Spam: Ready, Fire, Aim! APCAUCE / APRICOT Kuala Lumpur – 2004 Dave Crocker Brandenburg InternetWorking APCAUCE / APRICOT Kuala Lumpur – 2004 Dave Crocker.

Slides:



Advertisements
Similar presentations
Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001 United Kingdom Education & Research Networking Association.
Advertisements

Internet Protocols and Innovation John C Klensin John C Klensin and Associates
Basic Communication on the Internet:
Introduction to the Anti-Spam Research Group (ASRG) Presented by Yakov Shafranovich, ASRG Co-chair NIST Spam Technology Workshop Gaithersburg, Maryland,
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
Authentication Approaches Phillip Hallam-Baker VeriSign Inc.
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Using Traffic Analysis to Detect Spam Richard Clayton TERENA, Lyngby, 22 nd May 2007.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Methods for Stopping Spam James Lick
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.
The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) (408)
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
System Aspects of Spam Control Architecture and Operations Issues IBM Academy 6 Apr 2005 Dave Crocker Brandenburg InternetWorking IBM.
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
— Then, Now, and Later Eric Allman Thom O’Connor Sendmail, Inc.
Lecture 11 Reliability and Security in IT infrastructure.
Sender policy framework. Note: is a good reference source for SPFhttp://
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
WE Can Stop the Spam! June 16, 2003 Author: Mr. Jack P. McHugh Presented by: Nidhi Dalwadi.
Internet Ethics. Internet Ethics Cyberspace Cyberspace is like a big city. There are libraries, universities, museums, places to have fun, and plenty.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
GOT SPAM? Spam is the unsolicited or undesired bulk electronic messages. Spam usually contains pornography, viruses, phishing attacks, scams, trojans,
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Combating Abuse Brian Nisbet NOC Manager HEAnet.
Taking Common Action Against Spam Internet Society of China Beijing – 2004 Dave Crocker Brandenburg InternetWorking
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
Department of Computer Sciences The University of Texas at Austin Zmail : Zero-Sum Free Market Control of Spam Benjamin J. Kuipers, Alex X. Liu, Aashin.
Authentications INBOX Authentication Panel San Jose, CA – 2004 Dave Crocker Brandenburg InternetWorking INBOX Authentication Panel San Jose, CA –
The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .
Prohibiting Redirection & Synthesized DNS Responses in Top Level Domains Mar 2010 Kuala Lumpur APTLD Meeting.
Certified Server Validation (CSV) “ An MTA is talking to me directly. Are they OK?” D. Crocker Brandenburg InternetWorking mipassoc.org/csv 10/8/2015 6:36.
A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.
A Technical Approach to Minimizing Spam Mallory J. Paine.
1 Dr. David MacQuigg, President Open-mail.org Stopping Abuse – An Engineer’s Perspective University of Arizona ECE 596c August 2006.
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
Technology Considerations for Spam Control 3 rd AP Net Abuse Workshop Busan Dave Crocker Brandenburg InternetWorking
| imodules.com Marketing Renovation Andrea Ganier and Josh Bourdon.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
SPF/Sender-ID DNS & DDoS Threats Operations Analysis and Research Center for the Internet Douglas Otis November 3, 2007
A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking
Directorate for Food, Agriculture, and Fisheries 1 ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT ORGANISATION DE COOPÉRATION ET DE DEVELOPMENT.
Security Technology Clients and Mail Servers
1 Figure 9-6: Security Technology  Clients and Mail Servers (Figure 9-7) Mail server software: Sendmail on UNIX, Microsoft Exchange,
Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
Topic 5: Basic Security.
Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.
LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
Preserve and Enhance: Balancing Goals for the Internet APRICOT Kuala Lumpur – 2004 Dave Crocker Brandenburg InternetWorking APRICOT Kuala Lumpur – 2004.
The Future of Anti-Spam: A Blueprint for New Internet Abuse Tools Garth Bruen CEO, KnujOn.com LLC MIT Spam Conference.
The Success Failure INBOX Accountability Panel San Jose, CA – 2004 Dave Crocker Brandenburg InternetWorking INBOX Accountability Panel San Jose,
Scalable Trust Community Framework STCF (01/07/2013)
Security fundamentals Topic 9 Securing internet messaging.
Sender policy framework. Note: is a good reference source for SPFhttp://
I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 1 Points of Control UA = User Agent MTA = Message Transfer Agent o =originator.
Role Of Network IDS in Network Perimeter Defense.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Fall 2006CS 395: Computer Security1 Key Management.
CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
sender policy framework
Presentation transcript:

Spam: Ready, Fire, Aim! APCAUCE / APRICOT Kuala Lumpur – 2004 Dave Crocker Brandenburg InternetWorking APCAUCE / APRICOT Kuala Lumpur – 2004 Dave Crocker Brandenburg InternetWorking

2 2 D. CrockerAPCauce/Apricot – KL,2004 Goal and Disclaimer  Spam is complicated and simplistic solutions will be damaging  is more complex than people usually realize  Spam is a social problem  Technical solutions need to follow the social assessment  No single action will eliminate it and nothing will “eliminate” it  After working on for 30 years  I feel a bit proprietary about it  Spam is complicated and simplistic solutions will be damaging  is more complex than people usually realize  Spam is a social problem  Technical solutions need to follow the social assessment  No single action will eliminate it and nothing will “eliminate” it  After working on for 30 years  I feel a bit proprietary about it

3 3 D. CrockerAPCauce/Apricot – KL,2004 What We Will Discuss  The problem  Our reactions to it  Technical environment  Proposals  Making choices  The problem  Our reactions to it  Technical environment  Proposals  Making choices

4 4 D. CrockerAPCauce/Apricot – KL,2004 Setting the Context © 1975(!) Datamation © 1975(!) Datamation This? Oh, this is the display for my electronic junk mail.

5 5 D. CrockerAPCauce/Apricot – KL,2004 We Do Have A Problem!  We do not need to cite statistics now!  It is clear we have a dire problem now!  It is clear the situation is getting worse, quickly  It is like moving from a safe, small town to a big (U.S.) city  Nothing  Nothing has yet reduced global spam!  We do not need to cite statistics now!  It is clear we have a dire problem now!  It is clear the situation is getting worse, quickly  It is like moving from a safe, small town to a big (U.S.) city  Nothing  Nothing has yet reduced global spam!  We must distinguish  Local, transient effects that only move spammers to use different techniques, versus  Global, long-term effects that truly reduce spam at its core

6 6 D. CrockerAPCauce/Apricot – KL,2004 Dangerous Logic  “We have to do something now!” (Ignore any side-effects, or dismiss them as minor.)  “Maybe it’s not perfect… but at least we’re taking some action!”  “What have we got to lose?”  “At least it reduces the problem… for now.”  “We must replace SMTP… even though we don’t know what we want to do  “We can do something in the interim…”  “We have to do something now!” (Ignore any side-effects, or dismiss them as minor.)  “Maybe it’s not perfect… but at least we’re taking some action!”  “What have we got to lose?”  “At least it reduces the problem… for now.”  “We must replace SMTP… even though we don’t know what we want to do  “We can do something in the interim…” “…but this is urgent!!”

7 7 D. CrockerAPCauce/Apricot – KL,2004 Hysteria Also Can Destroy  30 years of experience making Internet changes  Risky, difficult, expensive and slow  Always has unintended consequences (usually bad)  Service providers have highly variable operations  Changes to infrastructure require caution!  Changes need to produce direct benefit  Directly affect key problem or directly improve service  Orchestrated inter-dependent changes do not work  30 years of experience making Internet changes  Risky, difficult, expensive and slow  Always has unintended consequences (usually bad)  Service providers have highly variable operations  Changes to infrastructure require caution!  Changes need to produce direct benefit  Directly affect key problem or directly improve service  Orchestrated inter-dependent changes do not work

8 8 D. CrockerAPCauce/Apricot – KL,2004 Wheel of Spam (Mis)Fortune  Control of spam  Cannot be “surgically” precise  Must balance the wheel  Needs range of partial solutions  Different techniques for near- term vs. long-term, except that near-term never is  Heuristics  Long lists  complicated  Complicated  Be careful! Political Legal Social Human Administration Technical Management Deployment Many Facets

9 9 D. CrockerAPCauce/Apricot – KL,2004 But What Is Spam, Exactly?  Still no pragmatic, community definition!  Unsolicited commercial or bulk  Anything I don’t want  Anything you don’t want me to receive(?)  How can we formulate Internet-wide policies  When we cannot formulate a common, Internet-wide definition?  Still no pragmatic, community definition!  Unsolicited commercial or bulk  Anything I don’t want  Anything you don’t want me to receive(?)  How can we formulate Internet-wide policies  When we cannot formulate a common, Internet-wide definition?  Try a pragmatic approach  Focus on core, identifiable characteristics  Ignore the rest, for now  For example, specify  Type of targeted spam  How it is occurring  How the mechanism will fix the problem  Dependencies, before mechanism will work And why do we still need this slide?

10 D. CrockerAPCauce/Apricot – KL,2004 Different Spammers Different responses  “Accountable” spammers  Legitimate businesses engaging in aggressive marketing  Need formal rules to dictate constraints  “Rogue” spammers  Actively avoid accountability  Likely to always have “safe haven”  Not always seeking money  Need to treat them like virus and worm attackers  “Accountable” spammers  Legitimate businesses engaging in aggressive marketing  Need formal rules to dictate constraints  “Rogue” spammers  Actively avoid accountability  Likely to always have “safe haven”  Not always seeking money  Need to treat them like virus and worm attackers

11 D. CrockerAPCauce/Apricot – KL,2004 is Human Messaging  Richly diverse  Content  Authorship  Sources  Patterns of use  Spontaneous  Serendipitous  Timely  Delay hurts  Richly diverse  Content  Authorship  Sources  Patterns of use  Spontaneous  Serendipitous  Timely  Delay hurts  Do not assume precise  Usage scenarios  Access  Tools  Service operations  Do not penalize legitimate users  Or, at least, keep the pain to a minimum

12 D. CrockerAPCauce/Apricot – KL,2004 Points of Control FilteringFiltering Originator User Agent Origin Mail Transfer Agent External Mail Transfer Agent Receiver User Agent Receive Mail Transfer Agent External Mail Transfer Agent PriceAccountabilityFilteringEnforcementPriceAccountabilityFilteringEnforcement Gory detail:

13 D. CrockerAPCauce/Apricot – KL,2004 Proactive Controls – Prevention  Accountability Content: Sender/author Mail: Sending MTA Access:Sending provider  Access provider controls  Rate-limit  Limit outbound ports (eg, SMTP’s 25)  Redirect through authorized MTA’s  Too intrusive and too much inconvenience for legitimate senders?  Accountability Content: Sender/author Mail: Sending MTA Access:Sending provider  Access provider controls  Rate-limit  Limit outbound ports (eg, SMTP’s 25)  Redirect through authorized MTA’s  Too intrusive and too much inconvenience for legitimate senders?

14 D. CrockerAPCauce/Apricot – KL,2004 Proactive Controls – Prevention Sender pays fee  Charging – Sender pays fee  Some vs. all senders  How much?  Who gets the money? Laws and contracts  Enforcement – Laws and contracts  Scope of control – national boundaries?  Precise, objective, narrow? Sender pays fee  Charging – Sender pays fee  Some vs. all senders  How much?  Who gets the money? Laws and contracts  Enforcement – Laws and contracts  Scope of control – national boundaries?  Precise, objective, narrow?

15 D. CrockerAPCauce/Apricot – KL,2004 LegalLegal  Constituencies in the debate Business providers:Legitimate need Direct marketing:Legitimate need (?) Service providers:Reduce complaints/cost Outraged consumers:Reduce hassles/cost  Core social principles  Careless laws alter society and defeat the goal  Consider complexity of English plug/socket…  Constituencies in the debate Business providers:Legitimate need Direct marketing:Legitimate need (?) Service providers:Reduce complaints/cost Outraged consumers:Reduce hassles/cost  Core social principles  Careless laws alter society and defeat the goal  Consider complexity of English plug/socket…

16 D. CrockerAPCauce/Apricot – KL,2004 AccountabilityAccountability Levels 1.Identity  A label  What the label refers to 2.Authentication  Validate the identity  Who is doing the validation 3.Reputation  Predict behavior, using history & opinion of othersLevels 1.Identity  A label  What the label refers to 2.Authentication  Validate the identity  Who is doing the validation 3.Reputation  Predict behavior, using history & opinion of others Real world systems  Friends, colleagues  Third-party service  Trust the rating service?  Like credit-reporting  Yourself(!)  E.g., pre-authorize receipt, after purchase

17 D. CrockerAPCauce/Apricot – KL,2004 AuthenticationAuthentication Channel chain-of-trust  Trust via each handling entity  SSL/TLS  PPP login  SSH  Works well for point-to- point Channel chain-of-trust  Trust via each handling entity  SSL/TLS  PPP login  SSH  Works well for point-to- point Object origin validation  Message validated  Channel is irrelevant  S/MIME, PGP  Works well for store-and- forward

18 D. CrockerAPCauce/Apricot – KL,2004 Security Models Object Channel Secur MailSecur Secure Mail Mail Mail Mail Mail MTA MTA MTA MTA MTA MTA MTA Secure Secure Secure MTA Secure MTA MTA Secure MTA MTA MTA Secure MTA Secure

19 D. CrockerAPCauce/Apricot – KL,2004 Reactive Controls – Filtering  Detection Source: Good/Bad sender Destination: Honey pot, attracts spammers Content: Advertising, pornography Aggregate traffic:Massive bulk mail flow  Action  Divert, delete or return  Label and deliver  Notify administrator  Detection Source: Good/Bad sender Destination: Honey pot, attracts spammers Content: Advertising, pornography Aggregate traffic:Massive bulk mail flow  Action  Divert, delete or return  Label and deliver  Notify administrator

20 D. CrockerAPCauce/Apricot – KL,2004 Source Information TypeMeaningCurrent Validation MTA IP Net validates address MTA IP SMTP clientNet validates address EHLO Domain DNS match actual IP EHLO Domain SMTP clientDNS match actual IP Provider IP DNS in-addr.arpa Provider IP Site of SMTP clientDNS in-addr.arpa Mail-From None Mail-From Bounces addressNone From None From AuthorNone Sender None Sender Posting agentNone Received None Received Handling sitesNone TypeMeaningCurrent Validation MTA IP Net validates address MTA IP SMTP clientNet validates address EHLO Domain DNS match actual IP EHLO Domain SMTP clientDNS match actual IP Provider IP DNS in-addr.arpa Provider IP Site of SMTP clientDNS in-addr.arpa Mail-From None Mail-From Bounces addressNone From None From AuthorNone Sender None Sender Posting agentNone Received None Received Handling sitesNone

21 D. CrockerAPCauce/Apricot – KL,2004 Proposals – Out of Band  Legal efforts define  Common use of term “Spam”  Requirements when sending classes of mail  Remedies for violations  Administration  Exchange filtering rules  Exchange incident (abuse) reports  Are abuse desks used, useful?  Legal efforts define  Common use of term “Spam”  Requirements when sending classes of mail  Remedies for violations  Administration  Exchange filtering rules  Exchange incident (abuse) reports  Are abuse desks used, useful?

22 D. CrockerAPCauce/Apricot – KL,2004 Proposals – Authentic Channel MTA Registration Presumed-Author  MTA IP registered with  Mail-From domain  EHLO domain  Registration in DNS  New record, or TXT  Simple authentication, versus “policy”  Proposals  RMX, SPF, LMAP, DMP, DRIP, FSV, Caller-IDPresumed-Author  MTA IP registered with  Mail-From domain  EHLO domain  Registration in DNS  New record, or TXT  Simple authentication, versus “policy”  Proposals  RMX, SPF, LMAP, DMP, DRIP, FSV, Caller-ID Provider Network  MTA IP registered with net hosting it  Registration in DNS  in-addr.arpa  New record  Proposals  MTA Mark, SS

23 D. CrockerAPCauce/Apricot – KL,2004 Proposals – Authentic Content Certify the author Classic Authentication  S/MIME – OpenPGP  Classic public key service  Message content only  Challenge-Response  Block until response to challenge received  Patented Classic Authentication  S/MIME – OpenPGP  Classic public key service  Message content only  Challenge-Response  Block until response to challenge received  Patented Good-Guy  Validate identity  Certify reputation  Proposals  Challenge-Response  Project LUMOS  TEOS  DomainKeys

24 D. CrockerAPCauce/Apricot – KL,2004 Evaluating Efficacy  Adoption  Effort to adopt proposal  Effort for ongoing use  Balance among participants  Threshold to benefit  Impact  Amount of Net affected  Amount of spam affected  Adoption  Effort to adopt proposal  Effort for ongoing use  Balance among participants  Threshold to benefit  Impact  Amount of Net affected  Amount of spam affected  Robustness  How easily circumvented  Test scenarios  Personal post/Reply  Mailing List  Inter-Enterprise Look with a very critical eye!

25 D. CrockerAPCauce/Apricot – KL,2004 Evaluating OA&M  Operations impact on…  Adopters of proposal  Others  Internet scaling – What if…  Used by everyone  Much bigger Internet  Individual vs. Group use  System metrics  Cost  Efficiency  Reliability  Operations impact on…  Adopters of proposal  Others  Internet scaling – What if…  Used by everyone  Much bigger Internet  Individual vs. Group use  System metrics  Cost  Efficiency  Reliability Look with a very critical eye!

26 D. CrockerAPCauce/Apricot – KL,2004 SummarySummary  Spam is a complicated topic  It needs to be treated with all due respect  Many factors, proposals, and constituents  Complicated considerations and effects  On the Internet, interim never is  Deploy strategic solutions  Spam is a complicated topic  It needs to be treated with all due respect  Many factors, proposals, and constituents  Complicated considerations and effects  On the Internet, interim never is  Deploy strategic solutions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.