Spam How To Control The Beast

1
Spam - How To Control The Beast

• Kevin Martin, Martin Assoc.

2
My 3 Main Objectives

• Supply materials for your web site, marketing
  handouts and client goodwill activities
  
• Go beyond the list of how to avoid and show a
  real life case study in applying these
  techniques
  
• A resource list to help you move forward

3
Agenda/Topic Overview

• Spam Background, Stats and Definitions
• Common Rules To Follow
• Client Desktop Solutions
• ISP/Server Planning (and Products)
• mwa.net (MAs private ISP) case study
• Questions and Answers

4
Spam Background, et. al.

• How They Get Your E-mail Address
• How Spammers Operate
• Spam and the Law
• A Few Dictionary Items
• Where to Focus Resources Client Desktop or
  ISP/Server?
  

5
Getting Your E-mail Address

• From you registering on unscrupulous web sites
• Newsgroup postings
• Chat sessions
• Spambots that crawl through web sites looking for
  the _at_
  
• Purchase an e-mail list
• Random name generation
• Harvesting from a company server
• Your browser gave it up-www.privacy.net/analyze

6
How Spammers Operate

• Gather Addresses
• Find a way to send the mail
• Find a SMTP server that can handle the volume.
  One they own, or use tools to find open relays or
  pay a bulk-mailer,
  
• And hide them from any repercussions. False
  header information illegal in some states -
  Congress is working on a nationwide band. But
  off shore laws will not be enforceable.
• Fun Fact a good email server can send out 1
  million emails an hour

7
Spam and the Law

• Most at the state level half the states have
  something. www.spamlaws.com. Congress is
  working to weigh in
  
• Spam laws are not about content but rather
  false subject lines, false routing information,
  3rd party domain names used without permission
  and ineffective opt-outs
• Spam laws are nice in theory about impossible
  to enforce
  
• Lack of consensus is Spam unsolicited, bulk or
  commercial email?
  
• No way to enforce oversees spammers
• Know case law exists, and move forward with your
  systems to stop spam dont wait for Law and
  Order SVU to save you

8
A Few Dictionary Items

• False-Positive email that should not have been
  bounced but was caught in Spam filtering
  
• False-Negative email that you wish was caught
• Response/Challenge and White List user needs to
  be identified as being valid BY you

• Black List service that tracks spam senders,
  and will report back. Typically by IP Address
  
• Bayesian statistical approach to word
  association
  
• HTML Filtering reviewing the hrefs embedded in
  your email

9
Where To Focus Resources?

• Client Desktop why would ITA Members Care?
• Our smaller clients (1-10 desktops) need it
• ITA larger clients will ask what to do at home
• Good way to show you are plugged in
• ISP/Server
• Focus your time here
• No magic solutions but there are ways and
  processes. (and You have to follow up on them)
  
• Still a good way to show you are plugged in

10
Common Rules To Follow

• Guard Your In-Box
• Use Free Web Mail Accounts
• Use a Disposable E-mail Address
• Use Fake Addresses
• Dont Post Your Address

• Dont Answer Spam. Ever
• Opt Out
• Read the Privacy Policy
• Dont View SPAM Messages in your in box

11
More on Dont View Spam

• Outlook, Eudora, etc. support previewing mail.
  Use previewing carefully.
  
• href code is waiting to run when you preview or
  view a message
  
• Some is static, with no custom info about you
• Smarter spammers are href tagging your spam
• Previewing and Viewing both need to be managed by
  you

12
More on Dont View Spam (cont)

• The graphic appeared on my laptop screen BEFORE
  I even read/opened the message an href was
  being followed by my mail software

13
More on Dont View Spam (cont)

• This text (from previous email) appears to
  support that NO custom href item was used. No
  foul here. But

14
More on Dont View Spam (cont)

• This message is previewed off- line (no active IP
  address on my PC) - Notice the x showing,
  instead of a graphic image.

15
More on Dont View Spam (cont)

• Look closing at the href, I kept this message
  from sending positive confirmation by me just
  because I viewed thee-mail/spam

16
Client Desktop Solutions

• Examining Header Source and Contents
• Rule-based filtering
• Anti-spam algorithms
• Black lists
• Client Software Products
• Disposable E-Mail Services
• Able to route to your real email address

17
Header Source/Content

• We will cover this ISP/Server shared topic in a
  few minutes

18
Client Software Products
As reported by PC Magazine, 2/25/2003 and updates
in 2003
19
Disposable E-Mail Services
As reported by PC Magazine, 2/25/03 and updates
in 2003
20
ISP/Server Planning

• 10 Tips For Your IT Department
• Examining Header Source and Contents
• ISP/Server Products
• Installed Solutions
• Hosted Solutions
• Mail Servers
• Exchange
• Domino

21
10 Tips for Corp. IT

• Document/Distribute company policies
• Tell Employees how handle to Spam
• Dont post on the web clear email links
• Limit/Disallow personal email
• Dont let employees use emails in chat rooms, etc.

• Dont use guessable email addresses
• Set security levels on staffs browsers
• Properly configured firewall
• Install protection at the gateway and server
• Make sure your mail server is not an open relay

22
Examining Content

• Mail Header make sure you know where to find
  it
  
• Mail Envelope you need your ISPs assistance in
  most cases or rights to Exchange Server logs
  (if turned on)

• KeyWords/Content
• Spotty and difficult to use in a corporate
  environment
  
• Bayesian
• Remember College Statistics?
• Thanks goodness you get to know it works, without
  having to calculate it

23
ISP/Server Products
As reported by PC Magazine, 2/25/03 and updates
in 2003
24
Hosted Services
As reported by PC Magazine, 2/25/03 and updates
in 2003
25
Mail Servers

• Not the depth of tools to attack Spam built in.
  Expect this to change Exchange 2003 added
  functionality and so did Lotus Notes Domino
  
• Many products work with Exchange need to
  evaluate
  
• Many products work in front of product giving
  you flexibility

26
mwa.net Case Study

• MA e-mail accounts
• 40
• 20 staff
• 5 staff with heavy spam
• 150 a weekend/ea
• iMail server www.ipswitch.com
• MA private ISP

• Black Lists
• HTML filtering
• Kill List
• Blocked IP Addresses
• White List

27
Question and Answers

• Beyond Today
• Pick a few links that interest you, and follow
  up
  
• Stop Previewing Mail that might be Spam, and do
  all the good end-user steps
  
• Buy and implement a solution
• You will limit it and save time/dollars
• Thanks for your time