Title: Spam How To Control The Beast
1Spam - How To Control The Beast
- Kevin Martin, Martin Assoc.
2My 3 Main Objectives
- Supply materials for your web site, marketing
handouts and client goodwill activities
- Go beyond the list of how to avoid and show a
real life case study in applying these
techniques
- A resource list to help you move forward
3Agenda/Topic Overview
- Spam Background, Stats and Definitions
- Common Rules To Follow
- Client Desktop Solutions
- ISP/Server Planning (and Products)
- mwa.net (MAs private ISP) case study
- Questions and Answers
4Spam Background, et. al.
- How They Get Your E-mail Address
- How Spammers Operate
- Spam and the Law
- A Few Dictionary Items
- Where to Focus Resources Client Desktop or
ISP/Server?
5Getting Your E-mail Address
- From you registering on unscrupulous web sites
- Newsgroup postings
- Chat sessions
- Spambots that crawl through web sites looking for
the _at_
- Purchase an e-mail list
- Random name generation
- Harvesting from a company server
- Your browser gave it up-www.privacy.net/analyze
6How Spammers Operate
- Gather Addresses
- Find a way to send the mail
- Find a SMTP server that can handle the volume.
One they own, or use tools to find open relays or
pay a bulk-mailer,
- And hide them from any repercussions. False
header information illegal in some states -
Congress is working on a nationwide band. But
off shore laws will not be enforceable. - Fun Fact a good email server can send out 1
million emails an hour
7Spam and the Law
- Most at the state level half the states have
something. www.spamlaws.com. Congress is
working to weigh in
- Spam laws are not about content but rather
false subject lines, false routing information,
3rd party domain names used without permission
and ineffective opt-outs - Spam laws are nice in theory about impossible
to enforce
- Lack of consensus is Spam unsolicited, bulk or
commercial email?
- No way to enforce oversees spammers
- Know case law exists, and move forward with your
systems to stop spam dont wait for Law and
Order SVU to save you
8A Few Dictionary Items
- False-Positive email that should not have been
bounced but was caught in Spam filtering
- False-Negative email that you wish was caught
- Response/Challenge and White List user needs to
be identified as being valid BY you
- Black List service that tracks spam senders,
and will report back. Typically by IP Address
- Bayesian statistical approach to word
association
- HTML Filtering reviewing the hrefs embedded in
your email
9Where To Focus Resources?
- Client Desktop why would ITA Members Care?
- Our smaller clients (1-10 desktops) need it
- ITA larger clients will ask what to do at home
- Good way to show you are plugged in
- ISP/Server
- Focus your time here
- No magic solutions but there are ways and
processes. (and You have to follow up on them)
- Still a good way to show you are plugged in
10Common Rules To Follow
- Guard Your In-Box
- Use Free Web Mail Accounts
- Use a Disposable E-mail Address
- Use Fake Addresses
- Dont Post Your Address
- Dont Answer Spam. Ever
- Opt Out
- Read the Privacy Policy
- Dont View SPAM Messages in your in box
11More on Dont View Spam
- Outlook, Eudora, etc. support previewing mail.
Use previewing carefully.
- href code is waiting to run when you preview or
view a message
- Some is static, with no custom info about you
- Smarter spammers are href tagging your spam
- Previewing and Viewing both need to be managed by
you
12More on Dont View Spam (cont)
- The graphic appeared on my laptop screen BEFORE
I even read/opened the message an href was
being followed by my mail software
13More on Dont View Spam (cont)
- This text (from previous email) appears to
support that NO custom href item was used. No
foul here. But
14More on Dont View Spam (cont)
- This message is previewed off- line (no active IP
address on my PC) - Notice the x showing,
instead of a graphic image.
15More on Dont View Spam (cont)
- Look closing at the href, I kept this message
from sending positive confirmation by me just
because I viewed thee-mail/spam
16Client Desktop Solutions
- Examining Header Source and Contents
- Rule-based filtering
- Anti-spam algorithms
- Black lists
- Client Software Products
- Disposable E-Mail Services
- Able to route to your real email address
17Header Source/Content
- We will cover this ISP/Server shared topic in a
few minutes
18Client Software Products
As reported by PC Magazine, 2/25/2003 and updates
in 2003
19Disposable E-Mail Services
As reported by PC Magazine, 2/25/03 and updates
in 2003
20ISP/Server Planning
- 10 Tips For Your IT Department
- Examining Header Source and Contents
- ISP/Server Products
- Installed Solutions
- Hosted Solutions
- Mail Servers
- Exchange
- Domino
2110 Tips for Corp. IT
- Document/Distribute company policies
- Tell Employees how handle to Spam
- Dont post on the web clear email links
- Limit/Disallow personal email
- Dont let employees use emails in chat rooms, etc.
- Dont use guessable email addresses
- Set security levels on staffs browsers
- Properly configured firewall
- Install protection at the gateway and server
- Make sure your mail server is not an open relay
22Examining Content
- Mail Header make sure you know where to find
it
- Mail Envelope you need your ISPs assistance in
most cases or rights to Exchange Server logs
(if turned on)
- KeyWords/Content
- Spotty and difficult to use in a corporate
environment
- Bayesian
- Remember College Statistics?
- Thanks goodness you get to know it works, without
having to calculate it
23ISP/Server Products
As reported by PC Magazine, 2/25/03 and updates
in 2003
24Hosted Services
As reported by PC Magazine, 2/25/03 and updates
in 2003
25Mail Servers
- Not the depth of tools to attack Spam built in.
Expect this to change Exchange 2003 added
functionality and so did Lotus Notes Domino
- Many products work with Exchange need to
evaluate
- Many products work in front of product giving
you flexibility
26mwa.net Case Study
- MA e-mail accounts
- 40
- 20 staff
- 5 staff with heavy spam
- 150 a weekend/ea
- iMail server www.ipswitch.com
- MA private ISP
- Black Lists
- HTML filtering
- Kill List
- Blocked IP Addresses
- White List
27Question and Answers
- Beyond Today
- Pick a few links that interest you, and follow
up
- Stop Previewing Mail that might be Spam, and do
all the good end-user steps
- Buy and implement a solution
- You will limit it and save time/dollars
- Thanks for your time