Presentation is loading. Please wait.

Presentation is loading. Please wait.

Methods for Stopping Spam James Lick

Published byKelly Hart Modified over 9 years ago

Similar presentations

Presentation on theme: "Methods for Stopping Spam James Lick"— Presentation transcript:

1 Methods for Stopping Spam James Lick jlick@drivel.com

2 The Problem AOL blocks 780,000,000 spams each day (Feb 2003) I am sent ~900 spams each day (Jan 2003)

3 Methods for Stopping Spam ● Security ● Policy Enforcement ● Blocking ● Filtering ● Avoidance

4 Disclaimer No method will block all spam Every method will sometimes block real mail Spammers always get more aggressive These tools are just a sample Combining tactics works best Blocking/Filtering hides extent of problem

5 Security ● Make sure you aren't part of the problem ● Check infrastructure and customers: – Open relays – Open proxies – Use of latest security patches ● A lot of spam is sent through security holes ● Notify authorities for extreme cases

6 Policy Enforcement ● Have a reasonable AUP ● Have users agree to it (legal contract) ● Enforce it! – This is a contract, lack of spam law is no excuse – Don't give second chances too easily ● Respond to complaints

7 Policy Enforcement (cont) ● If you get a reputation of soft on spam: – You will get more spamming customers! – Your mail will be blocked more and more – You lose customers – You go out of business ● The earlier you address problems, the easier it is to solve ● Policy enforcement is an ongoing responsibility

8 Blocking ● Bad sender address ● Spam Source lists ● Open Relay lists ● Open Proxy lists ● Dialup/Dynamic IP lists ● Other ● Local blocks

9 Bad sender ● Most spam is sent with forged sender ● Look up sender domain – Reject message if it doesn't exist – Defer message if lookup fails ● Supported by most mail servers ● Default in modern sendmail ● You can also check sending hostname, but this is not reliable as spam sign

10 Spam Source lists ● Lists IP addresses which belong to spammers ● MAPS RBL (www.mail-abuse.org) ● Spamhaus BL (www.spamhaus.org) ● Sometimes widens block to whole networks, but usually in extreme cases

11 Open Relay lists ● Blocks mail from old servers which allow anyone to send mail through them ● MAPS RSS (www.mail-abuse.org) ● ORDB (www.ordb.org) ● Can block real mail from insecure sites ● Sometimes listings are based on old information

12 Open Proxy lists ● Blocks mail from insecure open proxies ● OPM (www.blitzed.org/opm/) ● Usually doesn't block any real mail ● Most lists incomplete – finding open proxies is hard

13 Dialup/Dynamic IP lists ● Blocks direct mail from dialups and dynamic IP addresses ● Be sure to whitelist your own customers! ● Dynamic clients should use ISP mail server to send mail ● SMTP MSP can be used to send mail remotely safely ● Usually does not block real mail

14 Dialup/Dynamic IP lists (cont) ● MAPS DUL (www.mail-abuse.org) ● PDL (www.pan-am.ca/pdl/) ● Dynablock (basic.wirehub.nl/dynablocker.html)

15 Other ● As spammers get more aggressive, anti-spammers get more aggressive in blocking ● Blocking is often done by: – Any IP sending any spam ever – Countries/regions perceived as soft on spam – Networks perceived as soft on spam – Faulty methods of identifying spam – Other forms of 'spite' listings

16 Other (cont) ● Most of these methods are not used widely ● As spam problem gets worse, these methods may become more widespread. ● Before using a blocking service – Make sure their policies match your expectation – Make sure it is reputable – Test it out first

17 Local blocks ● Setup your own local blocks (access_db, local dnsbl) ● Requires diligence and upkeep ● Do it only if you can devote resources to it every day! ● Better yet, get involved with contributing to public blocking lists

18 Filtering ● Analyze content, not where it came from – Pattern matching – Bulk detection

19 Pattern Matching ● Spams have common 'spam signs' – Common types of header forgery – Common disclaimers – Common wording of sales pitch – Garbage strings, header style, etc. ● Filters can detect and score based on how many spam signs are in a message

20 Spam Assassin (www.spamassassin.org) ● Has a set of rules, each with a score ● If a message scores over a threshold, marked as spam ● Can also use bulk detection, blocking lists ● Uses a lot more CPU – Can scale to large mail loads by using a cluster of cheap servers running SA's spamd ● Can be run on a client system too

21 Spam Assassin 2.50 ● Just out! ● Adds Bayesian filtering ● Bayesian filtering statistically analyzes what content shows up in spam more often than real mail ● For best results, needs training on what is and isn't spam ● SA 2.50 auto-trains based on SA scoring

22 Bulk Detection ● Razor (razor.sourceforge.net) aka SpamNet (www.cloudmark.com) ● DCC (www.rhyolite.com/anti-spam/dcc) ● Reliably detects messages sent in bulk ● Razor designed to detect unsolicited bulk ● Not perfect, sometimes blocks large mailing lists (recently Crypto-Gram)

23 Avoidance ● Try not to expose email addresses – Don't publish user directories – Give users help and tools to do filtering ● Advise users – Use spam filtering software (in addition to ISP) – Don't give out email address freely – Use disposable email addresses – Change email addresses periodically

24 Q&A Questions Answers Discussion

Download ppt "Methods for Stopping Spam James Lick"

Similar presentations

Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001 United Kingdom Education & Research Networking Association.

Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001 United Kingdom Education & Research Networking Association.
Justin Mason, SpamAssassin Project & Deersoft

Justin Mason, SpamAssassin Project & Deersoft
What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via email, text message, online chat, blogs or various other.

What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via , text message, online chat, blogs or various other.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Using Traffic Analysis to Detect Email Spam Richard Clayton TERENA, Lyngby, 22 nd May 2007.

Using Traffic Analysis to Detect Spam Richard Clayton TERENA, Lyngby, 22 nd May 2007.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 VMO and SMTP TOI Aaron Belcher.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 VMO and SMTP TOI Aaron Belcher.
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
Netiquette Rules.

Netiquette Rules.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.

UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.
COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.

COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.

Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.
Spam May 15 2006 CS239. Taxonomy E-mail (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:
Fighting Spam Randy Appleton Northern Michigan University

Fighting Spam Randy Appleton Northern Michigan University
Sender policy framework. Note: is a good reference source for SPFhttp://www.openspf.org/

Sender policy framework. Note: is a good reference source for SPFhttp://
1 Fighting Spam at AOL: Lessons Learned and Issues Raised Carl Hutzler Director of Anti-Spam Operations America Online, Inc. 12/9/2005.

1 Fighting Spam at AOL: Lessons Learned and Issues Raised Carl Hutzler Director of Anti-Spam Operations America Online, Inc. 12/9/2005.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Email Spam Works.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

Similar presentations

Ads by Google