RUCUS - IETF 71 1 Lessons Learned From IETF Email Antispam Work Jim Fenton.

Slides:



Advertisements
Similar presentations
The Future of Access Charges Tom Evslin EVSLIN Consulting blog.tomevslin.com.
Advertisements

1 Eloqua Providing Industry-Leading Management Tools May 2009.
Eloqua Providing Industry-Leading Management Tools.
Fighting Abuse with Trust: Enhancing the paradigm Dave Crocker Trusted Domain Project (trusteddomain.org) Brandenburg InternetWorking (bbiw.net) FCC ~
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.
1 The Business Case for DomainKeys Identified Mail.
Combating Abuse Brian Nisbet NOC Manager HEAnet.
Safe Internet Use Mark Wheatley CSI Onsite
Wireless and Security CSCI 5857: Encoding and Encryption.
Masud Hasan Secue VS Hushmail Project 2.
DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.
1 NGN Issues - Numbering and Addressing Peter Darling ACIF NGN FOG No. 3.
An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama.
A beginner’s guide to Webmail. What do you need? A computer, or a smartphone An internet connection An account with an service provider.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Norman Protection Powerful and flexible Protection Gateway.
A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.
MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.
1 Dr. David MacQuigg, President Open-mail.org Stopping Abuse – An Engineer’s Perspective University of Arizona ECE 596c August 2006.
SSL with New Client Authentication Takuya Yahagi, S University of Aizu Performance Evaluation Lab.
PLUG IT IN SIX Protecting Your Information Assets.
IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
C August 24, 2004 Page 1 SMS Spam Control Nobuyuki Uchida QUALCOMM Incorporated Notice ©2004 QUALCOMM Incorporated. All rights reserved.
VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY.
Application Security: (April 10, 2013) © Abdou Illia – Spring 2013.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.
Leveraging Delivery for Spam Mitigation.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Requirements Hash Cash & Pay IETF 62 - Sipping WG Cullen Jennings.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Etiquette. Spam  spam, also known as junk or unsolicited bulk (UBE), is a subset of electronic spam involving nearly identical.
Spam. Is spam a problem? Bandwidth hogging -> slower, costlier Discourages use of net ( , e-commerce) Productivity -> loss of time and money Receiver.
CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.
Reducing Unwanted Communications in SIP (RUCUS) BOF Hannes Tschofenig Francois Audet.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
An Effective Defense Against Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.
Understand Protection LESSON Security Fundamentals.
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
Anti-Spam Managing Spam with Kerio Connect
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
Sender ID: An Overview for Registrars ICANN Vancouver December 1, 2005
IP Telephony (VoIP).
Done by… Hanoof Al-Khaldi Information Assurance
Identity theft vector of the electronic age
Information Security 101 Richard Davis, Rob Laltrello.
Fix Thunderbird Error 5.7.1 Call Toll-free
Fix AOL Mail Error Code 554 Call for Help
Jean-François Mulé CableLabs
What is it? Why do I keep getting from Barracuda? SPAM.
Domain-based Authentication, Reporting, and Conformance
Henning Schulzrinne Columbia University
Module 7 Questions Prepared by Mr O Seguna next.
Spam control Old emphasis: detect spam
Cybersecurity Simplified: Phishing
Presentation transcript:

RUCUS - IETF 71 1 Lessons Learned From IETF Antispam Work Jim Fenton

RUCUS - IETF Antispam work in IETF?  AntiSpam Research Group in IRTF Meets Tuesday afternoon  Two WGs have focused on authentication MARID (2004) DKIM (2006-present)  Authentication to establish identity + authorization considered useful Provides base for reputation, whitelists, etc. Relief from false positives on messages from known, desirable senders  Strong opinions everywhere!

RUCUS - IETF 71 3 Legacy  Legacy makes change difficult has more legacy than VoIP But the PSTN has a lot more legacy than !  Capability for anonymity is essential But Anonymity  Spoofing Some spoofing is desired by users (“mail an article”)  Can the recipient trust the {caller’s, author’s} identity? Generally, no PSTN lacks display mechanisms for Caller ID trust, even if we could decide how to populate it Similarly, UIs generally don’t display authentication

RUCUS - IETF 71 4 Comparing and Voice  Decision can include message content  Difficult to establish trust basis for large domains, especially free services  Real-time recipient input rarely available to aid decision- making  Fraud (phishing), malware delivery significant problems  “Horse has left the barn”: spam rampant  Decision must be made in real-time prior to connection  Difficult to establish accountability for PSTN addresses  Recipient may be available to provide input to call acceptance process  Voice fraud probably more insidious; malware TBD  Some spam, but generally under control, for now Voice

RUCUS - IETF 71 5 Conclusions  experience shows that economics are ripe for floods of VoIP spam  VoIP spam is likely to be much more intrusive than spam  A bit early to evaluate the benefit of authentication on spam management But voice services can’t wait for the answer  Interworking between PSTN and VoIP likely to be very difficult