1 / 13

The SPAM Problem

The SPAM Problem. By Steven McIntosh CS526 December 10, 2003. Outline. What is spam? SPAM War How does it work? Tracking spam Why is it a problem? Solutions Client-Side Server-Side Redesigning the SMTP Protocol Conclusion. What is spam?. UCE – Unsolicited Commercial E-mail

catrin
Download Presentation

The SPAM Problem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The SPAM Problem By Steven McIntosh CS526 December 10, 2003

  2. Outline • What is spam? • SPAM War • How does it work? • Tracking spam • Why is it a problem? • Solutions • Client-Side • Server-Side • Redesigning the SMTP Protocol • Conclusion

  3. What is spam? • UCE – Unsolicited Commercial E-mail • UBE – Unsolicited Bulk E-mail • UCBE – Unsolicited Commercial Bulk E-mail • UEMS – Unsolicited Electronic Mail Solicitations • Fraudulent, Objectionable, or Deceptive…

  4. Spammers Send out bulk e-mails from home ISP Spammer gets multiple ISP accounts and continues to send spam Spammers use stray and random characters to bypass filters Spammers use stealth software to spoof e-mail headers making spam harder to trace Spammers start to use expensive bullet-proof servers overseas to keep their websites up and running. Spammers use open-relay servers to route spam around IP range blocks Spammers begin utilizing open proxies to distribute spam Recipients Easily tracked ISP closes spammers account E-mail providers start to use filters to block spam E-mail users continue to track spam and shut down spammers ISP accounts Recipients have a harder time tracking spam e-mails so they have companion websites closed instead Anti-spam groups have entire IP ranges blocked to stop spam and access to bullet-proof websites Anti-spam groups and government agencies strive to shut down open-relay servers around the globe. SPAM War

  5. How does it work? • SMTP E-mail Protocol • HELO Handshake via port 25 • Message Header RECEIVED Line • Date time stamp • IP of server message was received from • IP of current server • Reverse DNS lookup

  6. Received: from gomer.wiscnet.net (dial.wiscnet.net [144.92.88.11])by betty.globecomm.net (8.8.7/8.8.0) with SMTP id BAA19150; Sun, 21 Sep 1997 01:09:59 -0400 (EDT) Received: from pugsly-s-comput (max1-800-25.earthlink.net [206.149.205.26])by gomer.wiscnet.net (8.6.9W/) with SMTP id XAA110348;Sat, 20 Sep 1997 23:48:11 -0500 Received: from here.com (her-us48c1.here.com [111.111.111.111])by mail.wiscnet.net (8.9.9/8.8.8/Mx-mnd) with ESMTP id BAA22322;Sat, 20 Sep 1997 23:24:40 -0400 (EST) Received: from email5.com (ema-us49d4.email5.com [000.000.000.000])by here.com (0.0.0/0.0.0/mx-mnd) with SMTP id GAA11111;for ; Sat, 20 Sep 1997 23:24:40 -0400 (EST) Return-Path: <steven_mc@hotmail.com> Received: from hotmail.com ([65.54.247.20]) by mta6.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031208161402.TMND12171.mta6.adelphia.net@hotmail.com> for <twistedcj@adelphia.net>; Mon, 8 Dec 2003 11:14:02 -0500 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 8 Dec 2003 08:13:48 -0800 Received: from 24.55.121.231 by by2fd.bay2.hotmail.msn.com with HTTP; Mon, 08 Dec 2003 16:13:47 GMT X-Originating-IP: [24.55.121.231] X-Originating-Email: [steven_mc@hotmail.com] X-Sender: steven_mc@hotmail.com From: "Steven McIntosh" <steven_mc@hotmail.com> To: twistedcj@adelphia.net Bcc: Subject: FW: If You Work For Someone Else Date: Mon, 08 Dec 2003 16:13:47 +0000 Mime-Version: 1.0 Content-Type: text/html Message-ID: <BAY2-F20Fnq8Ui7rzCQ0001572e@hotmail.com> X-OriginalArrivalTime: 08 Dec 2003 16:13:48.0124 (UTC) FILETIME=[42E831C0:01C3BDA6] SPAM Relaying The Bad The Good

  7. Return-Path: <chow@sunshine.uccs.edu> Received: from [128.198.168.202] (HELO sunshine.uccs.edu) by uccs.edu (CommuniGate Pro SMTP 4.1) with ESMTP id 10424631; Tue, 09 Dec 2003 12:02:43 -0700 Received: from h24-84-144-173.vs.shawcable.net (h24-84-144-173.vs.shawcable.net [24.84.144.173]) by sunshine.uccs.edu (8.12.8/8.12.8) with SMTP id hB9Iu36A008424; Tue, 9 Dec 2003 11:56:04 -0700 Received: from [92.207.149.26] by h24-84-144-173.vs.shawcable.net with SMTP; Tue, 09 Dec 2003 18:47:58 +0000 Message-ID: <svo522w$-3s--$$19--xwk$t1tv8@5tef.280.lc> From: "Darwin Blair" <kpxbmp6ky@yahoo.com> Reply-To: "Darwin Blair" <kpxbmp6ky@yahoo.com> To: cs522@cs.uccs.edu Subject: Fw: Suspended Account Date: Tue, 09 Dec 03 18:47:58 GMT X-Mailer: The Bat! (v1.52f) Business MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="AA.B264BB_C6" X-Priority: 3 X-MSMail-Priority: Normal Start at bottom Shawcable.net received message from 92.207.149.26 @ 6:47:58pm Greenwich mean time. Next server Sunshine.uccs.edu received message from 24.84.144.173 at 7:56:04 Greenwich mean time. Finally message was relayed from sunshine.uccs.edu to uccs.edu 6 minutes later. 92.207.149.26 was the source of the spam. Case Study

  8. Search results for: 92.207.149.26 OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 85.0.0.0 - 95.255.255.255 CIDR: 85.0.0.0/8, 86.0.0.0/7, 88.0.0.0/5 NetName: RESERVED-11 NetHandle: NET-85-0-0-0-1 Parent: NetType: IANA Reserved Comment: RegDate: Updated: 2003-11-17 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: abuse@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: abuse@iana.org # ARIN WHOIS database, last updated 2003-12-09 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. American Registry for Internet Numbers (ARIN)

  9. Search results for: 157.130.176.33 OrgName: UUNET Technologies, Inc. OrgID: UU Address: 22001 Loudoun County Parkway City: Ashburn StateProv: VA PostalCode: 20147 Country: US NetRange: 157.130.0.0 - 157.130.255.255 CIDR: 157.130.0.0/16 NetName: UUNETCUSTB40 NetHandle: NET-157-130-0-0-1 Parent: NET-157-0-0-0-0 NetType: Direct Allocation NameServer: AUTH02.NS.UU.NET NameServer: AUTH51.NS.UU.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1992-01-13 Updated: 2001-09-26 TechHandle: OA12-ARIN TechName: UUnet Technologies, Inc., Technologies TechPhone: +1-800-900-0241 TechEmail: help4u@mci.com OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: abuse-mail@mci.com OrgNOCHandle: OA12-ARIN OrgNOCName: UUnet Technologies, Inc., Technologies OrgNOCPhone: +1-800-900-0241 OrgNOCEmail: help4u@mci.com OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: swipper@uu.net # ARIN WHOIS database, last updated 2003-12-09 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. American Registry for Internet Numbers (ARIN)

  10. Why is spam a Problem? • Bandwidth • Free advertising • Spam will cost companies $20.5 billion in 2003 • $198 billion in 2007 • May more spam than legit • 140 billion pieces of spam in 2001 • 261 billion pieces in 2002 • AOL blocks 2.3 billion spam e-mails every day. • BellSouth says spam will soon add $3 to $5 to each customer’s monthly bill.

  11. Solutions • Rule Based Exclusions • Blacklists • Whitelists • Habeas Haiku • User Community • Challenge-Response • Proprietary Algorithms • False Positives • Redesigning the SMTP Protocol

  12. Conclusion Questions?

  13. References • http://www.nwfusion.com/topics/spam.html • http://digital.net/~gandalf/spamfaq.html • http://www.spamhaus.org/index.lasso • http://www.spamanti.net/ • http://spam.abuse.net/ • http://www.irtf.org/charters/asrg.html • http://www.webopedia.com/TERM/s/spam.html • http://email.about.com/ • http://computer.howstuffworks.com/email.htm • http://computer.howstuffworks.com/spam.htm • http://www.msnbc.com/news/945559.asp • http://www.usatoday.com/tech/news/techinnovations/2003-12-05-yahoo-spam-switch_x.htm

More Related