1. Preventing Spam: Today and Tomorrow Zane Bonny Vilaphong Phasiname The Spamsters!

2. Summary Why Prevent Spam How is Spam Prevented What is Wrong With This Picture? What can we do? List Based Approach Algorithm Based Approach Government Legislation Who Did What and Sources Conclusions

3. Why Prevent Spam Phishing Scams  Red Cross Donation Privacy  Many want your personal information Out of control  70 to 100 a day at the average office Costly  More than 10 Billion a year.

4. Why Prevent Spam ANNOYING!  Who likes spam in their inbox?  Can you totally eliminate spam?

5. How is Spam Prevented Junk E-Mail Filter – will decide to delete a message or not based on the content of the email message. Safe Senders List – this list defines an email as safe or not. Imagine an email message that is sent through but is deleted by the spam filter. This filter tells the email program that it is safe. Safe Recipients Lists – this list is similar to the senders list but is instead used for large groups of people. Blocked Senders List – this is a list of the people that will be treated as junk whether they pass the filter or not.

6. How is Spam Prevented Never reply to a spam Don’t click any links in a spam email Don’t use your home or business email address Preview your messages before you open them Disguise your email address

7. What is Wrong With This Picture? Rely heavily on the user  Many of these methods do not provide automatic protection. Lists and filters are rarely used by users Even if they are utilized it takes time to be effective What can we do to help eliminate?

8. What can we do? More user friendly methods More automatic Handled more on the IT side

9. List: DNS Black Listing Implementation of an old idea  Black list can be formed for an individual This is known as DNS Blacklisting Been in use since 1997 Three requirements for Blacklist  Domain  Name Server  List of addresses

10. List: DNS Black Listing DNSBL queries  First reverses ip  Second appends DNSBL with reverse IP  Last checks names in list Example  IP=1.2.3.4 DNSBL=bl.black.com  Sent to blacklist as 4.3.2.1.bl.black.com Policies vary from blacklist to blacklist  What does the list wish to prevent?  How do you find the addresses?  How long?

11. List: DNS Black Listing

12. List: Challenge Response This is an email filter in reverse  Assumes that all email is spam First mail is sent Second challenge is issued to the sender Lastly, if the sender responds then they are white listed

13. List: Challenge Response A number of problems exist Not all email can be responded to  Listserv  Mailing lists Also what if a spammer used a legitimate email address?

14. List: Bounce Messages What is this? Send one each time a spam email is sent A few problems….  Spammers don’t care  Forged return address  Pretty easy to tell by header if it is real or not

15. Algorithm: Bayesian Probability Bayesian achieves 98%+ spam detection rate using mathematical approach. How does it work? Uses ham files  Ham files contain legitimate email. For example:  The word “free” can be recognize within the data base files of ham.  If the word “free” spell differently the Bayesian filter will detected as spam.

16. Algorithm: Chung-Kwei Named after Feng-Shui figure  This figure was a symbol of protection  Chung-Kwei is designed to protect business Part of SpamGuru package made by IBM Uses Teiresias algorithm to discover patterns for spam-vocabulary

17. Algorithm: Chung-Kwei Spam-vocabulary is what is used to filter emails before reaching end user. White email can remove spam from the spam-vocabulary. Query method then classifies

19. Government Legislation Why come up with a fancy technique at all why not just ask Uncle Sam for help? Consider the Do Not Call Registry  Fairly effective at deterring telemarketers  Legal action is available if the telemarketers do not comply On the flip side….  Legal questions arise  And constitutional questions

20. Who Did What? Vilaphong…  Algorithm based approaches  Government legislation  Conclusion Zane…  List based approaches  PowerPoint  Intro

21. Sources Boyce, Jim. “What to do with all that spam”. Microsoft. 1 May. 2003. 14 Nov. 2007.. “DNSBL”. Wikipedia. 13 Oct. 2007. 14 Nov. 2007.. Gowan, Frith. “Don't Get Lured by Phishing Scams”. Techsoup.org. 12 Dec. 2005. 14 Nov. 2007. Orlov, Gregory. “Spam: prevention is better than cure!”. BCS. 1 Jan. 2005. 14 Nov. 2007.. Rigoutsos, Isidore and Huynh, Tien. “Chung-Kwei: a Pattern-discovery-based System for the Automatic Identification of Unsolicited E-mail Messages (SPAM)”. IBM Thomas J Watson Research Center. 1 Jan. 2005. 14 Nov. 2007.. “Section 7 - Spam Prevention”. SORBS. 1 Jan. 2004. 14 Nov. 2007.. Stuart, Anne. “Canning Spam”. Inc.com. 1 May. 2003. 14 Nov. 2007.. Tenby, Susan. “Things You Can Do to Prevent Spam”. Techsoup.org. 12 Nov. 2007. 14 Nov. 2007.. “Why Bayesian Filtering is the Most Effective Anti-Spam Technology”. GFI.com. 1 Jan. 2007. 14 Nov. 2007.

22. Conclusion Have many prevention methods already implemented Most important improvement that can be made is automation Have listing methods and algorithms. algorithms tend to yield the best results Simple lists were sufficient in past  Today Spam has evolved to a point that it requires “smarter” methods to prevent it The prevention of spam will undoubtedly become more of issue in the future and cost business a consumers more money  A fool proof prevention is unlikely Only 100% way is Government Regulation  That also has drawbacks

23. Questions?