250 likes | 432 Views
Latest Spam Filtering Techniques. Teresa Salamone E-mail and Web Designer Enterprise eBusiness November 18, 2009. Overview. What is spam Latest spam fighting techniques Popular spam filtering methods and programs Increasing deliverability.
E N D
Latest Spam Filtering Techniques Teresa Salamone E-mail and Web Designer Enterprise eBusiness November 18, 2009
Overview • What is spam • Latest spam fighting techniques • Popular spam filtering methods and programs • Increasing deliverability
The FTC defines spam as “unsolicited commercial e-mail” E-mail privacy laws and spam definitions in Europe and Asia are similar to those in the U.S. Often, legitimate e-mail is perceived as spam by recipients who do not remember signing up for it Recipients may also feel they are being spammed if they get too many e-mails from you, even if they signed up and know who you are What is Spam? Source: http://www.ftc.gov
Latest Facts About Spam • In October 2009, 88.1% of e-mails sent were classified as spam • More than just annoying, spam puts your computer and your information at risk • One in 296.6 e-mails contained malware • Malicious Web sites blocked per day were 3,510 Source: Message Labs Intelligence, http://www.messagelabs.com/
Old Spam filtering techniques Blacklisting/Whitelisting Content/Word-based Filters Heuristic Filters Bayesian Filters Challenge/Response System Collaborative Filters DNS Lookup Systems What’s wrong with these methods? Can have false positives, resulting in missed e-mails and time spent sorting through the spam folder Some can delay e-mail delivery Spammers and hackers know how to get around many of them (misspelling words, changing IP addresses, etc.) They can take awhile to “train” Some of are inconvenient Spam Filtering Techniques Source: Tech Soup, http://www.techsoup.org
Common Characteristics of Spam • As more and more spam is sent out, we can analyze and learn more about it, such as: • Spam usually comes from systems that only keep one e-mail port open, while legitimate e-mail comes from computers that have a lot of ports open for communication. • Spam tends to come from farther away geographically than normal e-mails. • Spammers have IP addresses numerically close to those of other spammers. Source: MIT Technology Review, http://www.technologyreview.com
New Spam Techniques: Digital Fingerprinting Digital Fingerprinting This is a very new technology Details on how this works are still being kept hush-hush, to keep spammers from cracking it Advantages: Resistant to mutations such as changes in text, URLs, images, or senders Detects spam in all languages and formats (PDF, etc.) Fingerprints are compared to a cache of known bad fingerprints, which is updated every 30-60 seconds
New Spam Techniques: Digital Fingerprinting Digital Fingerprinting is more of a way to keep companies from sending out spam. Someone at Thermo Fisher Scientific decides to bypass best practices and send out a mass e-mailing to people who have said they didn’t want to receive e-mails from us Even though they didn’t go through SubscriberMail, they used company e-mail and pointed it to the company Web site If they are reported, the whole company can suffer because we have the same digital information
New Spam Filtering Techniques: SNARE • SNARE – Spatio-temporal Network-level Automatic Reputation Engine • Developed at the Georgia Institute for Technology • Scores incoming e-mail based on a variety of criteria that can be gleaned from a single packet of data (such as geographic location, IP address, autonomous server numbers) • System is automated and puts less of a strain on the network than other methods • Requires less human intervention and works best when combined with another filter • Still in early stages – spammers will likely find new ways to get around this system as well Source: http://gtnoise.net/papers/snare-usenix09-slides.pdf
SpamAssassin • SpamAssassin is an open source project that serves as a filter to identify spam. • The project is continually being worked on and contributed to, which means it is always evolving. In addition, it can be customized to meet a user’s needs. • SpamAssassin uses multiple criteria for scoring messages. Each infraction on the list is assigned a specific points value. A full list of the criteria can be found at: • http://spamassassin.apache.org/tests_3_2_x.html
SpamCop • Filters e-mails to check for spam and viruses • All e-mails with viruses are automatically removed • Other e-mails are checked to see if they have come through a server that is associated with spam • Similar to SpamAssassin, with continual updates and spam reported by users • SpamCop’s main focus is on having people report spam, rather than offering a filtering service
IronMail • Used by Thermo Fisher Scientific • Thermo Fisher has more than 120 rules for blocking e-mail • Obvious words, such as obscene words and phrases • Terms and phrases found in phishing attempts • Words and phrases dealing with specific drugs, physical aids and wristwatches • No spam or virus checking is performed on outbound mail, only inbound • Thermo Fisher has special allowances for medical terms since they may be business related, but these terms could potentially be blocked by other companies’ spam-blocking software • 90% of e-mail coming into Thermo Fisher is blocked by IronMail
Like most e-mail clients, Outlook allows users to set their own junk mail preferences We have no control over how an individual user sets his or her preferences Outlook’s default is to have the junk mail filters on “Low” Low is considered the “most obvious” junk mail, but Microsoft does not give a definition for what it considers to be “obvious” According to Mike Yock, Supervisor of GIS Directory Service and Messaging for Thermo Fisher Scientific, employees should set their Outlook to “No Automatic Filtering” Microsoft Outlook
Keeping Your Emails from Ending Up in the Spam Folder • Not sure? Use the Spam Score feature in Subscriber Mail
Using SubscriberMail Tools to Assess Your Campaign • Deliverability • Suppressed by system filters • Bounce rates
Open soft bounces to see specific reasons why your e-mail was not delivered. SubscriberMail Tools
Correcting a Mistaken Spam Identification • If your e-mail is classified as spam, try sending your e-mail to the provider to be white listed.
IP Scores • “A company’s IP score can affect e-mail deliverability, but is not a major factor with most ISPs” - Client Deliverability & Support Specialist, SubscriberMail • Factors affecting IP scores: • How consistent a company is in the volume of e-mails it sends • How consistent a company is in e-mail frequency • How many spam complaints a company’s e-mail generates • Thermo Fisher Scientific Scores: September 2009 • news.coleparmer.com – 75: Improving mailing consistency for this domain could potentially increase its sender score • news.fishersci.com – 90: No changes necessary • news.fisherhealthcare.com: Not enough mailing to collect data • email.thermofisher.com – 80: No changes necessary • news.fisheredu.com – 75: Improving mailing consistency for this domain could potentially increase its sender score. Fewer user complaints could also contribute to a more optimal score • news.fishersafety.com – 50: Currently lack of volume is causing this sender score to fall
What We Do Have Control Over Be sure your message is relevant. Recipients who do not think the message is important to them are more likely to tag your e-mail as spam or to unsubscribe. Don’t use more images than text. Images are best used to accent your e-mail. Don’t use images for text, except where necessary. When you do use images, be sure to include “alt” tags so that people who have their images disabled in their e-mail programs can still know what you are sending. Example of an e-mail that has relied too heavily on images. Using today’s spam scoring methods, this e-mail would be much closer to your spam folder.
What We Do Have Control Over • Keep your list clean. If you send to an e-mail address that is not valid you will receive a hard bounce. • These are returned as unknown users. Mail sent to invalid addresses can get you put on an ISP’s blacklist. • Avoid red text. • Do not add attachments to e-mails. • It’s best to post them to the Web site and direct users to the document with a link. • Familiarize yourself with “spammy words.” • Words that would trigger a spam filter. • To find the most updated list, just type “spammy words” into your search engine.
Received through Thermo Fisher’s e-mail: Mostly text, alt tags provided for images Subject line could easily be legitimate Area for unsubscribes Physical address provided Made to look like a newsletter rather than an advertising message A Well-Executed Spam Message
In closing • Factors to consider and plan for: • List cleanliness, subject line, content • IP score – volume sent, frequency, spam reports • Outlook junk mail filters – internal settings • Thermo Fisher Scientific does not share IP addresses with any other companies • Spammers and world wide spam/privacy legislation means we have to be very diligent about to whom we send e-mails – affirmative consent only • Successful deliverability is ultimately a game of preventive maintenance • Testing, white listing, analytics
Contact Us • Teresa Salamoneteresa.salamone@thermofisher.com412-490-8720 • AJ Sedlakandrew.sedlak@thermofisher.com412-490-8437