Date post: | 12-Jan-2016 |
Category: |
Documents |
Upload: | emory-johnston |
View: | 214 times |
Download: | 0 times |
Kill Spam Volume IVThe integrated scenario
Evangelos Moustakas (BA, MSc, MPhil)
Unsolicited Commercial Communication (Spam)
The Agenda
• What is Spam?
• Defining the Problem
• Technical measures
• Legislation
• Conclusions
• Q & A
Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University
What is Spam?
No Universal Definition
Unsolicited Commercial Email
Unsolicited Bulk Commercial Email
Unsolicited Bulk Commercial Email often Offensive
Unwanted Email
Unwanted Communications
A delicious processed meat product
Unsolicited Commercial Communication (Spam)
Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University
Like the song, spam is an endless repetition of worthless text
Defining the Problem
Unsolicited Commercial Communication (Spam)
Spam contributes to increased costs and exposes an organisation to legal liability
Identity Theft - School reunions, political surveys
Unsolicited e-mail sent to redirect recipients to fraudulent logon sites to capture personal detail
Business OpportunitiesBulk E-mailChain LettersWork from Home Schemes Health & DietEffortless IncomeFree GoodsInvest OpportunitiesGuaranteed LoansCredit RepairVacation Prizes
Unsolicited Commercial Communication (Spam)
Health Care
25.80%
Finance-related20.80%
Direct products18.20%
Pornography
15.20%
Gambling 7.20%
Scams4% Spam-
related1.20%
Others7.60%
- 600-700% increase from 2001 to 2002 (MAPS)- Spam at an average enterprise exceeds 50% (Gartner)- Spam cost businesses $10 + B in 2003 (Ferris Research)- 62% of U.S. employees say pornographic spam can contribute to a hostile workplace (InsightExpress)
Unsolicited Commercial Communication (Spam)
Technical measures
1. 1st Generation Anti-Spam measures
2. 2nd Generation Anti-Spam measures
3. Client Solutions
4. Outsourced Anti-Spam measures
5. Best Practices for Anti-Spam deployments
Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University
Unsolicited Commercial Communication (Spam)
Introduction
1. RBL - Real-time Black Hole List- List of spamming domains/IP addresses/unsecured message relays
2. White List- List approved domains/IP addresses
3. False Positive- A legitimate mail incorrectly blocked by an Anti-Spam filter
4. False Negative- A Spam that evades detection by Anti-Spam measures
What actually happens
Responses
No Yes
YesF+
False PositivesHits
Correct Hits
NoTrue
Legitimate EmailMiss
Spam that is not tagged as spam
1st Generation Anti-Spam
- Real-time Black-Hole Lists- Relay control- Recipient filtering- Keyword filters2nd Generation Anti-Spam Solutions
- Signature based approach similar to Anti-Virus- Vendors used honeypots to attract spam- Content neutral techniques are used to classify spam- Brightmail, Sybari Advanced Spam Defence, NetIQ, MailMarshal
Limitations
- Spammers changing tactics (every 90 days)- Free email services abused by spammers- Keyword filters must be updated/customised
Examples
- Microsoft Outlook 2003 Junk Mail - McAfee Spam Killer- Low cost
Drawbacks
- Spam consumes bandwidth/storage- Enterprise wide policies cannot be enforced- Users have to manage Spam
Client-Based Solutions
Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University
Outsourced Anti-Spam Solutions
- Messagelabs, FrontBridge Technologies, Postini- Outsourced Anti-Spam Solutions can be rapidly deployed- Messages are filtered and passed through to the organisation- Flexible subscriptions – can pay per message/per mailbox
Drawbacks
- Lack of control- Can be expensive
Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University
Best Practices for Anti-Spam Deployments
- Put together an Anti-Spam team (Messaging/Security/HR Functions)- Build a test lab- Deploy a combination of 1st / 2nd generation measures on your gateway servers - Prevents bandwidth/storage consumption- Secure your messaging infrastructure from Spammers
Minimise False Positives!
Biggest risk to your deployment - More than 1% is unacceptable
You can minimise the risk by:
- Deploying 2nd generation Anti-Spam solutions- Use White lists (internal mail domains and partner organisations)- Test the solution in the Anti-Spam lab with live traffic- Initial phase – scan in passive mode only (Quarantine)- Deploy filters with low sensitivity for the pilot – (no blocking)- Refine and customise filters during production (use tagging)- Work with the vendor if the false positive incident rate is unacceptable
Legislation
Unsolicited Commercial Communication (Spam)
Copyright 2004 Evangelos Moustakas PhD Researcher Middlesex University
Directive on Privacy and Electronic Communications (2002/58/EC) Article 13
- Adoption in July 2002- Workshop and issue paper on Spam 16th October 2003- Transposition deadline: 31st October 2003- OECD Workshop on Spam, 2-3 February 2004- Report in 2006 with particular emphasis on unsolicited communications
CAN-SPAM Act of 2003
Spam labelled as commercialOpt-out mechanismNo deceptive subject line or header
Unsolicited Commercial Communication (Spam)
Conclusions
Spam will be resolved if:
Industry Initiative Combination of measures works best
Consumer EducationResources for Consumer to protect themselvesTrain user to treat their e-mail address as a corporate asset
Policy and Enforcement Strong civil and criminal penalties for: - Fraudulent e-mails (subject, header, from line) - Harvesting (e.g. dictionary attacks) - Scripted account creation - Address all 'bad actors', not just sender
International Co-operation
Evangelos Moustakas (BA, MSc, MPhil)PhD Researcher-Scholar of Middlesex UniversityScholar of the Greek Unit of European Programs (I.K.Y.) 2000 -2004
URL: http://www.academy.gr/vmoustakasE-mail: [email protected]
Q & A