1 / 25

Fighting Spam

Fighting Spam. Randy Appleton Northern Michigan University rappleto@nmu.edu. What is Spam. Probably, it’s “unsolicited and unwanted commercial email sent in bulk”. Sometimes It’s Not Spam. You did sign up for it. You accidentally signed up for it. You still don’t want it.

alva
Download Presentation

Fighting Spam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fighting Spam Randy Appleton Northern Michigan University rappleto@nmu.edu

  2. What is Spam • Probably, it’s “unsolicited and unwanted commercial email sent in bulk”.

  3. Sometimes It’s Not Spam • You did sign up for it. • You accidentally signed up for it. • You still don’t want it.

  4. How Is It Delivered? • Anyone can fake email. • 80% of all spam came from bot-nets • We helped  • Open relays are mostly gone. • You can hire this done for you (see Google).

  5. How Much Spam Is There? • In absolute numbers • 1978 - An e-mail spam is sent to 600 addresses. • 1994 - First large-scale spam sent to 6000 bulletin boards, reaching millions of people. • 2005 - (June) 30 billion per day • 2006 - (June) 55 billion per day

  6. How Much Spam Is There #2 • As a percentage of the total volume of e-mail • MAAWG estimates that 80-85% of incoming mail is "abusive email", as of the last quarter of 2005. The sample size for the MAAWG's study was over 100 million mailboxes. • More is coming!!!

  7. Why They Spam • Money • Political causes. • Money • It’s fun • Money • Money

  8. Sell You Something • It’s just mass electronic marketing • They give you a web site, you click over and buy the product. • Email might even be targeted.  • weight loss.html

  9. Does Selling By Email Work? • Kodak settled a CAN SPAM suit with the FTC. Their Ofoto unit sent two million commercial messages that didn't comply with the CAN SPAM act. They didn't include a notice that it was an ad, opt-out info, and Kodak's postal address. They paid the FTC $26,000, the revenue they got.

  10. Pure Fraud “There is a sucker born every minute.” • Send email to lots of people. • Wait for sucker to respond. • Convince them to give you money. • Nigerian bank fraud

  11. Identity Theft • Send an email message. • Direct them with a bad URL. • Capture their info. • Reject login and send them to the right site. • Microsoft says to manually check every link.

  12. Identity Theft #2 • An Example • Who Did It.

  13. Stock Manipulation • Pick a small cap stock • Buy some. • Send spam telling people about the stock. • Sell when price rises. • stock-spam.txt • spam-stock.jpg • New York Times

  14. Yes, Spam Works • 5% response rate from sexual material. • 0.02% response rate for drugs. • 0.0075% response rate for Rolex Watches.

  15. Avoiding Spam • Don’t let them get your email address. • Don’t use AOL, etc. • Don’t put address on web page. • Don’t use mailing lists. • Throw away email addresses. • Mailinator, spamgourmet, sneakermail • Annoying …. but possible.

  16. List Removal • For a reputable company, you can always click “remove me from the list”. • A disreputable company will merely take that to be confirmation you’re reading the email. • It’s a calculated gamble.

  17. Auto Detecting Spam • Blacklist • Whitelist • Bayesian Analysis • Other Analysis • These are all things your email server does for you.

  18. Blacklist • A list of web sites from which you don’t take mail. • Automatically interfaced to your email server. • Spamhaus Block List • Zelots • Many choices.

  19. Defeating Blacklists • The spammers can switch ISPs. • The spammers can use a botnet.

  20. Whitelist • There is no global whitelist; you make your own. • Your own contact group is a good start. • Add your institution. • Add people to whom you have sent mail. • Semiautomatic at best. 

  21. Bayesian Analysis • Make two piles of mail: spam and ham. • Find words or phrases that can be used to identify mail. • Check all incoming mail for those phrases. • Normally you get a starter database that can be customized.

  22. Example Bayesian Analysis • My friends don’t email me about Viagra. • They do email me about Linux. • The phrase “stupid freshmen” appears in email to me. • The phrase “hot freshman” does not. • Result is a score.

  23. Fighting Back • Don’t. • The nasty email goes to an innocent. • Or it confirms you exist. • Or it bounces back to you.

  24. Using • Gmail filters. • Gmail allows pop downloads. • You can even forward the mail to Gmail to keep your old account name.

  25. Summary

More Related