Gold Country Computer Learning CenterMarch 2007
Spam EmailSpam Email
Roger Thornburn
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
2
What is SpamWhat is SpamNeeds to meet 2 requirements
Unsolicited Bulk
Name comes from a Monty Python skit Monty Python's spam video
Mostly commercial25% - Products 20% - Financial
19% - Adult 9% - Scams
7% - Health 7% - Internet
Not Spam: Jokes from friends Newsletters you signed up for
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
3
A Few StatisticsA Few Statistics
Amount of Spam 90 Billion spam emails a DAY (Feb 2007) Average of 50 spam emails a day – per email address 94% of all email is spam
Sources of Spam US – 23% China – 20% Russia -10% South Korea – 6%
Surprise! 28% reply to spam email 8% purchase from spam email
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
4
Current SituationCurrent Situation
IP addresses last 4 hours June 2006 – 35M new domains, 32M not paid Hi jacked mail servers – listed as spammers
Creates problem for legitimate users
Use of “Zombie” PC’s and the BotnetMaybe 1 in 4 PC’s infected.
Image spam Hard for a computer to read Hi growth from 0 to 25% of spam
Getting your email addressDictionary attack Spam bots (websites)
Infected computers Vendors/subscriptions
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
5
Spam Safety tipsSpam Safety tips
Encrypt your email address (not in a dictionary) Use a fake email address where possible Use bcc to send an email to many people Don’t open spam and set Outlook Express to “Block
images…..” Avoids confirming your email Don’t reply to spam – again it confirms you’re real! Don’t post your email address on a website. Uncheck all those “subscribe” boxes Unsubscribe from reputable companies only Use a spam filter
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
6
Spam Filtering TechniquesSpam Filtering Techniques
Rules based Matches specific words in the To, From, Subject or
Body of the email Very specific – can only make an exact match
Bayes filter/Fuzzy logic Uses a mathematical set of probabilities, gathered
from being told what’s “spam” and what’s “ham” Needs to “learn” and kept up to date
Black list Blocks specific “From” addresses.
Not very effective today – new domain every 4 hours!
Good for blocking family/friends or newsletters
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
7
Spam Filtering Techniques (cont.)Spam Filtering Techniques (cont.)
On-line Database (DNSBL) Can work well - if accurate. Can easily stop
legitimate emails as well. Signature analysis for specific emails
White list List of email addresses you will accept email from Challenge/response systems Needs to be kept up-to-date Most effective method
Important!:
No spam filter is perfect. The worst thing is putting legitimate emails in your Spam/Junk/Bulk mail folder. It’s essential to check this folder so you can receive your good email, as well as train the filter.
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
8
Reducing Spam in Real Life!Reducing Spam in Real Life!
Different if using Web mail or POP mail Web mail is when you use your internet browser
(Internet Explorer or Firefox, etc) to read and send your email.
POP mail is when you use an email client (a program such as Outlook/Express, Thunderbird, Endura, etc.) to read and send your email.
With POP mail, the email messages are downloaded to your computer – can be read and new ones composed, without beeing connected to the internet. To read or compose messages in Web mail, you must be connected to the internet
Many email accounts can be accessed by either/both
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
9
Web MailWeb Mail
All your email stays on the Web mail server You have little control Large providers such as Yahoo, Google, Hotmail,
etc. provide excellent spam filtering – using a combination of all the above techniques
Any legitimate emails in the spam/junk box, must be identified – now added to your white list
Yahoo has AddressGuardCreate a separate email address for each person or
class of persons
Many of the smaller ISP’s/email providers, aren’t as sophisticated.
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
10
POP 3POP 3
Spam filter sits between the mail server and your email client Many ISP’s or email servers have own spam filter
Yahoo (SBC, AT&T, Pacbell, etc.) use same as Web mailCan be harder to check spam folder – may need to
configure Huge selection of programs – freeware to $$’s
http://spamlinks.net/filter-client-win.htm
Use different techniques – either singly or in combination.
Some are tightly integrated to the email client
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
11
POP3/Outlook Express ExamplesPOP3/Outlook Express Examples
Outlook Express –Rules Text matching – limited Good for White list – can import address book
K-9 Freeware Uses Bayesian technology – so must train Plus has White list and Black list Regex filters for advanced users Easy interface – but not elegant
Computer Associates ($30) White list Integrated to Outlook/Express – easy to use
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
12
More ExamplesMore Examples
MailWasherPro ($30) Freeware version available Combination of Bayes, White list, Black list,
DNSBL, User filters and Signature Reviews email on the server
Spam is removed before downloadSave time with dial up
Easy to use
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
13
PhishingPhishing
Scams to trick users to reveal personal information Normally an official looking email Directed to a fraudulent website 2004 2006
Losses from phishing attacks: $137 million $2.8 billion
# US adults who received at least one phishing e-mail: 57 million 109 million
Number of victims: 53 thousand 2.25 million
Per-victim loss: $257 $1,244
Money recovered by consumers: 80% 54% Don’t click a link in an email Call your bank or credit card company if suspicious Check the website is secure (https://xxxxx)
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
14
Useful LinksUseful Links
http://en.wikipedia.org/wiki/Spam_e-mail Wikipedia Reference
http://spam.abuse.net/userhelp/ Links to resources and anti-spam filters
http://spamlinks.net/ More links to many anti spam resources
http://spamlinks.net/filter-client-win.htm (More spam filters)
http://spam-filter-review.toptenreviews.com/ Review of some spam filters
http://keir.net/k9.html Freeware Bayes filter (plus White and Black list)
http://shop.ca.com/STContent/landingpages/Antispam/ASPM001/index.aspx?sc_lang=en-US Computer Associates anti spam program (Or Google ca spam). Paid, easy to use White list – integrates to Outlook Express.
http://www.mailwasher.net/ Mail Washer free and paid anti-spam versions. Uses multiple methods for detection
http://www.spambutcher.com/ Spam Butcher – fuzzy logic anti-spam
March 2007 Gold Country Computer Learning Center
Email spam
Roger Thornburn
15
SummarySummary
Web mail Dependant on the ISP/Web mail provider Larger providers often provide configurable options Yahoo AddressGuard is a good solution MUST go into JUNK/BULK/SPAM folder to mark good
emails – regularly
POP3 mail Most effective method is White list (or safe senders
list) – but needed to be kept up-to-date. Using built in Rules of Outlook Express works fine Purchased product – often more convenient.
Above all – Protect Your Email Address!!