Spam, Spam and More Spam. Spammers: Cost to send



Similar documents
. Daniel Zappala. CS 460 Computer Networking Brigham Young University

An Overview of Spam Blocking Techniques

Collateral Damage. Consequences of Spam and Virus Filtering for the System. Peter Eisentraut 22C3. credativ GmbH.

Comprehensive Filtering. Whitepaper

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Blackbaud Communication Services Overview of Delivery and FAQs

Antispam Security Best Practices

Exim4U. Server Solution For Unix And Linux Systems

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

Anti Spam Best Practices

security

Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam .

Security. Help Documentation

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011

Configuring Your Gateman Server

Visendo Suite a reliable solution for SMBs

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

MDaemon Vs. Microsoft Exchange Server 2013 Standard

ECE Mail System Overview. Pablo J. Rebollo ECE Network Operations Center

Technical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1

MDaemon configuration recommendations for dealing with spam related issues

Do you need to... Do you need to...

Marketing 201. How a SPAM Filter Works. Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) x125

Setting up and controlling

How To Stop Spam From Being A Problem

Security. Raj Jain. Washington University in St. Louis

Intercept Anti-Spam Quick Start Guide

CS43: Computer Networks . Kevin Webb Swarthmore College September 24, 2015

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

Panda Cloud Protection

D3 TECHNOLOGIES SPAM FILTER

English Translation of SecurityGateway for Exchange/SMTP Servers

Enhanced Spam Defence

Chapter 2 Application Layer. Lecture 5 FTP, Mail. Computer Networking: A Top Down Approach

Aloaha Mail and Archive

Fighting Spam: Tools, Tips, and Techniques

A D M I N I S T R A T O R V 1. 0

Web. Anti- Spam. Disk. Mail DNS. Server. Backup

Fighting Spam in an ISP Environment:

POP3 Connector for Exchange - Configuration

AntiSpam QuickStart Guide

Deliverability Best Practices by Tamara Gielen

XGENPLUS SECURITY FEATURES...

Migration Manual (For Outlook 2010)

Quick Start Policy Patrol Mail Security 10

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

s and anti-spam Page 1

Anti-SPAM Solutions as a Component of Digital Communications Management

Migration Manual (For Outlook Express 6)

DMA s Authentication Requirement: FAQs and Best Practices

Getting Started Guide Unix Platform

How To Ensure Your Is Delivered

More Details About Your Spam Digest & Dashboard

What is a Mail Gateway?... 1 Mail Gateway Setup Peering... 3 Domain Forwarding... 4 External Address Verification... 4

Guardian Digital Secure Mail Suite Quick Start Guide

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

1 Accessing accounts on the Axxess Mail Server

ORF ENTERPRISE EDITION 1. Getting the Most Out of ORF

SCORECARD MARKETING. Find Out How Much You Are Really Getting Out of Your Marketing

ETH Zürich - Mail Filtering Service

EFFECTIVE SPAM FILTERING WITH MDAEMON

Migration Project Plan for Cisco Cloud Security

Spam filtering. Peter Likarish Based on slides by EJ Jung 11/03/10

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

Articles Fighting SPAM in Lotus Domino

How To Secure A Website With A Password Protected Login Process (

Comprehensive Filtering: Barracuda Spam Firewall Safeguards Legitimate

If your response to any of the questions above was Yes, then SmarterMail Enterprise Edition may be right for you.

FTP and . Computer Networks. FTP: the file transfer protocol

USAGE GUIDE ADAM INTERNET SPAM FILTER MANAGER

USER GUIDE. Mailjet in webcrm

eprism Security Appliance 6.0 Release Notes What's New in 6.0

A White Paper. VerticalResponse, Delivery and You A Handy Guide. VerticalResponse,Inc nd Street, Suite 700 San Francisco, CA 94107

Introduction. SonicWALL Security

Reliable & Secure . Professional, Dependable, Complete Easy to Learn, Use and Grow

one million mails a day: open source software to deal with it Charly Kühnast Municipal Datacenter for the Lower Rhine Area Moers, Germany

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

Analysis of Spam Filter Methods on SMTP Servers Category: Trends in Anti-Spam Development

DATA COMMUNICATOIN NETWORKING

IronPort Authentication

Symantec Hosted Mail Security Getting Started Guide

CipherMail Gateway Quick Setup Guide

SPAM FILTER Service Data Sheet

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

Transcription:

Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst *with some slides/graphics adapted from J.F Kurose and K.W. Ross Spammers: Cost to send Assuming a $10/mo dialup account: 13.4 million messages per month might be sent A cost of about 1 penny per 14,300 messages Free trials make it free! 1

$$ You: Cost to Receive $$ 10+ Billion spam sent each day At 5 seconds per spam (to recognize & delete).. That s 50 billion seconds of lost productivity each day (39,457 work years) Assuming $36k average income per person: $1.5 Billion per day in lost productivity to economy. Driving Business Incentives Pump and dump penny-stocks Scams-Nigerian investments, phishing,etc. Meds Insurance Porn Loans/Mortgages Others 2

Botnets and Spammers DDOS Replication Vender Spammer Bot controller Spam Example: Storm worm currently running on up to 50 million infected computers. More computing power than top 500 supercomputers in world combined! Used for DDOS attacks, penny stock spam and propagating itself via email. Mail access protocols SMTP: delivery/storage to receiver s server Mail access protocol: retrieval from server POP: Post Office Protocol [RFC 1939] authorization ( <-->server) and download : Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored msgs on server HTTP: Hotmail, Yahoo! Mail, etc. 3

Ideal place to filter filter? Source machine Source MTA server In middle of network Recipient MTA server Recipient machine Pros & Cons of each. ISP IP block white-listing 12.1.1.5 SMTP Only SMTP 12.1.X.X POP3 or allowed! Source MTA filter. ISPs allow any IP blocks on their network to relay through their mail servers. Disallows mobility Allows viruses 4

Username Password SMTP SMTP-AUTH SMTP POP3 or Source MTA requires name/password before relaying a message. Only ISP s own customers allowed to relay Optional: Block all other outgoing SMTP Allows mobility, Blocks dumb viruses Free Trial ISP accounts. Fraudulently acquired accounts. Rate throttling 25 M/H Simple: Source MTA Limits the number/rate of emails from individual senders. Limit on: Max recipients per message Max messages per time period etc. Problems: Spammers can code their own MTAs Millions of throttled bots can still spam-a-lot! 5

SPF (Sender Policy Framework) spf? (13.1.1.1) 13.1.1.1 Alice.com Recipient MTA Filter TXT dns record on a domain that lists Authorized relays for email marked as coming from that domain. Only effective with mass adoption. Spammers comply with SPF Relay Blacklists (RBLs) (13.1.1.1) Recipient MTA Filter 13.1.1.1 ok? rbl1 DB of IP addresses (and blocks) that should not be allowed to relay email. 100s of lists publicly available. Mail servers commonly use several RBLs Individually and group maintained. Conservative vs ultraliberal inclusion. rbl3 rbl2 6

Relay Blacklists (RBLs) cont. Spamhaus Stats: http://www.spamhaus.org/statistics/ Take it or leave it one-size-fits-all. (Is either too aggressive or too passive). Central RBL servers easy to DDOS. If done within network, then prevents smtpauth. Relay White-lists (13.1.1.1) 13.1.1.1 ok? Recipient MTA Filter wl2 wl1 Automatically allows email from specific domains, relays and senders through Easy to get out of date? Spammers can use legitimate email addresses, ISPs and domains. (botnets,etc). wl3 7

Greylists Don t fully allow (not a whitelist) Don t completely block (not a blacklist). Slow down handshaking & negotiation (tarpit) and/or take more time/resources to scan. Tarpitting doesn t block very determined spammers. SMTP Tricking Spammers bob.com mx? 14.1.1.1, 14.1.12 SMTP FAIL! Fake MTA 14.1.1.1 POP3 or Bob.com (14.1.1.2) Require MTAs to adhere to full SMTP RFC. Point primary MX record at null sync. Secondary MX record point to real MTA. Spammers can make their MTAs smarter Some Spammers use existing ISP MTAs 8

Domain Keys Identified Mail (DKIM) Pub Key? (Signs Message) Alice.com <PubKey> (Authenticates message) Sender MTA signs message hash w/ priv key. Adds signature as new header: DomainKey- Signature Recipient MTA uses txt record to find public key to authenticate signature. Adoption Spammer domains can conform Spammers can use legitimate ISP account Signs Message S/MIME Signatures Verifies Signature Senders obtain a digital cert from a legitimate Certificate Authority (CA). Can use the cert for both signing as well as encryption of messages. Recipients can verify certs via certificate chain (just like web browsers). Adoption Cost of per sender cert. CA 9

Bayesian Content Filters Hash( Viagra )? SPAM! Recipient filter Individualized DB. Requires training Learns common words & phrases from spam Spam scoring given to each message. Randomized spam content misspellings jpeg/pdf spam DB Vipul s Razor Recipient Filter. Hash of email body or paragraphs (messages signature ). Lookup this signature in centralized DB of known spam. Only Authorized Reporters can register spam signatures. (computes signature) 2e821f039 ok? Randomized content jpeg/pdf spam. Razor DB Razor DB 10

Spam Training Honeypots Dedicate an inbox to receive only spam. Randomly generated name: asdf@domain.com or common (unused) name: bob@jones.com Email received by this box can be fed to bayesian filter, vipuls razor & personal RBLs. What is used today? Combination of all of these techniques. Spamassassin as an example. RBLs are low hanging fruit Commonly block 80%+ of spam. 11

Remaining Problems Increased client mobility P2P email (no reliance on central scanners or CA). Fast vs slow path selection based on trust of sender & sender s email path. Fast reaction to entity behavior changes ( Zombiefication of hosts) Micro-payments Senders pay fraction of a cent for each email they send. Won t deter normal email s, but would definitely stop many spammers. Variation: Rather than charge for each email Force all email s to put $$ in escrow only charging account upon receiving complaint. 12

Transitive Social-net Trust Nancy Jim Carol Alice trust trust trust trust Bob Email Based off of Small Worlds No centralized filters Can be completely P2P Trust levels are constantly changing (fast reaction to observed mis-behaviors) P2P Experience & RBL User s collect their own experience (positive and negative) and share them with their social peers. User s generate their own personal RBLs mods based off of their experience DB. User s query for neighbor s experiences using multi-casting. 13

Dynamic Grey-listing Selectively decide which message to send on fast-path (Layer 3) vs through tarpit (Layer-7..for further inspection). Fast path may include no scanning at all freeing up scanning resources to be used on un-trusted messages. 14

Questions? Questions / Comments / Feedback? 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information