1 / 22

Stopping Outbound Spam

Briefly address how similar analyses apply to paid services (AOL, MSN, Earthlink, ... Services typically include originating IP, but it does add one more step for tracing ...

Jimmy
Download Presentation

Stopping Outbound Spam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    Slide 1:Stopping Outbound Spam

    Joshua Goodman Microsoft Research Robert Rounthwaite MSN Safety Team

    Slide 2:Introduction

    Most people worry about Inbound spam – they don’t want to receive spam I’m going to talk about outbound spam Focus on outbound spam from free email services (Hotmail, Yahoo, Gmail) What should they do to stop the spam from coming out? Briefly address how similar analyses apply to paid services (AOL, MSN, Earthlink, …) Consumer/small business space

    Slide 3:Overview

    Why outbound spam is a problem Why obvious solutions don’t work Account signup-HIPs Economics of spam Low daily volume limits Charging per message works but is annoying Initial Charging (charge for first 2000 messages only) works almost as well but is less annoying Complaint rates are a key factor Raising complaint rates can be as effective as charging more. Raises spammer costs with minor impact on good senders

    Slide 4:Why Spammers Love Free Email Services

    Cannot be blacklisted Many anti-spam systems have blacklists of bad IP addresses Too much good mail comes from free email services for blacklists to be used (typically) Bandwidth multiplication Connect to service, send one message to 10 or 50 people (on different domains) Some anonymity Services typically include originating IP, but it does add one more step for tracing spammers Avoids blocks and monitoring from own ISP Some ISPs block port 25 or otherwise monitor outbound mail traffic

    Slide 5:Why Outbound Spam is a Problem

    Most people worry about the spam coming into their system If you run an Email Service Provider (ESP) (Hotmail, MSN, Earthlink, Yahoo, universities, Gmail…) you need to worry about spam going out as well People may block all email from your system if too much spam comes from it Some people block all mail from China and Korea because too much of it is spam. If you’ll block whole countries you will block individual ESPs If not blocking, may filter more aggressively Bad for your reputation People stop opening mail from AbusedESP.com if they don’t recognize sender Expensive to respond to complaints (Assuming you respond) Costs bandwidth, storage (for bounces, sent mail, and inbound spam) and other resources No revenue from these accounts

    Slide 6:Reputation Services

    Reputation services, like Bonded Sender, certify some senders (domains) as Good Senders agree not to send spam Recipient ISPs check reputation service, let all mail past spam filters Key part of many visions of anti-spam solutions Domains abused by spammers cannot sign up for these services (as senders) If a domain does sign up as a safe sender, incentive for spammers to abuse it is very large Must have very good protections in place

    Slide 7:First Solution (for free services) Overview

    Create account activation HIP User must solve HIP in order to sign up How much does it cost to get people to solve this? How much spam can they send? How much is spam worth

    Slide 8:How much does it cost to spam from a free service with an activation HIP?

    Paying people to solve HIPs is cheap About 2 cents/HIP domestic About .2 cents/HIP cheap foreign How much does this cost per message sent? Can keep spamming until account is shut down Multiple ways to shut down accounts, but most relevant is a complaint Can send very roughly 1000 messages before a complaint Cost/message = .002 to .0002

    Slide 9:How much is spam worth?

    Two strategies: figure out how much spammers charge, or figure out how much it costs spammers. Cost is more relevant to this discussion Costs Can try to estimate costs of sending spam, but hard to know. Many successful spammers use illegal or semi-legal techniques Spamming from an email service violates terms of service CAN-Spam act How much is the risk of jail or lawsuits worth? Even semi-legitimate spammers often get “pink letters” – side agreements for an extra charge, or maybe use bribery Must shift service providers, change spamming techniques, reverse-engineer filters, etc. on a regular basis. Charging: When market is stable, cost of spamming should be close to price Is the market stable yet? Widely varying estimates, hard to know Very roughly, spammers charge .01 cents/message

    Slide 10:First solution clearly doesn’t work

    Cost per message is about .002 to .0002 Revenue per message is about .01 Useful to know that this is the reason for failure There are other attacks on HIPs such as OCR software If you use this solution and it’s being broken, it’s useful to know that you don’t (just) have to improve your HIP

    Slide 11:Account activation + daily volume limits

    Seems like reducing amount of spam that can be sent per day should increase spammer costs L (2): lag – days from sending spam to account termination D (100): number of messages/day P (1/1000): probability of complaint per message If D is small compared to 1/p, then

    Slide 12:Account activation + daily volume limits

    L (2): lag – days from sending spam to account termination D (100): number of messages/day P (1/1000): prob. of complaint/message Example: L=2,D=100,P=1/1000 LD+1/p=1200 Example: L=2,D=1,P=1/1000 LD+1/p=1001 Very little reduction in messages sent

    Slide 13:Solution: Pay $ to recipient for every message (Gates, ’96, Loder et. al ’04, etc.)

    Many proposals where sender pays for every message, or pays per complaint, or pays if recipient does not like content MUCH harder than it sounds Micropayment overhead costs To avoid spammers abusing system, must “put a hold” on account for each message, even if money eventually refunded Who gets the money Recipient? ISP? What prevents spammers from creating fake recipients or even fake ISPs who attract mail and take money? Has been done with international phone calls Is there one bank controlling everything? Making a profit? Are there multiple banks and if so, how do recipients know which banks to trust? Not insoluble, but MANY practical and social issues

    Slide 14:Next obvious solution: Charge (HIP or money, etc.) every n messages

    How much do you need to charge? Want to make it more expensive than profit, so aim for about .01/message Must charge 1 HIP every 20-200 messages Multiple recipients counts as multiple messages This is really annoying

    Slide 15:Good solution: Initial Charging

    Charge every n messages but only up to k charges at most Annoying at first, but users eventually stop being charged Much less annoying in the long run, but can set parameters to be equally effective If someone complains, user may have to start over again

    Slide 16:Initial charging math

    C(2): charge per n messages n(100): # messages per charge k(20): maximum # of times charging D(100): # of messages that can be sent per day L(2): lag time from sending until termination p(1/1000): probability of complaint q=1-(1-p)D(.095): prob of complaint on a given day As 1+nk/D-L gets large, second term approaches 0 Moderate values of k (max charges) lead to almost same cost as charge/message forever (C/n)

    Slide 17:Spammer attacks

    Spammer sends 2000 messages to himself No complaints Solves 20 HIPs Now he can keep spamming for free until his account is shutdown Can prove that this strategy is at least as costly as the “always spam as fast as you can” strategy. Nice proof that for any strategy where you do not spam at time t (send good or nothing) there is a strategy that is at least as good where you do spam at time t Proof by induction that you should always spam right away

    Slide 18:Improving this solution: Add heuristics

    Don’t have to charge everyone the same In some cases, you should charge more If a spam filter says that mail is spam, you should charge more In some cases, you can charge less Example: no image, no HTML, no links, no phone numbers, not detected as containing suspect words or odd obfuscations (e.g. misspellings or unknown words) by a spam filter Might still be possible but response rate will be lower, so value is lower, so we can charge less Other heuristics, but don’t like to talk about them

    Slide 19:Paid users

    So far, everything has been about free users (e.g. Hotmail, Yahoo, Gmail…) What about paid users (e.g. MSN, AOL, Verizon, Earthlink…) or Yahoo/Hotmail premium Can count their money as payment More complex analysis – don’t want to have to charge all over again if they get a single complaint Can allow about 8000 messages/day/$20 Daily limit increases as more money received (monthly) Daily limit reduced by 400/complaint

    Slide 20:Complaint Rates

    Complaint rates are a critical factor in the math for every solution If people complain twice as fast, effective cost to spammers is almost twice as much Raising cost/message annoys legitimate users Raising complaint rate may have no effect on legitimate users Working on standards for complaint-reporting Idea: get a button in every email client that sends complaint in standardized form to sender’s ISP

    Slide 21:Conclusion

    Inbound spam gets lots of attention, but outbound spam must be solved too. Non-solutions: Account sign-up HIP Very low daily volume limits. OK solution: charge (HIP or money, etc.) for every n messages Better solution: Initial charging Can be just about as effective as charge/message forever, but less annoying for legitimate senders Cost and complaint rates are both critical factors

    Slide 22:Porn for HIPs

    This has been done in real life, but not clear how common it is I’ve never been able to find an example, but people I trust say they have seen it in the past We’ve seen HIPs used to protect porn sites, but not forwarded HIPs May have lead to confusion especially in reports in popular press There are costs to this approach Must attract people to your website (advertising costs) Must acquite content that is not available elsewhere for free. Must serve-up content (may be expensive if content is, e.g. long videos) Is all this less than .2 cents/HIP (foreign labor HIP cost)? If getting a visitor costs 5 cents, you must get each visitor to solve at least 25 HIPs either now or on return visits

More Related