Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Slides:

Advertisements

Similar presentations

Advertisements

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

1 Effective, secure and reliable hosted security and continuity solution.

© 2012 Eloqua, Inc. Confidential 1 Deliverability and IP Warming Overview and Implementation Using Eloqua.

Basic Communication on the Internet:

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Dealing With Spam The kind, not the Food product.

Are You Spamming Your Clients? June 17, Introductions  Doug Ladendorf Manager of Marketing Databases & CRM Mayer Brown LLP  1,600 Attorneys 

Course 201 – Administration, Content Inspection and SSL VPN Filtering

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

6/1/2015 Spam Filtering - Muthiyalu Jothir 1 Spam Filtering Computer Security Seminar N.Muthiyalu Jothir – Media Informatics.

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? Intelligent Message Filter provides server-side message filtering,

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Tony BrettOUCS Course Code ZAE 1 March 2004 Webmail – the new WING Tony Brett Oxford University Computing Services.

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

Guide to Operating System Security Chapter 10 Security.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Spam Sonia Jahid University of Illinois Fall 2007.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

How to Get The Most Out of Outlook 2003 Michele Schwartzman Division of Customer Support Summer 2006.

Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

What’s New in WatchGuard XCS v9.1 Update 2. WatchGuard XCS v9.1 Update 2  Introduce New Features WatchGuard XCS Outlook Add-in Secur Encryption.

GOT SPAM? Spam is the unsolicited or undesired bulk electronic messages. Spam usually contains pornography, viruses, phishing attacks, scams, trojans,

Manage your mailbox IV: Archive old messages Get fancy with Archive Archive can be very flexible. You don’t have to archive only at the selected time intervals;

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.

Combating Abuse Brian Nisbet NOC Manager HEAnet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Department of Computer Sciences The University of Texas at Austin Zmail : Zero-Sum Free Market Control of Spam Benjamin J. Kuipers, Alex X. Liu, Aashin.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Module 6 Planning and Deploying Messaging Security.

Norman Protection Powerful and flexible Protection Gateway.

Small Business Resource Power Point Series How to Avoid Your Marketing Messages Being Labelled as Spam.

Firewalls. Intro to Firewalls Basically a firewall is a __________to keep destructive forces away from your ________ ____________.

Etiquette – a list of rules that we observe Phishing - sending an to a user falsely claiming to be a legitimate company to scam the user into providing.

What’s New in WatchGuard XCS v9.1 Update 1. WatchGuard XCS v9.1 Update 1  Enhancements that improve ease of use New Dashboard items  Mail Summary >

Spam Solutions Group 7 Leo Leung Peter Gorzkowski Seema Yadav Tobby Mathew You’ve Got Mail!

Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.

Module 7 Planning and Deploying Messaging Compliance.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Five Managing Addresses.

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

1 Information Systems 2/26/03 Tom Coppeto Mark Silis MIT Mail System Update 26 February 2003.

Keeping Your Computer Safe and Running Efficiently.

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

Spam Wrangling on UC Berkeley's CalMail. Spam detection CalMail uses Sophos PureMessage, running on CommuniGate Pro's front-end servers PureMessage.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Outlook / Exchange Training. Outlook / Exchange: Agenda What Can Microsoft Exchange Do / How works at UST? and Inbox Mailbox Quota Archiving.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

Deliverability and IP Warming

Anti-Spam Managing Spam with Kerio Connect

TMG Client Protection 6NPS – Session 7.

What is it? Why do I keep getting from Barracuda? SPAM.

Emmanuel Ormancey - Michel Christaller

Spam Detection Algorithm Analysis

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

COMPLETE BUSINESS TEXTING SOLUTION

Presentation transcript:

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey

What is Spam ? Estimated cost for companies: Cost for spammers: Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a café everything on the menu includes SPAM™ luncheon meat. Estimated cost for companies: 1 spam = 1$ cost per company (investment in spam fighting, helpdesk handling user complaints, time spent cleaning email folders…) Cost for spammers: 39$ for 1 million French email addresses. 12 January 2019 Emmanuel Ormancey

Email stealing Test at CERN: an email address was published on the Mail Service Website, 37 days after the first Spam was received. 6 Weeks study: 275 email addresses published on 175 different supports. (source Federal Trade Commission, November 2002) In 6 weeks: 3349 Spams were received by the 275 addresses. Speed record: First Spam was received 9 minutes after publishing an email in a Chat room. Support Spammed emails Chat room 100% Newsgroup 86% Standard Web site Personal Web Site 50% Forum 27% WebMail 9% 12 January 2019 Emmanuel Ormancey

Products review Existing market products were reviewed: Technology too young Results are not accurate Missing a per user basis configuration While the market consolidates … CERN/IT developed its own Anti-Spam filter. Less effort than running after immature commercial technology. Now running for 1.5 year. Easy to modify and update detection techniques. CERN specific user level configuration / customization. 12 January 2019 Emmanuel Ormancey

Mail filtering overview Low level Spam Filter ESRE Evident Spam Rejection based on Envelope DNS checks Internal Blacklists Mail from Internet Exchange Back-Ends / Other CERN Mail Servers Internet / Outside CERN Reject Anti Flood System IFD Intelligent Flood Detection IP From To Content Spam Filter SpamKiller Content based Intelligent Detection Add header with Spam Detection Score Virus Scanning Symantec Symantec Antivirus for Exchange Clean viruses, remove un-cleanable files. Clean mail with Spam header Reject Reject If 500 mails in 10 minutes If score too high

Content Spam Filtering CERN SpamKiller is NOT McAfee Spamkiller. SpamKiller calculates the probability for a message to be spam Regular expressions. “Intelligent” content parsing. Statistical heuristics (Bayesian Filters). Charset detection algorithm. The user sets the threshold at which he wants spam to be rejected Rejected message can be seen by the user (CERN Spam folder) Per user configuration Rejection of foreign languages mail on a per user basis (Chinese, Korean, Russian, Japanese, Arabic, etc …) 12 January 2019 Emmanuel Ormancey

User configuration Filtering level Language-based rejection 12 January 2019 Emmanuel Ormancey

Efficiency More than 50% of accepted traffic is detected as spam. 1 day statistics on smtp gateways, all checks enabled: CERN receives 81% of Spam ! But 67% is rejected. More than 50% of accepted traffic is detected as spam. 12 January 2019 Emmanuel Ormancey

Efficiency False positives are quite low Good spam detection Except for commercial lists (spam that you want). White lists at user level can be configured to prevent this. Good spam detection My mailbox filtering is standard: 30 to 40 Spams filtered per day. 3 or 4 Spams still go to the INBOX per week. Can be improved, but new algorithms must be found. Not enough for some users with “public” email address Old email address or published email address are more targeted for Spam. 12 January 2019 Emmanuel Ormancey

Future evolution Spammer techniques always follow anti-spam techniques. New detection mechanisms work only for a few months. Needs a full time work to have a constantly “up-to-date” filter. Only viable long term solution is to accept only mails from people you know: ICQ (and other messenger systems) already have this feature. Accept only messages from people in my contact list. Adding someone to the contact list requires validation. 12 January 2019 Emmanuel Ormancey

Move to Inbox.Quarantine New feature (in test) Good Mails not matching the user’s whitelist are quarantined. Mail is send to sender requiring action to validate himself. Once validated, sender is added to whitelist, mails are moved back to Inbox. Delete Delete if evident spam level Move to Cern Spam Spam Filter level Move to Inbox.Quarantine Mail to sender for validation. Quarantine level Inbox 12 January 2019 Emmanuel Ormancey

Next… Current situation: Improvements Think, test and add new techniques. Improve a fully customizable solution at user level. Improvements Automatic whitelist currently in test. Future is to join forces against Spam: Share rules, regular expressions patterns and Bayesian statistics dictionary with other organizations. Central Antispam configuration with Live Update like antivirus definitions will be the solution. Therefore … Long term goal: use a commercial product. Like for antivirus products, only a full time working team will provide up-to-date filters. 12 January 2019 Emmanuel Ormancey

Questions ? emmanuel.ormancey@cern.ch 12 January 2019