1 / 24

Methods for Stopping Spam

James Lick jlick@drivel.com. Methods for Stopping Spam. AOL blocks 780,000,000 spams each day (Feb 2003) I am sent ~900 spams each day (Jan 2003). The Problem. Methods for Stopping Spam. Security Policy Enforcement Blocking Filtering Avoidance. No method will block all spam

paige
Download Presentation

Methods for Stopping Spam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. James Lick jlick@drivel.com Methods for Stopping Spam

  2. AOL blocks 780,000,000 spams each day (Feb 2003) I am sent ~900 spams each day (Jan 2003) The Problem

  3. Methods for Stopping Spam • Security • Policy Enforcement • Blocking • Filtering • Avoidance

  4. No method will block all spam Every method will sometimes block real mail Spammers always get more aggressive These tools are just a sample Combining tactics works best Blocking/Filtering hides extent of problem Disclaimer

  5. Security • Make sure you aren't part of the problem • Check infrastructure and customers: • Open relays • Open proxies • Use of latest security patches • A lot of spam is sent through security holes • Notify authorities for extreme cases

  6. Policy Enforcement • Have a reasonable AUP • Have users agree to it (legal contract) • Enforce it! • This is a contract, lack of spam law is no excuse • Don't give second chances too easily • Respond to complaints

  7. Policy Enforcement (cont) • If you get a reputation of soft on spam: • You will get more spamming customers! • Your mail will be blocked more and more • You lose customers • You go out of business • The earlier you address problems, the easier it is to solve • Policy enforcement is an ongoing responsibility

  8. Blocking • Bad sender address • Spam Source lists • Open Relay lists • Open Proxy lists • Dialup/Dynamic IP lists • Other • Local blocks

  9. Bad sender • Most spam is sent with forged sender • Look up sender domain • Reject message if it doesn't exist • Defer message if lookup fails • Supported by most mail servers • Default in modern sendmail • You can also check sending hostname, but this is not reliable as spam sign

  10. Spam Source lists • Lists IP addresses which belong to spammers • MAPS RBL (www.mail-abuse.org) • Spamhaus BL (www.spamhaus.org) • Sometimes widens block to whole networks, but usually in extreme cases

  11. Open Relay lists • Blocks mail from old servers which allow anyone to send mail through them • MAPS RSS (www.mail-abuse.org) • ORDB (www.ordb.org) • Can block real mail from insecure sites • Sometimes listings are based on old information

  12. Open Proxy lists • Blocks mail from insecure open proxies • OPM (www.blitzed.org/opm/) • Usually doesn't block any real mail • Most lists incomplete – finding open proxies is hard

  13. Dialup/Dynamic IP lists • Blocks direct mail from dialups and dynamic IP addresses • Be sure to whitelist your own customers! • Dynamic clients should use ISP mail server to send mail • SMTP MSP can be used to send mail remotely safely • Usually does not block real mail

  14. Dialup/Dynamic IP lists (cont) • MAPS DUL (www.mail-abuse.org) • PDL (www.pan-am.ca/pdl/) • Dynablock (basic.wirehub.nl/dynablocker.html)

  15. Other • As spammers get more aggressive, anti-spammers get more aggressive in blocking • Blocking is often done by: • Any IP sending any spam ever • Countries/regions perceived as soft on spam • Networks perceived as soft on spam • Faulty methods of identifying spam • Other forms of 'spite' listings

  16. Other (cont) • Most of these methods are not used widely • As spam problem gets worse, these methods may become more widespread. • Before using a blocking service • Make sure their policies match your expectation • Make sure it is reputable • Test it out first

  17. Local blocks • Setup your own local blocks (access_db, local dnsbl) • Requires diligence and upkeep • Do it only if you can devote resources to it every day! • Better yet, get involved with contributing to public blocking lists

  18. Filtering • Analyze content, not where it came from • Pattern matching • Bulk detection

  19. Pattern Matching • Spams have common 'spam signs' • Common types of header forgery • Common disclaimers • Common wording of sales pitch • Garbage strings, header style, etc. • Filters can detect and score based on how many spam signs are in a message

  20. Spam Assassin(www.spamassassin.org) • Has a set of rules, each with a score • If a message scores over a threshold, marked as spam • Can also use bulk detection, blocking lists • Uses a lot more CPU • Can scale to large mail loads by using a cluster of cheap servers running SA's spamd • Can be run on a client system too

  21. Spam Assassin 2.50 • Just out! • Adds Bayesian filtering • Bayesian filtering statistically analyzes what content shows up in spam more often than real mail • For best results, needs training on what is and isn't spam • SA 2.50 auto-trains based on SA scoring

  22. Bulk Detection • Razor (razor.sourceforge.net) aka SpamNet (www.cloudmark.com) • DCC (www.rhyolite.com/anti-spam/dcc) • Reliably detects messages sent in bulk • Razor designed to detect unsolicited bulk • Not perfect, sometimes blocks large mailing lists (recently Crypto-Gram)

  23. Avoidance • Try not to expose email addresses • Don't publish user directories • Give users help and tools to do filtering • Advise users • Use spam filtering software (in addition to ISP) • Don't give out email address freely • Use disposable email addresses • Change email addresses periodically

  24. Questions Answers Discussion Q&A

More Related