Technology Technology ConsiderationsConsiderations

for Spam Controlfor Spam Control

3rd AP Net Abuse WorkshopBusan • 2003.8.25

Dave Crocker • Brandenburg InternetWorking

dcrocker@brandenburg.com<http://www.brandenburg.com/presentations/

spamtechconsider.ppt>

2

What we will discussWhat we will discuss

Derived from <http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-02.txt>

We need a “framework” for spam Technical response to a social problem

Points of control in the email architecture How do the components provide opportunities?

We need a framework for spam control What is practical and effective on a global scale?

Evaluating proposals Carefully consider any changes to global infrastructure

3

What is Spam?What is Spam?

Challenges

No clear community consensus on definition

Strong on emotion Weak on useful discussion

Minor, transient technical differences from other mail (!)

Internet mechanisms are expensive to implement

We must ensure they will quickly be effective for extended time

Sample Definitions

1. Whatever the sender decides

This means we cannot provide institutional enforcement

2. Unsolicited Commercial Religious, political, and

“crazies” are just as problematic

3. Unsolicited Bulk Focus on consent/permission Focus on aggregate traffic

4

Experience of SpamExperience of Spam

It is very serious, and it is getting worse

It is probably permanent, like cockroaches It probably can be controlled to an acceptable level But spammers are smart and adaptable

Likely to require an array of techniques Legal, administrative, and filtering Service providers and users Collaborative and independent Simple rules and statistical heuristics

5

Types of SpammersTypes of Spammers

AccountableLegitimate businesses engaging in

aggressive marketing, in the absence of formal rules

RogueActively avoid accountabilityLikely to always have “safe haven”Not always seeking money

6

Email Points of ControlEmail Points of Control

UA = User AgentMTA = Message

Transfer Agento =originator

i = intermediate

r = recipient

MTAr

UArUAo

MTAo

DNS

MTAi1 MTAi2

Accountability

Filtering Enforcement

Accountability

Filtering Enforcement

FilteringFiltering Filtering

7

Types of ControlTypes of Control

Proactive Accountability

Sender/author Sending host

Enforcement Laws and contracts Scope of control? Sufficiently objective rules? Avoids negative side-effects

Reactive (filtering) Detection

Source or destination Content Aggregate traffic

Action Divert or delete Label Notification

8

FilteringFiltering

DetectionCriteria Attribute, semantic,

processMatch the criteria? Positive vs. negativeLikelihood of error? False positive or negativeExplicitly registered? Whitelist or blacklist

DispositionAccept or Reject Danger if not recipientLabel the message Still requires actionNotify interested parties Then do what?

9

Evaluating ProposalsEvaluating Proposals

Adoption Effort to adopt proposal Effort for ongoing use Balance among

participants Threshold to benefit

Operations impact on Adopters of proposal Others

Internet scaling – What if… Use by everyone Much bigger Internet

Robustness How easily circumvented

System metrics Cost Efficiency Reliability

Impact Amount of Net affected Amount of spam affected

Test scenarios Personal post/Reply Mailing List Inter-Enterprise

10

A Sample Array of EffortsA Sample Array of Efforts

Terminology and labels

UA/MTA spam information exchangeProvide examples and filter rules

Message authenticationNot the same as content authentication

MTA/MTA reportingCollaborate on aggregate traffic analysis

11

In summaryIn summary

Changes to complex systems always have unintended, negative consequences We must attack spam, but we must attack it carefully

Attacking superficial spam characteristics invites an arms race Constantly “improving” tools, but constantly failing to

reach a stable level of effectiveness

Adequate solutions for one constituency might be inappropriate for another Look at their communications styles