloud Security.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
Fighting Spam Randy Appleton Northern Michigan University
Office 365 SMTP Relay June Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Spam Sonia Jahid University of Illinois Fall 2007.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.
Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.
CT NIKHEF Nov Mail NIKHEF CT system support.
IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Copyright © 2000, ZipLink Inc. Patent Pending 1 Mail Message Metering or, how to block outbound spam Robert D. Haskins.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.
Sending Mark Kruger Coldfusionmuse.com Cfwebtools.com.
1 The Business Case for DomainKeys Identified Mail.
Combating Abuse Brian Nisbet NOC Manager HEAnet.
Unit 9 Communication Services
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Reporting Phishing Incidents Heather Kimley June 13, 2012.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
(or ?) Short for Electronic Mail The transmission of messages over networks.
The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .
Using Traffic Shaping to Combat Spam David Cawley, Senior Engineer December 12th, 2007.
Small Business Resource Power Point Series How to Avoid Your Marketing Messages Being Labelled as Spam.
1 Dr. David MacQuigg, President Open-mail.org Stopping Abuse – An Engineer’s Perspective University of Arizona ECE 596c August 2006.
Online Faxing Send & receive faxes from anywhere..
| imodules.com Marketing Renovation Andrea Ganier and Josh Bourdon.
A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking
Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.
Module 2: Overview of IIS 7.0 Application Server.
Deliverability Making it to the inbox
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
1 Information Systems 2/26/03 Tom Coppeto Mark Silis MIT Mail System Update 26 February 2003.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
Draft-lemonade-imap-submit-00.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.
[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.
PHP Scripts Mall provided Advanced SMTP Server, it is very fast and deliver s multiple recipients. Using Our SMTP Server you can send 1,00,000.
An Effective Defense Against Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.
Deliverability and IP Warming
Internet Business Associate v2.0
draft-lemonade-imap-submit-01.txt “Forward without Download”
Fix Thunderbird Error 5.7.1 Call Toll-free
Fix AOL Mail Error Code 554 Call for Help
What is it? Why do I keep getting from Barracuda? SPAM.
Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.
Dark Arts of Deliverability
Presentation transcript:

1 Fighting Spam at AOL: Lessons Learned and Issues Raised Carl Hutzler Director of Anti-Spam Operations America Online, Inc. 12/9/2005

2 Agenda Identity Technologies Forwarding Service Provider Best Practices

3 What do Identity Technologies Do? They provide some assurances that a domain is being used with permission –Citibank can control the use of their domain, but cit1bank.com will still be abused –Bounces can be analyzed to see if they are legitimate –Information can be analyzed on the responsible domain owners and their reputation/accreditation But remember, identity technologies do not stop spammers! –They only force spammers into other behaviors, many of which are better for enforcement and controls. –But without message providers doing their part to use these technologies wisely, we will be no better off.

4 AOL is a Crystal Ball Bulk Mailers on AOL’s whitelist comprise % of our daily volume but only 5-10% of complaints. >80% of AOL’s spam problem comes from other provider’s main outbound MTAs and compromised web servers (CGI scripts) AOL began seeing this shift in Sept 2003 The rest of the internet is beginning to see this now… –“We're the biggest spammer on the Internet," network engineer Sean Lutner, Comcast - source CNET.com, May 24, 2004 Report from 9/14/ hotmail.com x-mailer.co.uk shawcable.com concentric.net cnchost.com zero.ou.edu mail.atl.earthlink.net grp.scd.yahoo.com ucla.edu oemgrp.com mail.cornell.edu dejazzd.com mta01.tie.cl mrf.mail.rcn.net urbanhomesecurity.com mail.pas.earthlink.net smtp.nextra.cz mail.yahoo.com Note1: Greyed domains have very low spam penetration due to very large number of s sent which counters the total complaint statistic. Note2: Italic domains were whitelisted and subsequently blocked for spamming.

5 All spam will eventually come from Message Provider Networks Hacker/Spammer MyDoom’d ZOMBIE PC on DSL.NET mx.aol.com BLOCK outbound1.dsl.net For example: AOL, BlackLists, and other organizations are getting really fast at blocking zombie machines BUT… The machines do not get un-infected No SMTP AUTH Most ISPs “trust” internal networks No Outbound Spam controls No Rate controls Results? ISP mail servers act as forwarding MTAs for a network of open relay Zombie machines

6 Will SenderID, SPF, DomainKeys, etc stop spam? Simple answer, NO. Complex answer, NO. Why? –Most AOL spam obeys sender identity technologies TODAY! –Spammers send through the local MTA and use the local ISP’s domain as the FROM/Sender Identity Technologies can allow blacklists/whitelists to work from DOMAINs instead of IP addresses –Good from a not blocking innocents by IP address standpoint –Reputation/Accreditation systems will be key to success of Identity technologies –Without SMTP Authentication, we are only validating the DOMAIN and not the USER portion of the address Bottom Line: If ISPs don’t get smart soon and control the sources of spam on their networks, the reputation for their domain (e.g., comcast.net) will be so poor that they will not have connectivity to other ISPs

7 Forwarding

8 Forwarding Spam to AOL Customers AOL can only trust the IP address of the client MTA that connects to an AOL server –No other headers can be trusted as they are all forgeable –This is why internet whitelist/blacklists are all done by IP address. AOL has no way to no that a message is simply a forwarded –Does this even matter?

9 So what happens when a University FORWARDS Spam? Generally, if AOL gets enough complaints from our members, we block or temp fail the IP address Is this the members fault? –No, as there is nothing in the that shows it is from their forwarded account –AOL members do not read headers, nor should they be expected to.

10 Possible Solutions? Dedicate an IP address to handle forwarded mail and tell AOL about it. Do better spam filtering inbound to your network. Spam filter the outbound traffic and insert a spamassassin x- header that identifies a message as spam. AOL will spam folder it. Change the headers of forwarded mail to identify the situation to final recipient. –From: –Subject: [FORWARD] Original Subject –ReplyTo: Bottom Line: Forwarding spam to someone’s inbox innocently or intentionally still creates a bad experience for the final recipient. Port25 is your responsibility.

11 Mail Service Provider Best Practices

12 Message Provider Code of Conduct: Take Responsibility for outbound Port 25 ISPs must take full responsibility for all traffic/messages emanating from their network on port25. –Port25 traffic is always Unauthenticated traffic and as such must be accepted by server MTAs. –Abuse issues are always the responsibility of the sending/client MTA

13 How does a Message Provider like AOL control outbound port25 traffic? Hijack all direct port25 connections from dynamic IP space to other ISP mail servers and process it for viruses/spam. –Other providers block port 25 –Still others use a mail proxy to detect SMTP authentication credentials and only allow authenticated SMTP traffic on port25 –Some simply rate limit how much a single IP can send if their IP space is rather static or they can tie an IP to a customer account Rate limit all customers through outbound, authenticated MTAs. Rate limits per hour and per day work well. Monitor complaints about customers via the SCOMP Feedback Loop system URL blocking for known spammer URLs Secure accounts that are spamming - thousands daily

14 Summary: What technologies will stop spam? ISPs and Network Providers “waking up” and working together to cut off the spammer’s oxygen supply: –Spammers need connectivity –Spammers need large numbers of high throughput IP addresses So what is the formula for success? –ISPs should monitor their networks for sources of spam LEAVING their network Port25 is always the responsibility of the originating ISP Shift some of the resources from inbound filtering to OUTBOUND Controls –Enforce strong authentication to authorize use of an ISPs MTAs –Monitor customer sending patterns like a credit company monitors “fraudulent charges” –Monitor/Sign-up to receive complaints from AOL and other sources (spamcop, etc) –Remove sources of spam within minutes (Zombie machines, insecure CGI scripts, bad customers, etc)

15 Thank you! For more information, contact Carl Hutzler: Delivery issues to AOL? –See if your network is a source of spam Click on the “Feedback Loop” Button –Contact the AOL Postmaster 24x

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.