Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Technical Approaches to Spam and Standards Activities (ITU WSIS Spam Conference)

advertisement 
Technical Approaches to Spam
and Standards Activities
(ITU WSIS Spam Conference)
John R. Levine, Chair
IRTF Anti-Spam Research Group
ituwsis@taugh.com
+1 607 330 5711
Overview
• The e-mail landscape
• Technical filtering possibilities
• Standards activities
2
The e-mail landscape
•
100 billion messages / day
– 50% to 95% spam
• Millions of senders and receivers
• Scaling is a critical issue
3
At one large provider
• 150M individual
messages / day
• 150M legitimate bulk
messages / day
• Over 2000M spams /
day
Individual
Bulk
Spam
4
E-mail infrastructure
• Very decentralized
• No chokepoints other than perhaps DNS
• Mail directly from server to server
5
E-mail delivery
•
•
•
•
No prior arrangements
Doesn’t match national boundaries
Doesn’t match network boundaries
Often doesn’t match administrative
boundaries
6
E-mail users
• Users all over the world
–
–
–
–
Dialup and broadband ISPs
Via employer network
Mobile phones and Blackberry
Libraries, cyber cafés, WiFi hotspots
• User numbers
– 1000M? Nobody really knows
– Large mail systems have >100M mailboxes
7
User profiles
• As varied as telephone users
• Wide range of incomes, language,
experience, and technical expertise
8
Overview
• The e-mail landscape
• Technical filtering experience
• Standards activities
9
Filtering points
•
•
•
•
•
Manage untrustworthy senders
Evaluate the source
During receipt
After receipt
At delivery
10
Sender time filtering
•
•
•
•
Port blocks
Sender authentication e.g. SMTP AUTH
Rate limiting
Filter as though receiving
– These work well but are moderately disruptive
11
Receipt time source filtering
• Mechanical DNSBLs
– Open relay, proxy, spam trap, ...
• Untrustworthy senders (dialups)
• Shared reports (Spamcop)
• Spam sources (SBL, MAPS RBL)
– DNSBLs have wide quality range
• DNS “poisoning” forward/backward
– Defensive move against worst spammers
12
Per-Message Content filtering
• Protocol defects: Reverse DNS, SMTP
errors
• Header analysis: Sender white/blacklists,
header defects, …
• Body strings (fixed or adaptive/Bayesian)
• “Spammy” behavior (hashbusters, …)
– Can be effective, spammers try hard to defeat
13
Message stream filtering
• Bulk counting (DCC)
– Need to whitelist valid bulk
• Shared denouncements (Razor, Spamcop)
– Depends on quality of reports
14
Hybrid filtering
• Combine any and all of the others
–
–
–
–
Spamassasin
Mailshield
Many others
Add-ons to MTAs and home-brew
15
Sender identification
•
•
•
•
•
PGP, S/MIME signatures
Real time mail-back
Challenge/response
Source authorization
Trusted sender schemes
16
Per-correspondent addresses
• Disposable addresses for untrustworthy
correspondents
• “Channel” addresses to identify
correspondents and sort mail
• The introduction
John R. Levine, Chair
problem
IRTF Anti-Spam Research Group
ituwsis@taugh.com
+1 607 330 5711
17
Postage schemes
• Computational Hashcash
• E-postage
– Micropayments
– Attention bonds
• All have identity/authentication problems
• E-postage has infrastructure and fraud
problems
18
Overview
• The e-mail landscape
• Technical possibilities
• Standards activities
19
ASRG and MARID
(Oversimplified
organization chart)
Internet Society
IESG
Internet Engineering
Steering Group
IAB
Internet Architecture Board
Applications Area
IRTF
Internet Research Task Force
IETF
MARID
MTA Authorization in DNS
ASRG
Anti-Spam Research Group
Subgroups
20
Anti-Spam Research Group
•
•
•
•
Rechartered in late 2003
Multiple subgroups
No budget, works by e-mail
Members participate as individuals
21
ASRG subgroups
• Lightweight Mail Authentication (LMAP)
– Work passed to MARID
•
•
•
•
Abuse reporting
Filtering standards
Identity, Authentication, Reputation (IAR)
Other inactive subgroups
22
IETF MARID
• Charged with DNS based authentication
• Very aggressive schedule
– Hope to have a draft standard by late 2004
• Sender ID
• CSV
23
Sender ID
• Combines SPF (M. W. Wong et al.) and
Caller ID (Microsoft)
• Validates message sender’s address via
originating IP address
• Technically straightforward
• Debatable effectiveness and “collateral
damage”
• Needs reputation system
24
Client SMTP validation
• CSV developed by D. Crocker, J. Leslie et
al.
• Validates sending mail host
• Debatable effectiveness, less collateral
damage than Sender ID
• Also needs reputation system
25
Future work
• Domain keys, TEOS, and other message
validation
• Reputation and accreditation systems
26
Technical Approaches to Spam
and Standards Activities
(ITU WSIS Spam Conference)
John R. Levine, Chair
IRTF Anti-Spam Research Group
ituwsis@taugh.com
+1 607 330 5711
Related documents
STAT 503X Assignment 3 Email and SPAM
STAT 503X Assignment 3 Email and SPAM
End User Guide Netcetera Total Control Email Filtering Account
End User Guide Netcetera Total Control Email Filtering Account
Sender.-MATH.-week-8-ss
Sender.-MATH.-week-8-ss
MBA-018 Communication For Management
MBA-018 Communication For Management
International Anti-Spam Cooperation & Building Relevant Standard
International Anti-Spam Cooperation & Building Relevant Standard
Anti-spam filtering techniques St´ ephane Bortzmeyer AFNIC (“.fr” registry)
Anti-spam filtering techniques St´ ephane Bortzmeyer AFNIC (“.fr” registry)
Download
advertisement