Kill Spam Volume IV The integrated scenario Evangelos Moustakas (BA, MSc, MPhil)

Kill Spam Volume IVThe integrated scenario

Evangelos Moustakas (BA, MSc, MPhil)

Unsolicited Commercial Communication (Spam)

The Agenda

• What is Spam?

• Defining the Problem

• Technical measures

• Legislation

• Conclusions

• Q & A

Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University

What is Spam?

No Universal Definition

Unsolicited Commercial Email

Unsolicited Bulk Commercial Email

Unsolicited Bulk Commercial Email often Offensive

Unwanted Email

Unwanted Communications

A delicious processed meat product



Like the song, spam is an endless repetition of worthless text

Defining the Problem


Spam contributes to increased costs and exposes an organisation to legal liability

Identity Theft - School reunions, political surveys

Unsolicited e-mail sent to redirect recipients to fraudulent logon sites to capture personal detail

Business OpportunitiesBulk E-mailChain LettersWork from Home Schemes Health & DietEffortless IncomeFree GoodsInvest OpportunitiesGuaranteed LoansCredit RepairVacation Prizes


Health Care

25.80%

Finance-related20.80%

Direct products18.20%

Pornography

15.20%

Gambling 7.20%

Scams4% Spam-

related1.20%

Others7.60%

- 600-700% increase from 2001 to 2002 (MAPS)- Spam at an average enterprise exceeds 50% (Gartner)- Spam cost businesses $10 + B in 2003 (Ferris Research)- 62% of U.S. employees say pornographic spam can contribute to a hostile workplace (InsightExpress)


Technical measures

1. 1st Generation Anti-Spam measures

2. 2nd Generation Anti-Spam measures

3. Client Solutions

4. Outsourced Anti-Spam measures

5. Best Practices for Anti-Spam deployments



Introduction

1. RBL - Real-time Black Hole List- List of spamming domains/IP addresses/unsecured message relays

2. White List- List approved domains/IP addresses

3. False Positive- A legitimate mail incorrectly blocked by an Anti-Spam filter

4. False Negative- A Spam that evades detection by Anti-Spam measures

What actually happens

Responses

No Yes

YesF+

False PositivesHits

Correct Hits

NoTrue

Legitimate EmailMiss

Spam that is not tagged as spam

1st Generation Anti-Spam

- Real-time Black-Hole Lists- Relay control- Recipient filtering- Keyword filters2nd Generation Anti-Spam Solutions

- Signature based approach similar to Anti-Virus- Vendors used honeypots to attract spam- Content neutral techniques are used to classify spam- Brightmail, Sybari Advanced Spam Defence, NetIQ, MailMarshal

Limitations

- Spammers changing tactics (every 90 days)- Free email services abused by spammers- Keyword filters must be updated/customised

Examples

- Microsoft Outlook 2003 Junk Mail - McAfee Spam Killer- Low cost

Drawbacks

- Spam consumes bandwidth/storage- Enterprise wide policies cannot be enforced- Users have to manage Spam

Client-Based Solutions


Outsourced Anti-Spam Solutions

- Messagelabs, FrontBridge Technologies, Postini- Outsourced Anti-Spam Solutions can be rapidly deployed- Messages are filtered and passed through to the organisation- Flexible subscriptions – can pay per message/per mailbox

Drawbacks

- Lack of control- Can be expensive


Best Practices for Anti-Spam Deployments

- Put together an Anti-Spam team (Messaging/Security/HR Functions)- Build a test lab- Deploy a combination of 1st / 2nd generation measures on your gateway servers - Prevents bandwidth/storage consumption- Secure your messaging infrastructure from Spammers

Minimise False Positives!

Biggest risk to your deployment - More than 1% is unacceptable

You can minimise the risk by:

- Deploying 2nd generation Anti-Spam solutions- Use White lists (internal mail domains and partner organisations)- Test the solution in the Anti-Spam lab with live traffic- Initial phase – scan in passive mode only (Quarantine)- Deploy filters with low sensitivity for the pilot – (no blocking)- Refine and customise filters during production (use tagging)- Work with the vendor if the false positive incident rate is unacceptable

Legislation



Directive on Privacy and Electronic Communications (2002/58/EC) Article 13

- Adoption in July 2002- Workshop and issue paper on Spam 16th October 2003- Transposition deadline: 31st October 2003- OECD Workshop on Spam, 2-3 February 2004- Report in 2006 with particular emphasis on unsolicited communications

CAN-SPAM Act of 2003

Spam labelled as commercialOpt-out mechanismNo deceptive subject line or header


Conclusions

Spam will be resolved if:

Industry Initiative Combination of measures works best

Consumer EducationResources for Consumer to protect themselvesTrain user to treat their e-mail address as a corporate asset

Policy and Enforcement Strong civil and criminal penalties for: - Fraudulent e-mails (subject, header, from line) - Harvesting (e.g. dictionary attacks) - Scripted account creation - Address all 'bad actors', not just sender

International Co-operation

Evangelos Moustakas (BA, MSc, MPhil)PhD Researcher-Scholar of Middlesex UniversityScholar of the Greek Unit of European Programs (I.K.Y.) 2000 -2004

URL: http://www.academy.gr/vmoustakasE-mail: [email protected]

Q & A

Kill Spam Volume IV The integrated scenario Evangelos Moustakas (BA, MSc, MPhil)

Documents

Transcript of Kill Spam Volume IV The integrated scenario Evangelos Moustakas (BA, MSc, MPhil)