Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Corporate Spam Defense

advertisement 
Corporate Spam Defense
Random Driver
Gilles Bouyer
Oleg Kipnis
Hang Li
Samar Patel
Ashwin Shanmugasundaram
Random Driver
Agenda
• Solutions
 Appliances – Server Side Software
 Pros and Cons
 Cloud Based Solution
 Pros and Cons
 End User Software
 Pros and Cons
 Methods used
 Legal and Other Solutions
 Pros and Cons
• Proposed solution
 Strength/ Weaknesses
 Cost / Implementation
 Conclusion - Questions
Random Driver
2
Problem Statement
• Most enterprise users are exposed to spam, which means they are exposed to more
threats. Spam is an issue affecting all industrial sectors, government and education.
• While missing an email due to a false positive when it comes to personal use might not
seem like a big deal, it is important for the enterprise to be cautious on optimizing
communication to reach better business results.
• SPAM is an attack on authenticity with the following characteristics:
 70.7% of all email traffic is Spam
 2.3% of all emails contain malicious attachments
 1.8% – 3% of spam makes it through spam filters
 Only 1 in 25,000 spam needs to be opened to be profitable for spammers
 Costs 20 billion dollars annually
• We will review the defense mechanisms and recommend a solution to this problem.
Random Driver
3
Anti Spam Appliances
• Anti-spam appliances are hardware-based solutions integrated with on-board anti-spam software
and are normally driven by an operating system optimized for spam filtering
• They are deployed at the gateway or in front of the mail server
• Appliances provide a solution that does not require configuration of the existing mail server, and
can be more effective and of higher performance than a software solution installed on the mail
server
Examples: Barracuda, SpamTitan, Fortinet, Cisco Ironport
• How does Barracuda work?
1. All incoming mail is screened according to the
rules of the Barracuda device and by the rules
that are manually created
2. Non spam messages will go directly to inbox
folder
3. Messages that are suspected as being spam are
informed by a Spam Quarantine
Random Driver
4
Server Side Software
• Anti-spam software is either installed on the mail server itself or in front of mail
server. The purpose of this software is to remove the burden of filtering e-mail from
the e-mail server.
• Examples:
• Bogofilter- Used by a MTA to classify messages as they are received from the
sending SMTP server. Bogofilter examines tokens in the message body and header
to calculate a probability score that a new message is spam
• SpamAssassin- It can be run as a standalone application on server or as a
subprogram of another application
• MailwasherEnterprise- It works as a proxy, sits in front of mail server blocking and
denying spam from getting to mail server and users
• POPFile- Typically it is used to filter spam mail. It can also be used to sort mail into
other user defined "buckets" or categories
Random Driver
5
PROs and CONs
Antispam Appliances
•
•
•
•
CONs
PROs
High reliability that works out of the
box
Operating system and application
software is pre-loaded and configured
Stable OS guarantees less downtime
Updates itself automatically with no
user intervention
•
•
Upfront costs
If the hardware fails, it requires a
warranty or an upfront cost to
fix/replace
Server Side Software
•
•
•
Random Driver
PROs
Customized filters which can be
personalized according to individual
user requirement
Whitelisting capabilities
Quarantines spam mails which are
kept for a certain duration
CONs
•
•
•
Difficult to install
Software
updates
can
cause
compatibility issues with other
software on the system
Requires updating the server OS with
the latest patches
6
Cloud based Solutions
• Anti Spam Cloud based solutions enable to filter email on content and authenticity outside the
LAN and provide only legitimate
emails to the organization.
• Sample of Providers:
•
eluna https://heluna.com/ $49/year
•
McAffee SaaS Email and Web security
•
Message Labs
•
Sophos
•
Untangle
•
Google Apps
• Example of incoming mail:
Random Driver
7
PROs and CONs
•
•
•
•
Random Driver
PROs
Does not slow down or interfere
with program on workstation
No need to update virus definition
Temporary store mail if LAN issues
Built in white / gray / black lists
CONs
• Subscription based
(# $30/user/year)
• Security of the cloud
8
End User Software
• Email Clients – Most Email Clients have built in basic spam filter
• Outlook uses Whitelists/Blacklists and Word Blocking
• Add-ons to Email Clients – Add more powerful spam filtering to Email Clients
• Spam Reader - Uses Bayesian filtering and Whitelist/Blacklist
• Vircom - Uses Bayesian filtering
• Stand Alone Software – Works with email clients and web mail
• Spamhilataor– Uses combination of Word Blocking, Bayesian filtering and user
defined lists
• Mailwasher – Uses combination of Word Blocking, Bayesian filtering and user
defined lists
Random Driver
9
Pros and Cons
•
•
Random Driver
Pros
Filters can easily be customized for
individual user
Fewer false positives
Cons
•
•
•
Blocked and filtered email still
reaches the mail server
Difficult for admins to configure
for each user
Scalability
10
Methods
• Outbound filters using Transparent SMTP proxy
SMTP Proxies are inserted between sending mail servers on a local network, and the receiving
servers on the Internet in order to filter outgoing spam
• DNS based Blacklists
Servers maintain a list of IP addresses of via the DNS to reject email from those sources
•
Checksum based filtering
Spam messages sent in bulk are identical except for few changes in content. Checksum based
filters determine checksum and compare with database which stores checksum values of spam
messages
• Statistical content filtering (Bayesian Filtering)
Users mark messages as spam or non-spam and the filter learns from user judgments
• Pattern Detection
Monitors a large database of messages worldwide to detect spam patterns
Random Driver
11
Methods
• Honey Pots
MTA which gives the appearance of being an open mail relay, or a TCP/IP proxy server which gives
the appearance of being an open proxy is setup to detect spammers who probe systems for open
relays/proxies
• Authentication and reputation
Allow email from servers that have been authenticated as senders of legitimate email
• Domain-based Message Authentication, Reporting and Conformance (DMARC)
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or
DKIM, and tells a receiver what to do if neither of those authentication methods passes
• SPF
• DKIM
Random Driver
12
Sender Policy Framework
Sender Policy Framework (SPF): an anti-spam approach in which the Internet
domain of an e-mail sender can be authenticated for that sender, thereby
discouraging spam mailers, who routinely disguise the origin of their e-mail.
Random Driver
13
DomainKeys Identified Mail
•
DKIM is a specification for cryptographically signing e-mail messages. A signing domain (eg:
Gmail) claims responsibility for the email by adding a DKIM-Signature header field to
message’s header.
•
The verifier recovers the signer's public key using the DNS, and then verifies that the
signature matches the actual message's content. The receiving SMTP server uses the
domain name and the selector to perform a DNS lookup.
Random Driver
14
DKIM workflow
4
5
6
3
2
7
1
Random Driver
15
Other Current Solutions
• End user actions
• Whitelisting : Reject everything except the email addresses accepted one by one
• Spam Poisoning: Restrict the distribution of one’s address to only trusted parties, effectively
hiding from spammer. (eg. ‘user@exampleREMOVETHIS.com)
•
Collaborative filtering: detect messages being sent to large number of recipients
• Ideas under consideration:
• Micropayment: Charging 1cent per email sent. If answer remove the charge.
• Internet Mail 2000: “Internet 2000” mail messages are stored by the sender. The receiver is
pulling his(her) message from the sender server.
Random Driver
16
Existing SPAM legislations: http://en.wikipedia.org/wiki/Email_spam_legislation_by_country
Country
Argentina
Australia
Austria
Belgium
Canada
Canada
China
Cyprus
Czech Republic
Denmark
European Union
Finland
France
Germany
Hong Kong
Hungary
Indonesia
Ireland
Israel
Italy
Japan
Malaysia
Malta
Netherlands
New Zealand
Pakistan
Singapore
South Africa
South Africa
South Korea
Spain
Sweden
United Kingdom
United States
None
Random Driver
Legislation
Personal Data Protection Act (2000)
Spam Act 2003
Austrian Telecommunications Act 1997
Loi du 11 mars 2003
Personal Information Protection and Electronic Documents Act 2000 (PIPEDA)
Fighting Internet and Wireless Spam Act 2010
Regulations on Internet email Services - Death penalty risked by spammers
Regulation of Electronic Communications and Postal Services Law of 2004
Act No. 480/2004 Coll., on Certain Information Society Services
Danish marketing practices act
Directive on Privacy and Electronic Communications
Act on Data Protection in Electronic Communications (516/2004)
Loi informatique et libertee Jan 6 1978
Gesetz gegen Unlauteren Wettbewerb (UWG) ("Act against Unfair Competition")
Unsolicited Electronic Messaging Ordinance
Act CVIII of 2001 on Electronic Commerce
Undang-undang Informasi dan Transaksi Elektronic (ITE) (Internet Law)
European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003
Communications Law (Telecommunications and Broadcasting), 1982 (Amendment 2008)
Data Protection Code (Legislative Decree no. 196/2003)
The Law on Regulation of Transmission of Specified Electronic Mail
Communications and Multimedia Act 1998
Data Protection Act (CAP 440)
Dutch Telecommunications Act
Unsolicited Electronic Messages Act 2007
Prevention of Electronic Crimes Ordinance 2007
Spam Control Act 2007
Electronic Communications and Transactions Act, 2002
Consumer Protection Act, 2008
Act on Promotion of Information and Communication and Communications Network Utilization and Information Protection of
Act 34/2002 of 11 July on Information Society Services and Electronic Commerce
Marknadsföringslagen (1995:450) Swedish Marketing Act
Privacy and Electronic Communications (EC Directive) Regulations 2003
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act of 2003)
Brazil, India, Mexico, Russia
17
Examples of penalties
• UK Nov 2012 Christopher Niebel and Gary McNeish fined $700,000 sending million SMS
• http://www.theverge.com/2012/11/28/3701210/sms-spammers-fined-700000-uk
• Netherlands Oct 2012 Companeo fined 100,000 €, 15 Million email between 2009 and 2011 without the consent of the
•
recipients
https://www.signal-spam.fr/actualites/une-soci%C3%A9t%C3%A9-condamn%C3%A9e-%C3%A0-100-000%E2%82%AC-damende-pour-lenvoide-spams
• France
•
•
http://www.tomsguide.fr/actualite/spamming,36022.html
One man fined 22,000 € 1 Million SPAMs. +1,000 € per new SPAM.
• CASL: Canada Anti Spam Legislation
•
•
•
http://blog.eliteemail.com/2013/05/16/all-about-casl-canadas-anti-spam-legislation/
Value Click has settled charges today with the Federal Trade Commission, netting the FTC $2.9 million in civil penalties.
Failure to disclose that users must first sign up for other offers (ones that cost them money) before collecting the prize.
•
[9:26:06 PM] Samar Patel: http://news.techeye.net/security/spammer-fined-a-billion-bucks
•
•
commercial electronic messages (CEMs) and prohibits the sending of these messages except in certain limited circumstances. Email, MMS,
SMS.
http://www.bit.com.au/News/316120,dont-get-stung-by-australias-anti-spam-laws.aspx
Oct 9th 2013: Grays has become the latest online retailer to get caught emailing people without providing an unsubscribe button, and the
company has paid AU$165,000 for the mistake.
• Australian Communication and Media Authority: Spam Act 2003. regulates the sending of
• Russia: The biggest spammer was found dead in his apartment.
•
http://www.theinternetpatrol.com/spammer-receives-the-death-penalty
Random Driver
18
PROs and CONs
•
•
Random Driver
PROs
Several Countries have legislation
Organization are being fined
CONs
•
•
•
•
•
Majority of the countries do not
have legislation
Fines against individuals rarely
work. Either too high or too low
Lack of identification
Hard to have legislation keep up
with technology
Legislators are not tech savvy
19
Proposed Solution
Random Driver
20
Proposed Solution
• Gmail Spam filter
• Gmail spam filters use combination of statistical filtering, content filtering
and authentication methods like SPF and DKIM to filter spam
• Users can train system by marking email as spam or not spam
• Administrators can set up whitelists/graylists/blacklists
• Scans all attachments for viruses before reaching the user
• Less than 1% of email in the inbox reported as spam (average is between
1.8% and 3%)
• Less than 1% of email falsely marked as spam
Random Driver
21
Cost & Implementation
.• Cost - $50/user/year
• Includes other services and not just spam protection
•
Implementation - Feasibility
• Easy to migrate from Exchange server
• Users can continue using current email client like outlook or use web mail
• Can be implemented in 90 days for large enterprise(>750 users), in 4 weeks for medium
businesses and within 1 hour for a small business
•
Statistics:
• Gmail has no more than 1% of the enterprise email market, but it has close to 50%
of the market for enterprise cloud email (2011 Gartner)
• 39% of small companies <50p use Gmail
• 20% of large companies use Gmail
Random Driver
22
Strength and Weaknesses
•
•
•
•
•
•
•
Random Driver
STRENGTHS
Uses multiple techniques to block
spam includes DMARC
Google acquired Postini (2007)
that made them superior.
Less than 1% spam (Avg. 1.8% 3%)
Google Apps is better suited for
heterogeneous environments
Easy to implement
Automatic updated and easy to
configure by users and
administrators
Includes complete productivity
suites in the cost of subscription
WEAKNESSES
•
•
•
•
Trusting data to cloud provider
Legal concern over privacy of data
Expensive if only looking for anti
spam solution and not any other
functionality
Solution is as good as the capacity
of Spammer to find a new exploit
23
Adopters
Random Driver
24
Conclusion - Questions
• While there are no perfect solutions to stop all SPAM, the protection mechanisms
can be very efficient.
• This does not solve the generation of 70% email traffic that weight on the internet.
• The impetus for change is likely to be given by governments requesting ISP to find
solutions.
• Once ISP find the value of non spam network and avoid the inherent threats posed
by these messages, they will seriously work on the issue and find solution.
Random Driver
25
Backup Slides
Additional Material
Random Driver
26
Sender Policy Framework
.
Random Driver
27
SPAM
Random Driver
28
eMail accounts and Traffic – Current and Projection
http://www.radicati.com/wp/wp-content/uploads/2012/04/Email-Statistics-Report-2012-2016-Executive-Summary.pdf
Random Driver
29
Related documents
Attention: This is a Pre-Statistics self
Attention: This is a Pre-Statistics self
We`re sorry - Massachusetts Department of Education
We`re sorry - Massachusetts Department of Education
We`re sorry - Massachusetts Department of Elementary and
We`re sorry - Massachusetts Department of Elementary and
Bayes` Theorem and examples-Word
Bayes` Theorem and examples-Word
4.) Internet Services Spam/Virus Filter Swiftel Communications will
4.) Internet Services Spam/Virus Filter Swiftel Communications will
CS534 Machine Learning
CS534 Machine Learning
MySBmail Filtering Rules Incoming Mail Outgoing Mail
MySBmail Filtering Rules Incoming Mail Outgoing Mail
Download
advertisement