1 / 15

Spam Email

Spam Email. Roger Thornburn. What is Spam. Needs to meet 2 requirements Unsolicited Bulk Name comes from a Monty Python skit Monty Python's spam video Mostly commercial 25% - Products 20% - Financial 19% - Adult 9% - Scams 7% - Health 7% - Internet Not Spam: Jokes from friends

orpah
Download Presentation

Spam Email

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spam Email Roger Thornburn

  2. What is Spam • Needs to meet 2 requirements • Unsolicited • Bulk • Name comes from a Monty Python skit • Monty Python's spam video • Mostly commercial 25% - Products 20% - Financial 19% - Adult 9% - Scams 7% - Health 7% - Internet • Not Spam: • Jokes from friends • Newsletters you signed up for

  3. A Few Statistics • Amount of Spam • 90 Billion spam emails a DAY (Feb 2007) • Average of 50 spam emails a day – per email address • 94% of all email is spam • Sources of Spam • US – 23% • China – 20% • Russia -10% • South Korea – 6% • Surprise! • 28% reply to spam email • 8% purchase from spam email

  4. Current Situation • IP addresses last 4 hours • June 2006 – 35M new domains, 32M not paid • Hi jacked mail servers – listed as spammers • Creates problem for legitimate users • Use of “Zombie” PC’s and the Botnet • Maybe 1 in 4 PC’s infected. • Image spam • Hard for a computer to read • Hi growth from 0 to 25% of spam • Getting your email address Dictionary attack Spam bots (websites) Infected computers Vendors/subscriptions

  5. Spam Safety tips • Encrypt your email address (not in a dictionary) • Use a fake email address where possible • Use bcc to send an email to many people • Don’t open spam and set Outlook Express to “Block images…..” Avoids confirming your email • Don’t reply to spam – again it confirms you’re real! • Don’t post your email address on a website. • Uncheck all those “subscribe” boxes • Unsubscribe from reputable companies only • Use a spam filter

  6. Spam Filtering Techniques • Rules based • Matches specific words in the To, From, Subject or Body of the email • Very specific – can only make an exact match • Bayes filter/Fuzzy logic • Uses a mathematical set of probabilities, gathered from being told what’s “spam” and what’s “ham” • Needs to “learn” and kept up to date • Black list • Blocks specific “From” addresses. • Not very effective today – new domain every 4 hours! • Good for blocking family/friends or newsletters

  7. Spam Filtering Techniques (cont.) • On-line Database (DNSBL) • Can work well - if accurate. Can easily stop legitimate emails as well. • Signature analysis for specific emails • White list • List of email addresses you will accept email from • Challenge/response systems • Needs to be kept up-to-date • Most effective method Important!: No spam filter is perfect. The worst thing is putting legitimate emails in your Spam/Junk/Bulk mail folder. It’s essential to check this folder so you can receive your good email, as well as train the filter.

  8. Reducing Spam in Real Life! • Different if using Web mail or POP mail • Web mail is when you use your internet browser (Internet Explorer or Firefox, etc) to read and send your email. • POP mail is when you use an email client (a program such as Outlook/Express, Thunderbird, Endura, etc.) to read and send your email. • With POP mail, the email messages are downloaded to your computer – can be read and new ones composed, without beeing connected to the internet. To read or compose messages in Web mail, you must be connected to the internet • Many email accounts can be accessed by either/both

  9. Web Mail • All your email stays on the Web mail server • You have little control • Large providers such as Yahoo, Google, Hotmail, etc. provide excellent spam filtering – using a combination of all the above techniques • Any legitimate emails in the spam/junk box, must be identified – now added to your white list • Yahoo has AddressGuard • Create a separate email address for each person or class of persons • Many of the smaller ISP’s/email providers, aren’t as sophisticated.

  10. POP 3 • Spam filter sits between the mail server and your email client • Many ISP’s or email servers have own spam filter • Yahoo (SBC, AT&T, Pacbell, etc.) use same as Web mail • Can be harder to check spam folder – may need to configure • Huge selection of programs – freeware to $$’shttp://spamlinks.net/filter-client-win.htm • Use different techniques – either singly or in combination. • Some are tightly integrated to the email client

  11. POP3/Outlook Express Examples • Outlook Express –Rules • Text matching – limited • Good for White list – can import address book • K-9 Freeware • Uses Bayesian technology – so must train • Plus has White list and Black list • Regex filters for advanced users • Easy interface – but not elegant • Computer Associates ($30) • White list • Integrated to Outlook/Express – easy to use

  12. More Examples • MailWasherPro ($30) • Freeware version available • Combination of Bayes, White list, Black list, DNSBL, User filters and Signature • Reviews email on the server • Spam is removed before download • Save time with dial up • Easy to use

  13. Phishing • Scams to trick users to reveal personal information • Normally an official looking email • Directed to a fraudulent website • 2004 2006 Losses from phishing attacks: $137 million $2.8 billion # US adults who received at least one phishing e-mail: 57 million 109 million Number of victims: 53 thousand 2.25 million Per-victim loss: $257 $1,244 Money recovered by consumers: 80% 54% • Don’t click a link in an email • Call your bank or credit card company if suspicious • Check the website is secure (https://xxxxx)

  14. Useful Links • http://en.wikipedia.org/wiki/Spam_e-mail Wikipedia Reference • http://spam.abuse.net/userhelp/ Links to resources and anti-spam filters • http://spamlinks.net/ More links to many anti spam resources • http://spamlinks.net/filter-client-win.htm (More spam filters) • http://spam-filter-review.toptenreviews.com/ Review of some spam filters • http://keir.net/k9.html Freeware Bayes filter (plus White and Black list) • http://shop.ca.com/STContent/landingpages/Antispam/ASPM001/index.aspx?sc_lang=en-US Computer Associates anti spam program (Or Google ca spam). Paid, easy to use White list – integrates to Outlook Express. • http://www.mailwasher.net/ Mail Washer free and paid anti-spam versions. Uses multiple methods for detection • http://www.spambutcher.com/ Spam Butcher – fuzzy logic anti-spam

  15. Summary • Web mail • Dependant on the ISP/Web mail provider • Larger providers often provide configurable options • Yahoo AddressGuard is a good solution • MUST go into JUNK/BULK/SPAM folder to mark good emails – regularly • POP3 mail • Most effective method is White list (or safe senders list) – but needed to be kept up-to-date. • Using built in Rules of Outlook Express works fine • Purchased product – often more convenient. Above all – Protect Your Email Address!!

More Related