210 likes | 683 Views
Mail Filtering Update in WiscMail – Report on Current Status and Future Plans ITC Briefing Friday January 16 th , 2004 WiscMail Quick Summary WiscMail Currently Serves 67,500 Users WiscMail has 1.8 TB of Storage Allocated Over 6,000 Viruses Daily Over 400,000 Pieces of SPAM Daily
E N D
Mail Filtering Update in WiscMail – Report on Current Status and Future Plans ITC Briefing Friday January 16th, 2004
WiscMail Quick Summary • WiscMail Currently Serves 67,500 Users • WiscMail has 1.8 TB of Storage Allocated • Over 6,000 Viruses Daily • Over 400,000 Pieces of SPAM Daily • SPAM Filtering Introduced, July, 2003
The Goals & Requirements of the Filtering Project Have Been Met • Reduce SPAM by 80% or More • Anecdotal user evidence as well as vendor evidence show over 90% accuracy • Comply with legal mandates that prevent system wide SPAM filtering – filters must be applied using an individual Opt-In basis • All users can opt-in to have their mail filtered. • Other users’ mail is not interfered with
The Goals & Requirements of the Filtering Project Have Been Met • Provide an option to select levels of filtering • The provided user interface allows 7 levels of sensitivity • System must perform well and be scalable as message volumes increase • The spam scanners add less than 1 second delay to message delivery • Provide a Web Interface to system • A custom interface has been built to allow users to filter their mail
The Goals & Requirements of the Filtering Project Have Been Met • Compatible with WiscMail SunOne message system • Filters are based on the Sieve mail filtering language, which is a feature of SunOne • Vendor supported system • The Spam scanners are running PureMessage, a product of Sophos
How WiscMail Anti-Spam Works • Scan the messages • All potentially unsafe messages are scanned • Messages are marked with a spam “score” and then delivered as intended
How WiscMail Anti-Spam Works • Filter the messages • Users can choose (opt-in) and Control • Whether or not to filter spam messages • What threshold (based on spam score) to filter spam • To use their local email client to filter spam instead of the provide server filters. (e.g. POP users)
Front Line Filters • Site-wide filters can be created to block specific messages from entering the system • Hundreds of thousands of SoBig messages stopped using this method. • Commonly used in stopping large virus outbreaks. • Saves load on spam and virus scanners.
User Filters • Users can configure their own filters • Filters are executed by the server, not the local email client • Over 13,000 users participating • Filter SPAM into “Junk Mail” folder
User Filters • Users can configure their own filters • Create filters to bypass the spam filter • White List – mail from senders always stay in Inbox • Black List – mail from senders always go to Junk Mail • Mailing Lists – mail to list addresses always stay in Inbox • Custom Filters • Create custom criteria for filtering messages into specific folders
WiscMail Message Flow Anti-Spam Message Store Internet MTA Junk Mail Anti- Virus Filters INBOX Any Folder UW
The War on Spam • The Good • Anti-Spam companies are out-spending and out-smarting spammers • New spamming techniques provide only short term gains for the spammers before the anti-spam companies thwart them • Legislation may help prevent US based spam
The War on Spam • The Bad • Spammers learn how to get past filters • Requires constant monitoring and research by vendors • Legislation has no effect on foreign spam • A Do-Not-Spam List may be exploited by these spammers • Spam volumes are increasing • Now around 50% of total mail volumes
The War on Spam • The Ugly • The SMTP protocol is inadequate • It allows spammers to lie • Spammers are teaming up with virus writers • Virus-infected computers DoS attack Anti-Spam services (RBLs) • Virus-infected computers send spam • SoBig is an example of this
Problems we are having • User Participation and Knowledge • Advertisements have only enticed 13,000 users to participate in the filtering service • We do not know who is using the service with client filters (e.g. POP users) • Some users do not understand that they have to opt-in • Many users do not understand that SPAM detection is not an exact science
Future Plans for the Anti-Spam Project • Further integrate anti-spam and anti-virus • Increase performance by combining virus and spam detection into a single operation • Develop a process to automatically tag viruses as spam • Possible use of quarantining • Keep spam on spam servers instead of Junk Mail folder • Users can choose what to do with the messages that are quarantined