1. Kill Spam Volume IV The integrated scenario Evangelos Moustakas (BA, MSc, MPhil)

2. Unsolicited Commercial Communication (Spam) The Agenda What is Spam? Defining the Problem Technical measures Legislation Conclusions Q & A Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University

3. What is Spam? No Universal Definition Unsolicited Commercial Email Unsolicited Bulk Commercial Email Unsolicited Bulk Commercial Email often Offensive Unwanted Email Unwanted Communications A delicious processed meat product Unsolicited Commercial Communication (Spam) Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University Like the song, spam is an endless repetition of worthless text

4. Defining the Problem Unsolicited Commercial Communication (Spam) Spam contributes to increased costs and exposes an organisation to legal liability Identity Theft - School reunions, political surveys Unsolicited e-mail sent to redirect recipients to fraudulent logon sites to capture personal detail

5. Business Opportunities Bulk E-mail Chain Letters Work from Home Schemes Health & Diet Effortless Income Free Goods Invest Opportunities Guaranteed Loans Credit Repair Vacation Prizes Unsolicited Commercial Communication (Spam) - 600-700% increase from 2001 to 2002 (MAPS) - Spam at an average enterprise exceeds 50% (Gartner) - Spam cost businesses $10 + B in 2003 (Ferris Research) - 62% of U.S. employees say pornographic spam can contribute to a hostile workplace (InsightExpress)

6. Unsolicited Commercial Communication (Spam) Technical measures 1.1st Generation Anti-Spam measures 2.2nd Generation Anti-Spam measures 3.Client Solutions 4.Outsourced Anti-Spam measures 5.Best Practices for Anti-Spam deployments Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University

7. Unsolicited Commercial Communication (Spam) Introduction 1. RBL - Real-time Black Hole List - List of spamming domains/IP addresses/unsecured message relays 2. White List - List approved domains/IP addresses 3. False Positive - A legitimate mail incorrectly blocked by an Anti-Spam filter 4. False Negative - A Spam that evades detection by Anti-Spam measures What actually happens Responses NoYes F+ False Positives Hits Correct Hits No True Legitimate Email Miss Spam that is not tagged as spam

8. 1st Generation Anti-Spam - Real-time Black-Hole Lists - Relay control - Recipient filtering - Keyword filters 2nd Generation Anti-Spam Solutions - Signature based approach similar to Anti-Virus - Vendors used honeypots to attract spam - Content neutral techniques are used to classify spam - Brightmail, Sybari Advanced Spam Defence, NetIQ, MailMarshal Limitations - Spammers changing tactics (every 90 days) - Free email services abused by spammers - Keyword filters must be updated/customised

9. Examples - Microsoft Outlook 2003 Junk Mail - McAfee Spam Killer - Low cost Drawbacks - Spam consumes bandwidth/storage - Enterprise wide policies cannot be enforced - Users have to manage Spam Client-Based Solutions Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University

10. Outsourced Anti-Spam Solutions - Messagelabs, FrontBridge Technologies, Postini - Outsourced Anti-Spam Solutions can be rapidly deployed - Messages are filtered and passed through to the organisation - Flexible subscriptions – can pay per message/per mailbox Drawbacks - Lack of control - Can be expensive Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University

11. Best Practices for Anti-Spam Deployments - Put together an Anti-Spam team (Messaging/Security/HR Functions) - Build a test lab - Deploy a combination of 1 st / 2 nd generation measures on your gateway servers - Prevents bandwidth/storage consumption - Secure your messaging infrastructure from Spammers Minimise False Positives! Biggest risk to your deployment - More than 1% is unacceptable You can minimise the risk by: - Deploying 2 nd generation Anti-Spam solutions - Use White lists (internal mail domains and partner organisations) - Test the solution in the Anti-Spam lab with live traffic - Initial phase – scan in passive mode only (Quarantine) - Deploy filters with low sensitivity for the pilot – (no blocking) - Refine and customise filters during production (use tagging) - Work with the vendor if the false positive incident rate is unacceptable

12. Legislation Unsolicited Commercial Communication (Spam) Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University Directive on Privacy and Electronic Communications (2002/58/EC) Article 13 - Adoption in July 2002 - Workshop and issue paper on Spam 16th October 2003 - Transposition deadline: 31st October 2003 - OECD Workshop on Spam, 2-3 February 2004 - Report in 2006 with particular emphasis on unsolicited communications CAN-SPAM Act of 2003 Spam labelled as commercial Opt-out mechanism No deceptive subject line or header

13. Unsolicited Commercial Communication (Spam) Conclusions Spam will be resolved if: Industry Initiative Combination of measures works best Consumer Education Resources for Consumer to protect themselves Train user to treat their e-mail address as a corporate asset Policy and Enforcement Strong civil and criminal penalties for: - Fraudulent e-mails (subject, header, from line) - Harvesting (e.g. dictionary attacks) - Scripted account creation - Address all 'bad actors', not just sender International Co-operation

14. Evangelos Moustakas (BA, MSc, MPhil) PhD Researcher-Scholar of Middlesex University Scholar of the Greek Unit of European Programs (I.K.Y.) 2000 -2004 URL: http://www.academy.gr/vmoustakas E-mail: e.moustakas@mdx.ac.uk Q & A