Spam Solutions 01

33 %
67 %
Information about Spam Solutions 01

Published on January 8, 2008

Author: Domenica


Spamming the Anti-Spam Solution Space :  Spamming the Anti-Spam Solution Space SDForum Security Sig / 28-Oct-04 D. Crocker Brandenburg InternetWorking Spammer? Phisher? What we will cover:  What we will cover Problem space What is spam? How is it sent? Solution Space – Focus on technology Types and places for control Types of ‘Solution’ efforts Standards efforts Prognostications Disclaimer and Caveat:  Disclaimer and Caveat Not a full tutorial Focus on technical efforts, primarily authentication Spam is complicated and simplistic solutions will be damaging Email is more complex than people usually realize Spam is a social problem, like crime Technical solutions need to follow the social assessment No single action will eliminate it — nothing will “eliminate” it! Setting the Context:  Setting the Context © 1975(!) Datamation This? Oh, this is the display for my electronic junk mail. We Do Have A Problem!:  We Do Have A Problem! We do not need to cite statistics We have a dire problem. It is getting worse, quickly. Nothing has yet reduced global spam! It is like moving from a safe, small town to a big (U.S.) city We must distinguish Local, transient effects that only move spammers to use different techniques, versus Global, long-term effects that truly reduce spam at its core Dangerous Logic:  Dangerous Logic “We have to do something now!” (Ignore any side-effects, or dismiss them as minor.) “Maybe it’s not perfect… but at least we’re taking some action!” “What have we got to lose?” “At least it reduces the problem… for now.” “We must replace SMTP… even though we don’t know what we want to do “We can do something in the interim…” Even though nothing on the Internet is ever interim “…but this is urgent!!” A Bit of Perspective:  A Bit of Perspective Spam is complex, confusing and emotional Imagine that time has passed What changes will be important? Effects of “solutions” on email Will it still be easy to reach everyone? Will it be cumbersome, with fragmented communities? Different types of spam Legitimate business will behave acceptably (mostly) Rogue (criminal) spammers will be worse than today Make Changes Cautiously:  Make Changes Cautiously Experience making Internet changes means… Changes to an installed base of 1billion users are risky, difficult, expensive and slow Assume there will be (bad) unintended consequences Providers operate differently, so control is limited Changes need to produce direct, basic benefit Directly affect key problem or directly improve service Orchestrated inter-dependent changes do not work Universal spam solution rebuttal:  Universal spam solution rebuttal Checkbox form-letter for responding to spam solutions proposals. See: <> Your post advocates a ( ) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)… But What Is Spam, Exactly?:  But What Is Spam, Exactly? No common definition UCE? UBE? Anything I don’t want? No technical differences from “regular” mail How can we make policy When we cannot formulate a common, Internet-wide definition? So, instead… Try a pragmatic approach Focus on core, identifiable characteristics Define specific solution Ignore the rest, for now And why do we still need this slide? A Spamming Network:  A Spamming Network Spammer Victim Wheel of Spam (Mis)Fortune:  Wheel of Spam (Mis)Fortune Control of spam Cannot be “surgically” precise Must balance the wheel Needs range of partial solutions Different techniques for near-term vs. long-term, except that near-term never is Heuristics Long lists  complicated Complicated  Be careful! Many Facets Email Points of Control:  Email Points of Control Email Architecture: draft-crocker-email-arch Secondary Approaches:  Secondary Approaches Charging – Sender pays fee Some vs. all senders How much? Who gets the money? Enforcement – Laws and contracts Scope of control – national boundaries? Precise, objective, narrow? Administration Exchange filtering rules Exchange incident (abuse) reports Coordination among Abuse desks Email Security Functions Make someone accountable:  Email Security Functions Make someone accountable What to Authenticate?:  What to Authenticate? Security Models:  Security Models Mail Mail Email Path(s) Today!:  Email Path(s) Today! MUA MSA MTA MTA MDA MUA MTA MTA Peer MTA Peer MTA MTA MTA MTA MTA MTA MTA MDA MUA Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = Delivery SPF and Sender-ID: Source Registers Path:  SPF and Sender-ID: Source Registers Path MUA MSA MTA1 MTA4 MDA MUA MTA3 MTA2 Peer Peer Assigns Sender and MailFrom Did MSA authorize MTA1 to send messages for domain? Did MSA authorize MTA2? Did MSA authorize MTA3? MSA must pre-register and trust each MTA in entire path to every recipient! Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = Delivery Emerging Favorites:  Emerging Favorites Validate content DomainKeys, Identified Internet Mail (IIM) Transit signature of msg Validate operator Client SMTP Validation (CSV) Operator validates MTA Validate Bounce Bounce Address Tag Validation (BATV) Sign MailFrom Reputation CSA & DNA (CSV) Still learning Reporting No candidates, yet Enforcement We are still learning Client SMTP Validation: Assess Peer MTA:  Client SMTP Validation: Assess Peer MTA MUA MSA MTA MTA MDA MUA MTA MTA Peer MTA Does a domain's operator authorize this MTA to be sending email? Do independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse? CSV Functions:  CSV Functions Moving Towards Standards:  Moving Towards Standards Accountability (Author & Operator) Authentication Authorization (Accreditation) Filtering (Format of rules) Reporting & monitoring (Immediate problems) (Aggregate statistics) Enforcement (Contracts and laws are standards) Terminology Acceptable behavior How to Choose the Future :  How to Choose the Future Look at each proposal Who must adopt it? When? How much effort is need to administer it? How much does it change email? Where to look for documents Internet Drafts

Add a comment

Related presentations

Related pages

SPAM Solutions - Optimus01

Most internet users are familiar with SPAM on the internet SPAM is irritating “unsolicited bulk email” that clutters up the internet and your mailbox.
Read more

Anti-Spam Solutions and Security | Symantec Connect

Anti-Spam Solutions and Security. ... where a "%01" before the hostname can be ... The existing and proposed anti-spam solutions attempt to mitigate the ...
Read more

Flutterby™! : Spam solutions 2003-07-30 01:37:26.65951+00

[ related topics: Spam] comments in ascending chronological order : #Comment Re: Spam solutions made: 2003-07-30 01:49:29.555615+00 by: ghasty. Yes, I have ...
Read more

Spam Solutions -

Like any problem, the problem of spam inspired 3 kinds of solutions: social, political, and purely technical. I don't see how any technical measure could ...
Read more

Spam & Spam Solutions | MediaXpress

Are you getting junk emails in your inbox? Are they wasting your time, resources and inbox space? Unfortunately unsolicited email or spam is a set of ...
Read more

Spam: Solutions and Their Problems | Ian A W Macdonald ...

We analyze three potential solutions to the spam problem - sender pays pricing, receiver pays pricing and filtering - used alone or concur-rently. We find ...
Read more

Wiki Spam Solutions -

Requirements. Here are some vague requirements to help guide us in finding a good solution. The order is arbitrary. 01 Should deal with first-time spammers
Read more

Sicherer Schutz von Mobile, Cloud, Endpoint, Encryption ...

Moderne Spam-Bedrohungen. Wir haben alle Spamquellen im Blick, immer und überall. Werfen Sie einen Blick auf unser Spam-Dashboard mit Echtzeit-Daten.
Read more


YouTube Red Show ad. Watch Queue Queue. Watch Queue Queue. Remove all; Disconnect; ... - Duration: 2:01. PlayOverwatch . 705,685 views; 15 hours ago; 1:40:44.
Read more