Spam How To Control The Beast - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Spam How To Control The Beast

Description:

Use Free Web Mail Accounts. Use a Disposable E-mail Address. Use Fake Addresses ... Able to route to your real email address. Header Source/Content ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 28
Provided by: KevinM128
Category:
Tags: address | beast | control | free | spam

less

Transcript and Presenter's Notes

Title: Spam How To Control The Beast


1
Spam - How To Control The Beast
  • Kevin Martin, Martin Assoc.

2
My 3 Main Objectives
  • Supply materials for your web site, marketing
    handouts and client goodwill activities
  • Go beyond the list of how to avoid and show a
    real life case study in applying these
    techniques
  • A resource list to help you move forward

3
Agenda/Topic Overview
  • Spam Background, Stats and Definitions
  • Common Rules To Follow
  • Client Desktop Solutions
  • ISP/Server Planning (and Products)
  • mwa.net (MAs private ISP) case study
  • Questions and Answers

4
Spam Background, et. al.
  • How They Get Your E-mail Address
  • How Spammers Operate
  • Spam and the Law
  • A Few Dictionary Items
  • Where to Focus Resources Client Desktop or
    ISP/Server?

5
Getting Your E-mail Address
  • From you registering on unscrupulous web sites
  • Newsgroup postings
  • Chat sessions
  • Spambots that crawl through web sites looking for
    the _at_
  • Purchase an e-mail list
  • Random name generation
  • Harvesting from a company server
  • Your browser gave it up-www.privacy.net/analyze

6
How Spammers Operate
  • Gather Addresses
  • Find a way to send the mail
  • Find a SMTP server that can handle the volume.
    One they own, or use tools to find open relays or
    pay a bulk-mailer,
  • And hide them from any repercussions. False
    header information illegal in some states -
    Congress is working on a nationwide band. But
    off shore laws will not be enforceable.
  • Fun Fact a good email server can send out 1
    million emails an hour

7
Spam and the Law
  • Most at the state level half the states have
    something. www.spamlaws.com. Congress is
    working to weigh in
  • Spam laws are not about content but rather
    false subject lines, false routing information,
    3rd party domain names used without permission
    and ineffective opt-outs
  • Spam laws are nice in theory about impossible
    to enforce
  • Lack of consensus is Spam unsolicited, bulk or
    commercial email?
  • No way to enforce oversees spammers
  • Know case law exists, and move forward with your
    systems to stop spam dont wait for Law and
    Order SVU to save you

8
A Few Dictionary Items
  • False-Positive email that should not have been
    bounced but was caught in Spam filtering
  • False-Negative email that you wish was caught
  • Response/Challenge and White List user needs to
    be identified as being valid BY you
  • Black List service that tracks spam senders,
    and will report back. Typically by IP Address
  • Bayesian statistical approach to word
    association
  • HTML Filtering reviewing the hrefs embedded in
    your email

9
Where To Focus Resources?
  • Client Desktop why would ITA Members Care?
  • Our smaller clients (1-10 desktops) need it
  • ITA larger clients will ask what to do at home
  • Good way to show you are plugged in
  • ISP/Server
  • Focus your time here
  • No magic solutions but there are ways and
    processes. (and You have to follow up on them)
  • Still a good way to show you are plugged in

10
Common Rules To Follow
  • Guard Your In-Box
  • Use Free Web Mail Accounts
  • Use a Disposable E-mail Address
  • Use Fake Addresses
  • Dont Post Your Address
  • Dont Answer Spam. Ever
  • Opt Out
  • Read the Privacy Policy
  • Dont View SPAM Messages in your in box

11
More on Dont View Spam
  • Outlook, Eudora, etc. support previewing mail.
    Use previewing carefully.
  • href code is waiting to run when you preview or
    view a message
  • Some is static, with no custom info about you
  • Smarter spammers are href tagging your spam
  • Previewing and Viewing both need to be managed by
    you

12
More on Dont View Spam (cont)
  • The graphic appeared on my laptop screen BEFORE
    I even read/opened the message an href was
    being followed by my mail software

13
More on Dont View Spam (cont)
  • This text (from previous email) appears to
    support that NO custom href item was used. No
    foul here. But

14
More on Dont View Spam (cont)
  • This message is previewed off- line (no active IP
    address on my PC) - Notice the x showing,
    instead of a graphic image.

15
More on Dont View Spam (cont)
  • Look closing at the href, I kept this message
    from sending positive confirmation by me just
    because I viewed thee-mail/spam

16
Client Desktop Solutions
  • Examining Header Source and Contents
  • Rule-based filtering
  • Anti-spam algorithms
  • Black lists
  • Client Software Products
  • Disposable E-Mail Services
  • Able to route to your real email address

17
Header Source/Content
  • We will cover this ISP/Server shared topic in a
    few minutes

18
Client Software Products
As reported by PC Magazine, 2/25/2003 and updates
in 2003
19
Disposable E-Mail Services
As reported by PC Magazine, 2/25/03 and updates
in 2003
20
ISP/Server Planning
  • 10 Tips For Your IT Department
  • Examining Header Source and Contents
  • ISP/Server Products
  • Installed Solutions
  • Hosted Solutions
  • Mail Servers
  • Exchange
  • Domino

21
10 Tips for Corp. IT
  • Document/Distribute company policies
  • Tell Employees how handle to Spam
  • Dont post on the web clear email links
  • Limit/Disallow personal email
  • Dont let employees use emails in chat rooms, etc.
  • Dont use guessable email addresses
  • Set security levels on staffs browsers
  • Properly configured firewall
  • Install protection at the gateway and server
  • Make sure your mail server is not an open relay

22
Examining Content
  • Mail Header make sure you know where to find
    it
  • Mail Envelope you need your ISPs assistance in
    most cases or rights to Exchange Server logs
    (if turned on)
  • KeyWords/Content
  • Spotty and difficult to use in a corporate
    environment
  • Bayesian
  • Remember College Statistics?
  • Thanks goodness you get to know it works, without
    having to calculate it

23
ISP/Server Products
As reported by PC Magazine, 2/25/03 and updates
in 2003
24
Hosted Services
As reported by PC Magazine, 2/25/03 and updates
in 2003
25
Mail Servers
  • Not the depth of tools to attack Spam built in.
    Expect this to change Exchange 2003 added
    functionality and so did Lotus Notes Domino
  • Many products work with Exchange need to
    evaluate
  • Many products work in front of product giving
    you flexibility

26
mwa.net Case Study
  • MA e-mail accounts
  • 40
  • 20 staff
  • 5 staff with heavy spam
  • 150 a weekend/ea
  • iMail server www.ipswitch.com
  • MA private ISP
  • Black Lists
  • HTML filtering
  • Kill List
  • Blocked IP Addresses
  • White List

27
Question and Answers
  • Beyond Today
  • Pick a few links that interest you, and follow
    up
  • Stop Previewing Mail that might be Spam, and do
    all the good end-user steps
  • Buy and implement a solution
  • You will limit it and save time/dollars
  • Thanks for your time
Write a Comment
User Comments (0)
About PowerShow.com