Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama.

Published byAlannah Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama."— Presentation transcript:

1 An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama University, Japan 2 National Institute of Informatics, Japan 3 CO-CONV Corporation, Japan

2 2008/3/27 MIT Spam Conference 2008 2 Contents Existing anti-spam methods Anti-spam method with SMTP session abort Implementation and evaluation of prototype system Conclusions

3 Existing anti-spam methods 2008/3/27 MIT Spam Conference 2008 3

4 2008/3/27 MIT Spam Conference 2008 4 Tempfailing (1) Utilizes difference of MTA behavior after temporary error –Legitimate MTAs Retry to send the temporarily failed messages –Spam sending MTAs Prefer throughput Give up resending the temporarily failed messages

5 2008/3/27 MIT Spam Conference 2008 5 First Delivery Second delivery Tempfailing (2) Spam sending MTA Legitimate MTA temporary error MTA temporary error Recipients retry Saves triplet ( Sender IP, SMTP From, SMTP To) Sender IP SMTP From SMTP To Sender IP SMTP From SMTP To

6 2008/3/27 MIT Spam Conference 2008 6 Tempfailing (3) Problems –RFC2821: 4.5.4.1 Sending Strategy (excerpt) The sender MUST delay retrying a particular destination after one attempt has failed. In general, the retry interval SHOULD be at least 30 minutes. Causes large delay for legitimate mail delivery

7 2008/3/27 MIT Spam Conference 2008 7 Tempfailing (4) Problems (cont.) –Utilizes the following triplet for retransmission judgment: Sender IP SMTP From SMTP To Rejects retries from a different MTA

8 2008/3/27 MIT Spam Conference 2008 8 Tempfailing (5) Problems (cont.) –Rejects before receiving header/body –Logs only the triplet (Sender IP, SMTP From, SMTP To) Difficult to recover false positives

9 2008/3/27 MIT Spam Conference 2008 9 Distributed collaborative filter MTA Spam sending MTA Recipients Spam database check not found spam register found Only messages already read by existent recipients can be filtered out

10 Anti-spam method with SMTP session abort 2008/3/27 MIT Spam Conference 2008 10

11 2008/3/27 MIT Spam Conference 2008 11 Summary of known problems (Tempfailing) Large delay (Tempfailing) Retries from a different MTA (Tempfailing) Recovery from false positives (Distributed collaborative filter) only messages read by recipients into DB

12 2008/3/27 MIT Spam Conference 2008 12 Features of the proposed method (Tempfailing) Large delay (Tempfailing) Retries from a different MTA (Tempfailing) Recovery from false positives (Distributed collaborative filter) only messages read by recipients into DB Introducing two mail gateways (MGs) Immediate fallback to the secondary MG SMTP session abort function Preserving header/body on first attempt Retransmission judgment with Message-ID or checksum instead of IP Automatic registration of unresent/undeliverable messages Early registration of many spam mails

13 2008/3/27 MIT Spam Conference 2008 13 System layout and behavior (1) Organization Inside MTA Recipients Spam database Primary mail gateway Secondary mail gateway Mail gateway × TCP segment (RST) SMTP session abort After SMTP session to the primary MG is aborted, a legitimate MTA usually sends the message to the secondary MG immediately. Retry Reducing delay of legitimate mail delivery header body Preservingheader/body Check triplet (MsgID/checksum, SMTP From, SMTP To) Retransmission judgment based on header(MsgID) or body(checksum) header body Sender MTA Preserving header/body in case of false positive

14 2008/3/27 MIT Spam Conference 2008 14 System layout and behavior (2-1) Organization Inside MTA Recipients Spam database Primary mail gateway Secondary mail gateway Spam sending MTA undeliverable RCPT TO recipient check Unknown recipient register header body × SMTP session abort headerbody

15 2008/3/27 MIT Spam Conference 2008 15 System layout and behavior (2-2) Organization Inside MTA Recipients Spam database Primary mail gateway Secondary mail gateway formerly deliverable RCPT TO Recipient check Unknown recipient register header body × SMTP session abort headerbody Recipient check header body cancel RCPT TO Automatic registration of unresent/undeliverable messages Sender MTA

16 User preference of abort timing (1) Affects network traffic and delay Possible options –Accept No session abort –Header Abort after End of Header Low traffic/delay –Body Abort after End of Message Easy recovery on false positives 2008/3/27 MIT Spam Conference 2008 16

17 2008/3/27 MIT Spam Conference 2008 17 User preference of abort timing (2) Organization Inside MTA A Spam database Primary mail gateway Secondary mail gateway RCPT TO: A RCPT TO: B RCPT TO: C RCPT TO: A × SMTP session abort at end of message RCPT TO: B RCPT TO: C RCPT TO: A RCPT TO: B RCPT TO: C Sender MTA accept BC headerbody header body

18 Implementation and evaluation of prototype system 2008/3/27 MIT Spam Conference 2008 18

19 2008/3/27 MIT Spam Conference 2008 19 Prototype system implementation Platform –FreeBSD with sendmail & DCC SMTP session abort function –An external program using “ipfw” Retransmission judgment –(Message-ID, SMTP From, SMTP To)

20 2008/3/27 MIT Spam Conference 2008 20 First operation test (1) Objectives –Performance evaluation of blocking/filtering Test domains –Some sub-domains in okayama-u.ac.jp –Already obsolete five years before –To be removed in one month –Some legitimate mails were possibly sent to these domains Test period –Seven days from Jan. 29 to Feb. 5th, 2006

21 2008/3/27 MIT Spam Conference 2008 21 First operation test (2) Result Number of mails processed54,719 Number of mails blocked44,303 Number of mails received10,416 Number of mails filtered out by DCC2,180 81% (44303/54719) of mails processed were blocked by SMTP session abort 20% (2180/10416) of mails received were filtered out by DCC NB: we counted both legitimate mails and spam mails.

22 2008/3/27 MIT Spam Conference 2008 22 Second operation test (1) Objectives –Comparison with conventional tempfailing as for processing of legitimate mails Test domain –New sub-domain dedicated for this test –Only 1 IP address available Two MGs have the same IP address Usual in small companies in Japan

23 2008/3/27 MIT Spam Conference 2008 23 Second operation test (2) Result Domain (service)MTAResendDifferent MTAMin. interval cc.okayama-u.ac.jp (Univ.)sendmailYESNO0(sec) nifty.com (ISP)sendmailYESNO1 listbox.com (ML)postfixYESNO1 yahoo.com (free mail)?YESNO10 gmail.com (free mail)?YES 385 aol.com (free mail)?YESNO6 hotmail.com (free mail)SMTPSVCYESNO6 yahoogroups.jp (free ML)?YESNO1 freeml.com (free ML)qmailYESNO399 mag2.com (mail magazine)qmailYESNO3264 trashmail.net (anonymous mail)postfixYESNO6 All messages even from gmail.com were accepted without whitelist Small delays of mail delivery from many domains Some domains using qmail still had large delays

24 2008/3/27 MIT Spam Conference 2008 24 Possible false positives Messages without Message-ID –Use Date: field (mandatory), or –Use the checksum of the body MTAs without retransmission –Can recover lost headers/bodies easily –Find such MTAs and register them into whitelist MTAs changing SMTP From address –Use (Message-ID, SMTP To) without SMTP From for retransmission judgment

25 Conclusions 2008/3/27 MIT Spam Conference 2008 25

26 2008/3/27 MIT Spam Conference 2008 26 Conclusions Combination of three functions –Tempfailing –Distributed Collaborative filter –SMPT session abort Reduces the drawbacks of existing two methods Future works –Long term actual performance evaluation –Combination with on-the-fly filters

27 Questions ? Please speak slowly and clearly 2008/3/27 MIT Spam Conference 2008 27

Download ppt "An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama."

Similar presentations

Internet – Part I. What is Internet? Internet is a global computer network of inter-connected networks.

Internet – Part I. What is Internet? Internet is a global computer network of inter-connected networks.
Basic Communication on the Internet:

Basic Communication on the Internet:
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Fighting spam: the thin grey line Alun Jones,

Fighting spam: the thin grey line Alun Jones,
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Barracuda Email Security Service. Barracuda Networks Introduction to Barracuda Email Security Service 2 Easy to Deploy Cloud-based email security Nothing.

Barracuda Security Service. Barracuda Networks Introduction to Barracuda Security Service 2 Easy to Deploy Cloud-based security Nothing.
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
SMTP – Simple Mail Transfer Protocol

SMTP – Simple Mail Transfer Protocol
1 Enhancing Email Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.

1 Enhancing Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.
0 EMAIL 5000 Series DATA MANAGEMENT. 1 Why Email? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.

Series DATA MANAGEMENT. 1 Why ? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.
Broadcast email service Core tools. Agenda 1.Introduction – email tool and its main features 2.Setting up and sending a simple broadcast email 3.Achieving.

Broadcast service Core tools. Agenda 1.Introduction – tool and its main features 2.Setting up and sending a simple broadcast 3.Achieving.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
SMTP Simple Mail Transfer Protocol. Content I.What is SMTP? II.History of SMTP III.General Features IV.SMTP Commands V.SMTP Replies VI.A typical SMTP.

SMTP Simple Mail Transfer Protocol. Content I.What is SMTP? II.History of SMTP III.General Features IV.SMTP Commands V.SMTP Replies VI.A typical SMTP.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Similar presentations

Ads by Google