AntiSpam 101

1
Anti-Spam 101
2
(No Transcript)
3
Overview

• What is spam? Who are the spammers?
• How do you get ON spam lists?
• How can you avoid getting on the lists?
• Helping others (and yourself) avoid spam
• How to get OFF spam lists
• Extra efforts things worth knowing
• Extended session for those needing extra help

4
Constraints

• We have a lot to cover in a limited time
• We wont go deep (unless in QA)
• We will provide starting points and practical do
  it now suggestions

5
WarningThis is a very difficult/delicate subject

• I may insult somebody in this presentation
• You
• Your friends
• Your family
• Your co-workers
• Me
• Spam is largely a result of doing Stupid
  uneducated things

6
Lets get educated

• Do I owe anyone an apology? Yet?

7
A bit of history

• I did a talk on spam in 2000
• At that time, Perimeter was receiving under 100
  TOTAL spam messages per day
• We started looking for a solution to what seemed
  a big problem

8
Fast forward - January 2003

• Of 2000-3000 messages per day, 500-800 were spam
• 20-25 of all received

9
July 2003

• Typical day, we received about 3000-5000 messages
• 30-40 were spam!
• Weekends, with legitimate mail volume down, spam
  was about 60-70
• Some users received over 200 per day!

10
June 2005

• Typical day, we received about 5000-7000 messages
• 65 were spam!
• Weekends were about 85-90
• Staff arent seeing much of the junk thanks
  Barracuda

11
May, 2006 (typical)

• 6000-8000 incoming messages per day
• 4000-5500 instantly rejected as spam (70-85)
• 150-300 suspicious
• 1800-2500 actually delivered
• Weekends have less legitimate mail not much
  change in the junk! (90 spam)
• We know were not catching everything

12
Some quick Perimeter Spam Statistics
13
1055 AM 5/15/2006
14
What is spam? Who sends it?
15
Some simple (loose) definitions

• SPAM Junk mail you dont want
• Trying to sell you something
• Or trying to get you to take some action
• UCE Unsolicited Commercial Email
• The official name minor technical variance
• Viruses (including Trojans, time bombs, worms,
  etc.) programs that intend harm. These are NOT
  spam!

16
Commercial Email

• Is there such a thing as legitimate (Solicited)
  Commercial Email?
• Probably
• Subscriptions you ask for
• CNN, Fox, WSB
• Christianity Today
• Family Life Today
• American Airlines, Delta, Church newsletters
• Etc.

17
Commercial email (cont)

• If you quit wanting email you asked for, that
  does NOT make it spam!
• You need to unsubscribe
• Please dont treat as spam you might mess up
  other people who still want these mailings

18
More definitions

• Urban Legends Stories that are fascinating and
  sound true
• But usually arent
• Hoaxes Somewhere between spam and Urban Legend
  especially virus hoaxes
• Chain Mail "forward this to everyone you know.
  Often an Urban Legend or Hoax
• Phishing specific intent to gather steal
  personal data

19
Aside

• Possible urban legends, etc. Check out on snopes
  before distributing
• http//www.snopes.com

20
Do we need other training?

• Malware is way beyond todays discussion
• Would you be interested in a staff training on
  all the different types of malware? And defenses
  against them?
• How about a lunch and learn?

21
Some facts about spammers

• They lie!
• They sell your email address to others
• They dont care much about dead addresses
  (NDRs)
• They use many harvesting tools
• Most have little morality
• A few are unfortunates who have been duped by
  you too can get rich using the Internet

22
Lie is a strong word

• I believe its the right word
• We (users) often fall for these lies. In
  particular
• A spam message often starts with you are
  receiving this because you asked for it.
• It often ends with click here to remove
  yourself.
• Is 1 a lie? Then why do you believe 2?

23
9 AM, 5/15/2006
24
Anti-spam 101 specifics

• Handout 10 parallels this presentation

25
How do you get on a spammers list?

• Often, voluntarily!
• Well, sometimes people do silly things
• Especially when the word free is used
• By registering on questionable sites
• By not reading carefully
• By exposing your email address on ANY web site

26
How do you get on? (cont.)

• By falling for hoaxes
• If you forward this youll receive ...
• Responding to scams/probes
• Responding to spam!
• Watch out for joke lists
• And fun lists
• Choosing your family and friends unwisely
• This may take some explaining

27
How spammers harvest emails

• Spammers have plenty of tools for finding new
  addresses
• They scan many document sources extracting email
  addresses
• They add those addresses to their lists
• And sell them to other spammers

28
Harvesting (cont.)

• Where do they get the sources for harvesting?
• From you. (certainly not)
• What about your friends? And family?
• Anyone who exposes a lot of addresses is a
  problem
• Mass forwarders

29
Harvesting (cont.)

• Exposed addresses
• How about hoaxes of the forward this to your
  friends type?
• Those emails that ask you to add your friends
  emails for pyramid schemes
• EXPECT that a spammer ultimately will see these
  messages
• AND extract the emails

30
Virus/spam overlap

• Some recent viruses seem to have been written
  specifically to help expose email addresses
• Spammers picked up those addresses

31
Practical avoidances

• Do a web search for your own email address
• At Perimeter, you have several. Check them all
• If you find your email address on the web, you
  can expect spammers will too, eventually
• Avoid forward this to everyone you know
  messages
• Dont send them
• Look out when you receive them

32
Avoidances (cont.)

• Hide addresses when emailing
• Use disposable email addresses for potentially
  risky needs
• Use reply-to-all sparingly, or better, not at all
• Beware using your email address on behalf of your
  children or others especially having them use
  your email address

33
Home Avoidances(obvious?)

• Use Anti-virus software and keep it up-to-date.
  (daily updates to pattern files!)
• Use an anti-spyware tool
• Use multiple login accounts avoid
  administrator settings
• SpamAware, AVG good, cheap (free!)

34
So whats the point?

• Choose your friends well
• Teach the benefits of BCC
• AND hoax/Urban Legend research
• AND cleaning up addresses in forwards
• Or better yet
• Teach your friends not to forward
• Easy, right?

35
Can you be part of the solution?

• Teach other about hiding addresses
• Teach others about phishing
• Teach others NOT to reply to spam
• Teach other NOT to mass forward
• Avoid trivial email messages, including
  attachment only email. Teach others the same
• Avoid killer subjects and phrases

36
Be part of the solution (cont.)

• Continue to observe and report spam and not spam
  (let helpdesk know if you need help with this)

37
One more consideration

• What about Plaxo and Jigsaw and similar services
  for keeping up with email addresses?
• My opinion Risky! Some disagree. Caveat
  Emptor. Oh, wait, its free! Hmmm

38
How do you get off spam lists?

• I have bad news
• You dont!
• You especially dont get off by trying to
  unsubscribe
• That can often make things worse
• Remember they are liars

39
What can you do?

• Switch to a new email address (alias)
• Carefully inform others of the new address
• Wean yourself from the old address
• How quickly can you afford to do this?
• Dont expect it to be painless

40
Making an email switch

• Several of you have been specifically invited to
  stay later to discuss this process
• ALL are welcomed to join that discussion

41
Good email messages

• Non-trivial subjects
• Subject doesnt start with hi, hello, or hey
• Worse if thats the entire subject!
• Non-trivial message text
• NOT just an attachment (including pictures)
• If replying, include the original, or extracts
• But, of course, suppressing email addresses

42
Email Headers

• Handout 11 is stuff most people dont want to
  know
• Sometimes you need to know it
• What about non-Outlook users?

43
Learn all your email aliases(does this apply to
your church?)

• See handout 12
• As a Perimeter staff member, you have a lot of
  email addresses, all coming to a single mailbox
• You can have more (why!?)
• You can use disposable addresses

44
(No Transcript)
45
Looking at your addresses(one of many ways
Exchange assumed)
Click the Address Book Icon
Find Your Name
46
Double-Click to open
47
Click the email tab
48
Tom can receive email as

• tomm_at_perimeter.org
• tommullis_at_perimeter.org
• tom.mullis_at_perimeter.org
• tmullis_at_perimeter.org
• The upper case SMTP indicates the outbound
  address to be used TomM
• Note email addresses are case-insensitive

49
Additional Information

• Links to this presentation, and other materials,
  will be available from the Intranet announcements
• -or-
• Peroogle for anti-spam will also return some
  useful results. Anti-spam 101 will probably
  drill in tighter

50
Miscellaneous

• The IT department hates spam more than you do
• We also hate it when a good email is blocked
• We work hard to deliver the good and block the
  bad. Were not perfect
• Lance spends easily an hour a day on your behalf

51
Daily Barracuda Operations

• Lance personally looks at EVERY Quarantined email
  and makes a judgment
• Rules are adjusted, scores are adjusted
• Classifications are performed to help the
  Barracuda learn about spam vs. good mail
• How are we doing?

52
Summary

• Weve talked about spam, and spammers
• How you get ON spam lists
• How can you avoid getting on the lists
• For yourself and others
• Getting OFF spam lists it doesnt happen
• Extra efforts things worth knowing

53
More?

• Want more info on
• Spam
• Viruses
• Phishing
• Hoaxes
• Reading email headers
• Etc.
• ASK! Wed be glad to schedule time

54
Questions?
55
Extended Session

• Special invitation to our own dirty dozen
• Others are welcomed to stay
• Taking the hard steps to get away from lost
  cause email addresses

56
Other dangers?

• Can you think of any other ways you ended up on
  spam lists?

57
Steps for abandoning a heavily spammed email
address

• IT will work with you to establish a new email
  alias. Suggestion Firstname.Lastname_at_perimeter.o
  rg
• Example Tom.Mullis_at_perimeter.org
• Were OK with something else
• IT will switch this to become your primary email
  address
• Note This has very little effect, only OUT-going
  email will have any changed appearance, only for
  those really paying attention

58
Abandonment steps (cont.)

• Carefully start giving this email address to your
  
• Avoid the things that caused the original
  problems
• Change items on the web and printed materials
  that have your old address
• Be sure to encrypt addresses on the web

59
Abandonment steps (cont.)

• When youre readypart 1
• IT will create an Outlook Public folder and give
  it your old email address
• You need to review that folder occasionally for
  the good email remaining
• Cautiously notify the senders of your new,
  preferred, address

60
Abandonment steps (cont.)

• When youre readypart 2
• Once the Public Folder quits having value
• IT will disconnect the old email address
• Any future mail to the old (bad) address will be
  bounced

61
Additionally

• If you absolutely must give your email address in
  risky situations
• IT can create an alternate, disposable, alias
• Use it whenever you dont care about responses
  received
• When/if that address is spammed, we can drop it
  and provide another
• Or, alternatively, use the Public Folder concept,
  again
• We can give you more than one disposable

62
While transitioning

• Please keep reporting spam and not spam
• You, collectively, are our best source

63
Whos ready to start the transition?
64
Any other questions?
65
Handouts 13 14

• Possible friendly responses to your friends and
  family

66
Whats the next action?

• Any take-aways?
• Please record on your My Actions sheet

67
How are we doing?

• Time?
• Content?
• Depth?
• Value?

68
(No Transcript)