Anti- Spam 101.ppt
-
Upload
sasibushang -
Category
Documents
-
view
129 -
download
1
Transcript of Anti- Spam 101.ppt
1
Anti-Spam Anti-Spam 101101
2
3
OverviewOverview What is spam? Who are the spammers?What is spam? Who are the spammers? How do you get ON spam lists?How do you get ON spam lists? How can you avoid getting on the lists?How can you avoid getting on the lists? Helping others (and yourself) avoid spamHelping others (and yourself) avoid spam How to get OFF spam listsHow to get OFF spam lists Extra efforts: things worth knowingExtra efforts: things worth knowing Extended session for those needing extra Extended session for those needing extra
helphelp
4
ConstraintsConstraints We have a lot to cover in a limited We have a lot to cover in a limited
timetime We won’t go deep (unless in Q&A)We won’t go deep (unless in Q&A) We will provide starting points and We will provide starting points and
practical “do it now” suggestionspractical “do it now” suggestions
5
WarningWarningThis is a very difficult/delicate This is a very difficult/delicate
subjectsubject I may insult somebody in this I may insult somebody in this
presentationpresentation YouYou Your friendsYour friends Your familyYour family Your co-workersYour co-workers MeMe
Spam is largely a result of doing Spam is largely a result of doing Stupid Stupid uneducateduneducated things things
6
Let’s get educatedLet’s get educated Do I owe anyone an apology? Yet?Do I owe anyone an apology? Yet?
7
A bit of historyA bit of history I did a talk on spam in 2000I did a talk on spam in 2000 At that time, Perimeter was At that time, Perimeter was
receiving under 100 TOTAL spam receiving under 100 TOTAL spam messages per daymessages per day
We started looking for a solution to We started looking for a solution to what seemed a “big” problemwhat seemed a “big” problem
8
Fast forward - January Fast forward - January 20032003
Of 2000-3000 messages per day, Of 2000-3000 messages per day, 500-800 were spam500-800 were spam
20-25% of all received20-25% of all received
9
July 2003July 2003 Typical day, we received about 3000-Typical day, we received about 3000-
5000 messages5000 messages 30-40% were spam!30-40% were spam! Weekends, with legitimate mail Weekends, with legitimate mail
volume down, spam was about 60-volume down, spam was about 60-70%70%
Some users received over 200 per Some users received over 200 per day!day!
10
June 2005June 2005 Typical day, we received about 5000-Typical day, we received about 5000-
7000 messages7000 messages 65+% were spam!65+% were spam! Weekends were about 85-90%Weekends were about 85-90% Staff aren’t seeing Staff aren’t seeing muchmuch of the junk of the junk
– thanks Barracuda– thanks Barracuda
11
May, 2006 (typical)May, 2006 (typical) 6000-8000 incoming messages per day6000-8000 incoming messages per day 4000-5500 instantly rejected as spam 4000-5500 instantly rejected as spam
(70-85%)(70-85%) 150-300 “suspicious”150-300 “suspicious” 1800-2500 actually delivered1800-2500 actually delivered Weekends have less legitimate mail; not Weekends have less legitimate mail; not
much change in the junk! (90+% spam)much change in the junk! (90+% spam) We know we’re not catching everythingWe know we’re not catching everything
12
Some quick Perimeter Spam Some quick Perimeter Spam StatisticsStatistics
13
~10:55 AM 5/15/2006~10:55 AM 5/15/2006
14
What is spam? What is spam? Who sends it?Who sends it?
15
Some simple (loose) Some simple (loose) definitionsdefinitions
SPAM: Junk mail you don’t wantSPAM: Junk mail you don’t want Trying to sell you somethingTrying to sell you something Or trying to get you to take some actionOr trying to get you to take some action
UCE: Unsolicited Commercial EmailUCE: Unsolicited Commercial Email The official name; minor technical The official name; minor technical
variancevariance Viruses (including Trojans, time Viruses (including Trojans, time
bombs, worms, etc.): programs that bombs, worms, etc.): programs that intend harm. intend harm. These are NOT spam!These are NOT spam!
16
Commercial EmailCommercial Email Is there such a thing as Is there such a thing as legitimatelegitimate
(Solicited) Commercial Email?(Solicited) Commercial Email? ProbablyProbably
Subscriptions you ask for:Subscriptions you ask for: CNN, Fox, WSBCNN, Fox, WSB Christianity TodayChristianity Today Family Life TodayFamily Life Today American Airlines, Delta, Church newslettersAmerican Airlines, Delta, Church newsletters Etc.Etc.
17
Commercial email (cont)Commercial email (cont) If you quit wanting email you asked If you quit wanting email you asked
for, that does NOT make it spam!for, that does NOT make it spam! You need to unsubscribeYou need to unsubscribe Please don’t treat as spam – you Please don’t treat as spam – you
might mess up other people who still might mess up other people who still want these mailingswant these mailings
18
More definitionsMore definitions Urban Legends: Stories that are Urban Legends: Stories that are
fascinating and sound truefascinating and sound true But usually aren’tBut usually aren’t
Hoaxes: Somewhere between spam and Hoaxes: Somewhere between spam and Urban Legend; especially virus hoaxesUrban Legend; especially virus hoaxes
Chain Mail: "forward this to everyone Chain Mail: "forward this to everyone you know.” Often an Urban Legend or you know.” Often an Urban Legend or HoaxHoax
Phishing: specific intent to gather Phishing: specific intent to gather [steal] personal data[steal] personal data
19
AsideAside Possible urban legends, etc. Check Possible urban legends, etc. Check
out on snopes before distributingout on snopes before distributing http://www.snopes.comhttp://www.snopes.com
21
Some “facts” about Some “facts” about spammersspammers
They lie!They lie! They sell your email address to othersThey sell your email address to others They don’t care [much] about dead They don’t care [much] about dead
addresses (NDRs)addresses (NDRs) They use many “harvesting” toolsThey use many “harvesting” tools Most have little moralityMost have little morality A few are unfortunates who have been A few are unfortunates who have been
duped by “you too can get rich using the duped by “you too can get rich using the Internet”Internet”
22
““Lie” is a strong wordLie” is a strong word I believe it’s the right wordI believe it’s the right word We (users) often fall for these lies. In We (users) often fall for these lies. In
particular:particular:1.1. A spam message often starts with “you are A spam message often starts with “you are
receiving this because you asked for it.”receiving this because you asked for it.”2.2. It often ends with “click here to remove It often ends with “click here to remove
yourself.”yourself.” Is #1 a lie? Then why do you believe Is #1 a lie? Then why do you believe
#2?#2?
24
Anti-spam 101 specificsAnti-spam 101 specifics Handout 10 parallels this Handout 10 parallels this
presentationpresentation
25
How do you get on a How do you get on a spammer’s list?spammer’s list?
Often, voluntarily!Often, voluntarily! Well, sometimes people do silly thingsWell, sometimes people do silly things Especially when the word “free” is usedEspecially when the word “free” is used
By registering on questionable sitesBy registering on questionable sites By not reading carefullyBy not reading carefully By exposing your email address on By exposing your email address on
ANY web siteANY web site
26
How do you get on? How do you get on? (cont.)(cont.)
By falling for hoaxesBy falling for hoaxes If you forward this … you’ll receive $$$ ...If you forward this … you’ll receive $$$ ... Responding to scams/probesResponding to scams/probes Responding to spam!Responding to spam!
Watch out for joke listsWatch out for joke lists And “fun” listsAnd “fun” lists
Choosing your family and friends Choosing your family and friends unwiselyunwisely This may take some explainingThis may take some explaining
27
How spammers harvest How spammers harvest emailsemails
Spammers have plenty of tools for Spammers have plenty of tools for finding new addressesfinding new addresses
They scan many document sources They scan many document sources extracting email addressesextracting email addresses
They add those addresses to their They add those addresses to their listslists
And sell them to other spammersAnd sell them to other spammers
28
Harvesting (cont.)Harvesting (cont.) Where do they get the sources for Where do they get the sources for
harvesting?harvesting? From you. (certainly not)From you. (certainly not) What about your friends? And What about your friends? And
family?family? Anyone who “exposes” a lot of Anyone who “exposes” a lot of
addresses is a problemaddresses is a problem Mass forwardersMass forwarders
29
Harvesting (cont.)Harvesting (cont.) Exposed addressesExposed addresses
How about hoaxes of the “forward this How about hoaxes of the “forward this to your friends” type?to your friends” type?
Those emails that ask you to add your Those emails that ask you to add your friends’ emails for pyramid schemesfriends’ emails for pyramid schemes
EXPECT that a spammer ultimately EXPECT that a spammer ultimately will see these messageswill see these messages
AND extract the emailsAND extract the emails
30
Virus/spam overlapVirus/spam overlap Some recent viruses seem to have Some recent viruses seem to have
been written specifically to help been written specifically to help expose email addressesexpose email addresses
Spammers picked up those Spammers picked up those addressesaddresses
31
Practical avoidancesPractical avoidances Do a web search for your own email Do a web search for your own email
addressaddress At Perimeter, you have several. Check them At Perimeter, you have several. Check them
allall If you find your email address on the web, you If you find your email address on the web, you
can expect spammers will too, eventuallycan expect spammers will too, eventually Avoid “forward this to everyone you Avoid “forward this to everyone you
know” messagesknow” messages Don’t send themDon’t send them Look out when you receive themLook out when you receive them
32
Avoidances (cont.)Avoidances (cont.) Hide addresses when emailingHide addresses when emailing Use disposable email addresses for Use disposable email addresses for
potentially risky needspotentially risky needs Use reply-to-all sparingly, or better, Use reply-to-all sparingly, or better,
not at allnot at all Beware using your email address on Beware using your email address on
behalf of your children or others; behalf of your children or others; especially having especially having themthem use your use your email addressemail address
33
Home AvoidancesHome Avoidances(obvious?)(obvious?)
Use Anti-virus software and keep it Use Anti-virus software and keep it up-to-date. (daily updates to pattern up-to-date. (daily updates to pattern files!)files!)
Use an anti-spyware toolUse an anti-spyware tool Use multiple login accounts – avoid Use multiple login accounts – avoid
“administrator” settings“administrator” settings SpamAware, AVG – good, cheap SpamAware, AVG – good, cheap
(free!)(free!)
34
So what’s the point?So what’s the point? Choose your friends wellChoose your friends well Teach the benefits of BCCTeach the benefits of BCC AND hoax/Urban Legend researchAND hoax/Urban Legend research AND cleaning up addresses in AND cleaning up addresses in
forwardsforwards Or better yet…Or better yet…
Teach your friends not to forwardTeach your friends not to forward Easy, right?Easy, right?
35
Can you be part of the Can you be part of the solution?solution?
Teach other about hiding addressesTeach other about hiding addresses Teach others about phishingTeach others about phishing Teach others NOT to reply to spamTeach others NOT to reply to spam Teach other NOT to mass forwardTeach other NOT to mass forward Avoid trivial email messages, Avoid trivial email messages,
including attachment only email. including attachment only email. Teach others the sameTeach others the same
Avoid “killer” subjects and phrasesAvoid “killer” subjects and phrases
37
One more considerationOne more consideration What about Plaxo and Jigsaw and What about Plaxo and Jigsaw and
similar services for keeping up with similar services for keeping up with email addresses?email addresses?
My opinion: Risky! Some disagree. My opinion: Risky! Some disagree. Caveat Emptor. Oh, wait, it’s free! Caveat Emptor. Oh, wait, it’s free! Hmmm…Hmmm…
38
How do you get off spam How do you get off spam lists?lists?
I have bad news:I have bad news:You don’t!You don’t!
You You especiallyespecially don’t get off by trying don’t get off by trying to unsubscribeto unsubscribe That can often make things worseThat can often make things worse Remember – they are liarsRemember – they are liars
39
What can you do?What can you do? Switch to a new email address (alias)Switch to a new email address (alias) CarefullyCarefully inform others of the new inform others of the new
addressaddress Wean yourself from the old addressWean yourself from the old address
How quickly can you afford to do this?How quickly can you afford to do this? Don’t expect it to be painlessDon’t expect it to be painless
41
Good email messagesGood email messages Non-trivial subjectsNon-trivial subjects Subject doesn’t start with hi, hello, or heySubject doesn’t start with hi, hello, or hey
Worse if that’s the Worse if that’s the entireentire subject! subject! Non-trivial message textNon-trivial message text NOT NOT justjust an attachment (including an attachment (including
pictures)pictures) If replying, include the original, or If replying, include the original, or
extractsextracts But, of course, suppressing email addressesBut, of course, suppressing email addresses
42
Email HeadersEmail Headers Handout 11 is stuff most people Handout 11 is stuff most people
don’t want to knowdon’t want to know Sometimes you need to know itSometimes you need to know it What about non-Outlook users? What about non-Outlook users?
43
Learn all your email aliasesLearn all your email aliases(does this apply to your church?)(does this apply to your church?)
See handout 12See handout 12 As a Perimeter staff member, you As a Perimeter staff member, you
have a lot of email addresses, all have a lot of email addresses, all coming to a single mailboxcoming to a single mailbox
You can have more (why!?)You can have more (why!?) You can use “disposable” addressesYou can use “disposable” addresses
44
45
Looking at your addressesLooking at your addresses(one of many ways – Exchange (one of many ways – Exchange
assumed)assumed)
Click the Address Book Icon
Find Your Name
46
Double-Click to openDouble-Click to open
47
Click the email tabClick the email tab
48
Tom can receive email Tom can receive email as:as:
[email protected]@[email protected]@[email protected]@[email protected]@perimeter.org
The upper case SMTP The upper case SMTP indicates the indicates the outboundoutbound address to be used: address to be used: TomMTomM
Note: email addresses Note: email addresses are case-insensitiveare case-insensitive
52
SummarySummary We’ve talked about spam, and We’ve talked about spam, and
spammersspammers How you get ON spam listsHow you get ON spam lists How can you avoid getting on the listsHow can you avoid getting on the lists
For yourself and othersFor yourself and others Getting OFF spam lists – it doesn’t Getting OFF spam lists – it doesn’t
happenhappen Extra efforts: things worth knowingExtra efforts: things worth knowing
54
Questions?Questions?
55
Extended SessionExtended Session Special invitation to our own “dirty Special invitation to our own “dirty
dozen”dozen” Others are welcomed to stayOthers are welcomed to stay Taking the hard steps to get away Taking the hard steps to get away
from “lost cause” email addressesfrom “lost cause” email addresses
56
Other dangers?Other dangers? Can you think of any other ways you Can you think of any other ways you
ended up on spam lists?ended up on spam lists?
57
Steps for abandoning a Steps for abandoning a heavily spammed email heavily spammed email
addressaddress IT will work with you to establish a ‘new’ IT will work with you to establish a ‘new’
email alias. Suggestion: email alias. Suggestion: [email protected]@perimeter.org Example: [email protected]: [email protected] We’re OK with something elseWe’re OK with something else
IT will switch this to become your IT will switch this to become your primaryprimary email addressemail address Note: This has very little effect, only OUT-going Note: This has very little effect, only OUT-going
email will have any changed appearance, only email will have any changed appearance, only for those really paying attentionfor those really paying attention
58
Abandonment steps Abandonment steps (cont.)(cont.)
CarefullyCarefully start giving this email start giving this email address to your address to your Avoid the things that caused the Avoid the things that caused the
original problemsoriginal problems Change items on the web and Change items on the web and
printed materials that have your old printed materials that have your old addressaddress Be sure to encrypt addresses on the Be sure to encrypt addresses on the
webweb
59
Abandonment steps Abandonment steps (cont.)(cont.)
When you’re ready…part 1…When you’re ready…part 1… IT will create an Outlook Public folder IT will create an Outlook Public folder
and give it your old email addressand give it your old email address You need to review that folder You need to review that folder
occasionally for the good email occasionally for the good email remainingremaining
CautiouslyCautiously notify the senders of your notify the senders of your new, preferred, addressnew, preferred, address
60
Abandonment steps Abandonment steps (cont.)(cont.)
When you’re ready…part 2…When you’re ready…part 2… Once the Public Folder quits having Once the Public Folder quits having
value:value: IT will disconnect the old email addressIT will disconnect the old email address Any future mail to the old (bad) address Any future mail to the old (bad) address
will be bouncedwill be bounced
61
AdditionallyAdditionally If you absolutely must give your email If you absolutely must give your email
address in risky situations:address in risky situations: IT can create an alternate, “disposable,” aliasIT can create an alternate, “disposable,” alias Use it whenever you don’t care about Use it whenever you don’t care about
responses receivedresponses received When/if that address is spammed, we can When/if that address is spammed, we can
drop it and provide anotherdrop it and provide another Or, alternatively, use the Public Folder concept, Or, alternatively, use the Public Folder concept,
againagain We can give you more than one “disposable”We can give you more than one “disposable”
62
While transitioning…While transitioning… Please keep reporting spam and not Please keep reporting spam and not
spamspam You, collectively, are our best sourceYou, collectively, are our best source
64
Any other questions?Any other questions?
65
Handouts 13 & 14Handouts 13 & 14 Possible friendly responses to your Possible friendly responses to your
friends and familyfriends and family
66
What’s the next action?What’s the next action? Any “take-aways?”Any “take-aways?” Please record on your Please record on your My Actions My Actions
sheetsheet
67
How are we How are we doing?doing?
Time?Time?Content?Content?Depth?Depth?Value?Value?
68