Solutions to Spam

----Presented by Di Xu17.12.2010

Introduction

Overview of Spam

Solutions to Spam

Conclusion

Agenda

Advertising material sent by email to people who have not asked for it.(Oxford dictionary)

An electronic message is "spam" if (A) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent(C) the transmission and reception of the message appears to the recipient to give a disproportionate benefit to the sender.

Introduction -Definition

Too many recipients

No header or use forged header

Forged sender’s address

The content of email with specific HTML tag

The body of email consists of small font size

Email subject consists of email address or recipient name

Introduction -Characteristics

From web pages

By guessing & cleaning

From white and yellow pages

From a previous owner of the email address

Buying lists from others

Overview of Spam -How to harvest email addresses

webmail

Third-party computers

Open relays

Open proxies

Spammer viruses

Overview of Spam -How to send Spam

IP Blocking◦ Blacklist◦ Whitelist◦ Greylist

Spam Filtering◦ Rule-based filter◦ Checksum-based filter◦ Content-based filter

Honeypot email address

Payment-based approach

Solutions of Spam -For administrator of email system

Blacklist: A blacklist is a list of known IP addresses that are used to send spam

and the earliest anti-spam technology.

Disadvantage: cannot control emails from unlisted email addresses

Solutions to Spam -IP Blocking

Whitelist: The method makes users may get email from trusted contacts or

domain, but reject emails from not already known domain and contacts, which restricts communication

Disadvantage:◦ It is not a good solution to a big enterprise

◦ It is not difficult for spammers to guess domain which is whitelisted

Solutions to Spam - IP Blocking

Greylist: It is decided by not only IP address, but also some more information

of e-mail like envelope data. If the e-mail is the first time sent to the e-mail account, it will be rejected. But the information of e-mail will be stored

Disadvantage:◦ greylist leads to deliver email in delay before resent email will be

confirmed to send

◦ some normal emails cannot be delivered

Solutions to Spam -IP Blocking

Rule-based Filtering: Users can design the rules to filter e-mail

Disadvantage:◦ It is not flexible

Solutions to Spam -Spam Filter

Checksum-based Filtering: sometimes referred to collaborative filtering.

distributed checksum clearinghouse(DCC) Vipul’s Razor

Disadvantage:◦ It costs a comparative high license fee

◦ if spammers insert something unique invisible to the body of email, it will lead to different checksum

Solutions to Spam -Spam Filter

Content filtering: the solution is content-based filters which scan the nature content of

spam to measure whether it is spam or not

Disadvantage:◦ For some rare spam words, Bayesian could decrease the

probability of the email is spam

◦ It cannot filter email which consist of no words only image

Solutions to Spam -Spam Filter

Honeypot Email address: It is forged email addresses which pollute spammers’

address database

Disadvantage:◦ It is difficult to ◦ keep ideal situation

Solution to Spam - Honeypot Email Address

Payment-based approach: the e-mail servers require payment to delivery e-mail to the

recipients for the senders. But the payment can be the real currency or something else somehow like cost of senders’computing

Disadvantage:◦ The difficulty of the calculations required must be increased over time

Solution to Spam - Payment-based approach

SpamAssassin is one of the hybrid filtering methods. It uses content-based filter and real-time blacklists.

A system which uses whitelist, blacklist and content filter.

+

Solution to Spam - Other Anti-spam approach

United States CAN-SPAM Act of 2003

Canada Electronic Commerce Protection Act

Australia Spam Act 2003

Solutions to Spam -Legislation Enforcement

Select an Unusual E-mail Address

Disposable Addresses

Use Provided Filtering Systems

Never reply to Spam and never use the Unsubscribe Link

Solutions to Spam -Anti-spam behaviors for users

Combination of different solutions could be the most effective solution

Anti-spam solutions do not only rely on anti-spam technology, but also users’ good behavior to protect their own email addresses

Conclusion