Anti-SPAM Solutions as a Component of Digital Communications Management Ron Shuck CISSP, GCIA, CCSE
Agenda What is Spam & what can you do? What is the cost of Spam E-mail E to organizations? How do we deal with this issue? What are the different solutions?
What is SPAM? Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. E-mail spam is unique in that the receiver pays so much more for it than the sender does. No other kind of advertising costs the advertiser so little, and the recipient so much. An increasing number of spammers send most or all of their mail via innocent intermediate systems, to avoid blocks that many systems have placed against mail coming directly from the spammers' systems. Source: http://spam.abuse.net
What Can You Do? Don't waste your time trying to jump through the spammers' hoops. Plenty of people have documented the fact that not only do remove lists not work, they verify to the spammer that your e-mail e address is good, and so then they put it on the premium CD and sell it to the next spammer for even more money. Report SPAM to the Spammers provider. Reduce sources that Spammers use to harvest E- mail addresses (web sites, newsgroups, etc.) Deploy one or more anti-spam solutions. Source: http://spam.abuse.net
Without Email Gateway Remote E-Mail Protection Internet HTTP/HTTPS HTTP/S-HACK X Remote E-Mail SERVER EMAIL SMTP-HACK SMTP X E-Mail SERVER
With Email Gateway Protection Remote E-Mail OK HTTP/HTTPS Internet HTTP/S-HACK SPAM Remote E-Mail SERVER OK SMTP-HACK SMTP E-Mail SERVER EMAIL
Cost to Organization Cost of bandwidth & storage. Cost of server hardware. Cost of Administrator time. Cost of Users reading, deleting or replying to SPAM emails.
SPAM Statistics Source: http://www.brightmail.com/spamstats.html
SPAM Statistics Source: http://www.brightmail.com/spamstats.html
SPAM Statistics Source: http://www.spamcop.net/spamstats.shtml
SPAM Statistics E-mail considered Spam 40% of all e-mail. e Daily Spam e-mails e sent 12.4 billion. Spam cost to all non-corp Internet users $255 million. Spam cost to all U.S. Corporations in 2002 $8.9 billion. Estimated Spam increase by 2007 63%. Annual Spam in 1,000 employee company 2.1 million. Source: http://www.spamfilterreview.com/spam-statistics.html
Solutions Individual installed software (McAfee SpamKiller, SpamBayes). Outsourced Service (Postini( Postini, FrontBridge). Server based software (GFI MailEssentials, Marshall Software MailMarshall). Open Source Solutions (Spamassassin). Appliance Based Spam solution (Interceptor).
Individual Solutions Spam Killer Software rules based SPAM detection. SpamBayes Software rules and Bayesian SPAM detection. Users have to update rules from company servers, or write own rules to combat spam.
Server Based Software Mail Essentials and MailMarshall are both software, rules based anti-spam solutions that have to be installed on an SMTP gateway server or the actual mail server itself. Administrators have to write rules to combat spam. Administrators also have to retrieve any message that was blocked inbound to a user since the user does not have this ability.
Open Source Based Solution What is Open Source? Features of Open Source Solution. Components of Open Source Solution.
What is Open Source? Free re-distribution Access to all source code Allows modifications and derived works
Open Source vs. Commercial Open Source Benefits FREE! Publicly Scrutinized and tested Commercial Benefits Clear Documentation Support Contracts / Agreements
Open Source Placement SMTP Internet 25 FIREWALL HACKS DMZ SpamAssassin SPAM 25 Secure Area Network EMAIL Server
Features Very Secure. Effective SPAM Identification and Elimination. Supplement to Anti-Virus Solution. Support for Additional Anti-Virus. Weekly Reports on SPAM.
Primary Components Red Hat Linux. Postfix. Spamassassin. Anomy Sanitizer. TNEF2Multipart.
Red Hat Linux Hardened / Minimal Installation of Red Hat Linux Fedora Core 1. Operating System for the Mail Server. Patch Management for OS. Built-in in Firewall for added Security (IPTables).
Postfix Very Secure Simple Mail Transfer Protocol (SMTP) Mail Transfer Agent (MTA). Infrequent Vulnerabilities Discovered Anti-Relay Capabilities. Real-time Blackhole List (RBL) Support. Fast Processing.
Spamassassin Very Flexible Mail Filter used to Identify and Remove SPAM. Rule Based Heuristic Tests. Header & Message Body Analysis. Supports RBL. Supports Bayesian Filtering. Supports RAZOR.
Anomy Sanitizer Removes Harmful or Dangerous Components from Email. Removes Executables. Disable ( defang( defang ) ) potentially dangerous HTML code, such as JavaScript. Disable potential Email Client Buffer Overflows, such as ActiveX.
TNEF2Multipart Converts Microsoft Mail Client s proprietary format, Transport Neutral Encapsulation Format (TNEF), to simple MIME. All Microsoft Outlook Emails with Rich Text or Attachments. Allows Anomy Sanitizer to See all Attachments.
Custom Script Report Sample Report Report Date: Sun May 16 04:02:33 CDT 2004 Date Messages Size(MB) Spam Size(MB) Percent Avg Max ------ -------- -------- -------- -------- ------- ----- ----- May 9 3667 21.2 1425 6.9 38.86 7.7 18.5 May 10 5736 38.1 1995 9.3 34.78 7.9 107.2 May 11 6979 42.4 2430 10.9 34.82 7.8 103.3 May 12 6274 41.5 2200 10.0 35.07 7.7 19.3 May 13 6447 38.9 2212 9.3 34.31 7.7 23.8 May 14 6823 43.9 2430 10.4 35.61 7.6 103.7 May 15 5357 27.4 2108 9.0 39.35 7.5 17.2 May 16 794 3.9 299 1.2 37.66 7.5 17.2 Total Messages Scanned: 42077 (257.3 MB) Total Spam: 15099 (67.0 MB) Max / Average Score: 107.2 / 7.7 Typical Statistics
Appliance Based Solution Interceptor Is an appliance based, stand alone anti- spam solution. The Interceptor has the rules based software like all other packages, but also have the added functionality of an internal Bayesian Analysis Engine built in. The Bayesian Engine, means that the system learns what messages should and should not be allowed in, and will block those that should not be allowed.
Interceptor Benefits Defend business critical servers. Prevent malicious attacks. Mask your environment to divert hackers. Eliminate Spam with minimal admin time. Securely Deploy Web-Based Email.
Appliance Placement HTTPS SMTP Internet 443 25 FIREWALL HACKS DMZ INTERCEPTOR SPAM 80 25 Secure Area Network Web-Mail Server EMAIL Server
Email Gateway Protection Spam is only 20% of the problem Over 80% of successful hacks are utilizing Internet applications that go un-scanned through the firewall Analyzes web-mail and email traffic for malicious attacks. Eliminating up to 97% of Spam at the gateway level. Real-time protection without degrading the performance of your network.
Defend Email and Web Servers Disallow direct access to your web-mail and mail servers. Protocol analysis to prevent path misdirection attempts. Blocks directory traversals. Provides content sanitization by blocking executable code. Option of blocking pictures (which can contain harmful code).
Prevent Malicious Attacks Analysis and directs web-mail HTTP and HTTPS proxy connections to stop attacks such as denial of service or buffer overflow attacks. Over 1,250 and growing, signatures to identify and destroy known attacks for web-mail servers. In real-time, detect and block threats such as buffer overflow and malformed HTTP requests. Provides full inspection of both encrypted and unencrypted traffic.
Eliminate High Volumes of Spam Eliminate the need for an Email Administrator that checks huge volumes of emails by having the option of pushing the Spam list to end-users. Correctly flag and block over 97% and higher of Spam with learning artificial intelligence and Bayesian analysis. Spam Cocktail wide range of anti-spam approaches that generate a probability level of a message being spam, and creates tokens for future flagging. Block Spam at the gateway level, which reduces internal network loads and minimizes security risk.
Securely Deploy Web-Based Email Supports SSL to provide secure method of running Web-Mail, such as Outlook Web Access and Group Wise Access. Secure email for remote employees with SSL from the client to the gateway. Easy deployment with no installation of client- side software.
Interceptor 2.0 Release Redundant Anti-Virus. Employee Email Policy Enforcement. End User White-listing capabilities. New Admin Tools Per user settings: Address Blacklisting. Sanitization Settings. Content Filtering on Inbound & Outbound. New Distributed Quarantine Ability to give users higher level of control: Sorting. Retrieve, Request, or Mark Rights. End User White-Listing.