Spam & Spam Control

Prepared by: Waleed Omarwmahmoud@mantrac.com.egCISSP, CCDA, MCSE, MCT, Exchange-MVP.

Contents

1. Facts & Statistics2. Cost of Spam3. Defining Spam4. Sending Mechanisms5. Spammer Tricks6. Techniques for Identifying Spam7. The tools Microsoft uses to fight spam8. Conclusion

Facts & Statistics

• More than 97 % of e-mail messages sent over the internet are unwanted (have malicious attachments or are phishing attacks or spam)

• 349.6 Billion in 2008 192 % increase in Spam over the past year

*Source: Microsoft Security intelligence Report Volume 6 (July – December 2008)

Cost of Spam

• Spam costs U.S. companies US$ 712 per employee each year.

Users are spending 3 minutes identifying average of 21 unwanted messages and deleting each spam e-mail, which translates into an annual cost of $70 billion to all US businesses.

• Around 60 % of the email processing time is wasted in receiving Spam.

*nucleusresearch.com – ferriys.com

How to defeat spam

1. Security Awareness2. Tool3. Legislations

Spam Categories

• Fake pharmaceuticals.• Fake fashion items.• Pornography and prostitution.• Stock kiting.• Phishing.• Trojan horses.• Backscatter.• ignorant marketers.

• Directory Harvest Attack (DHA)• Chain Mails• Social engineering• Mining message boards and chat rooms

Valid e-mail account!

Sending Mechanisms

• Open proxies• Free email services• Other free services• Stolen Netblocks• Botnets

Techniques for Identifying Spam

• Reputation of the sending IP address• Profiling the sender’s operating system• Standards compliance• Greylisting • Greet pause• Format standards compliance.• Statistical content analysis (Bayesian) • Throttling

Spammer Tricks

• HTML tricks. • Bayesian poisoning. • Content morphing. • Images and other attachments• Forcing secondary MX. • Countering IP reputation• Hiding the call-to-action.

The tools Microsoft uses to fight spam

• Intelligent Message Filter (IMF)• Sender ID Framework (SIDF)• Outlook 2007 Email Postmark• Microsoft Forefront Security for Exchange• Exchange Hosted Filtering

Intelligent Message Filter (IMF)

Exchange 2007 AntiSpam Agents

Exchange 2007 AntiSpam Agents

"I only send mail from these machines. If any other machine claims that I'm sending mail from there, they're lying.“

Sender ID Framework

Exchange Hosted Filtering

FSE Forefront Security for Exchange

1. Microsoft IP Reputation filter service and automated updates.

2. Automated updates for Microsoft SmartScreen spam heuristics, Phishing Websites, and intelligent message Filter (IMF).

3. Targeted Spam signature data and automatic updates to identify spam campaigns.

Thanks for your attention

Waleed Omar wmahmoud@mantrac.com.eg CISSP, CCDA, MCSE, MCT, Exchange-MVP.