Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.

Published byAlicia Moore Modified over 8 years ago

Similar presentations

Presentation on theme: "CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall."— Presentation transcript:

1 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010

2 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Current mail infrastructure Mail service in numbers: –~18 000 mailboxes –~ 18 000 mailing lists (e-groups) –~ 3000 electronic faxes received/send each month –~ 200 000 messages send each day to Internet –~ 80 000 legitimate messages received each day from Internet -Current systems -Microsoft Exchange 2003 – 95% of mailboxes -Microsoft Exchange 2010 – 5% of mailboxes + client access and edge servers

3 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Overview  Spam is a big problem, about 180 billion spam messages per day world wide  At CERN each day we receive more than 1 million messages  At CERN half of CERN mail addresses forward to external mail addresses  Large number of mailing lists  SPAM messages has to be rejected  Messages are never deleted – we refuse or accept  New anti spam system reduced blacklisting of our mail servers

4 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS A bit of history about anti spam systems at CERN 2002 – home made anti spam system 2008 – built-in system of Exchange 2007 April 2010 – Microsoft Forefront Protection 2010 for Exchange servers

5 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Motivation for a new anti spam system  Users were reporting spam messages delivered to Inbox, Junk Folder  Preparation for deployment of Exchange 2010 – new mail gateways  System which is well integrated with current systems (possibility to whitelist from mailbox, whitelisting applied on all levels of filtering)

6 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS ForeFront and main features  Anti spam system  On board an efficient content filtering engine provided by Cloudmark  Fingerprints mechanism  Fingerprints of messages compared with fingerprints of known spam messages  Fingerprints calculated based on RELEVANT parts of a message  Heuristic  Built in anti virus system  5 different antivirus engines scan messages in parallel

7 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Sample spam statistics  94% of messages is filtered  Very low number of messages delivered to Junk Folder  Helpdesk@cern.ch reported that amount of users complaining about spam decreased significantly  Few requests from users who would like to receive more spam ;)

8 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Anti spam system architecture  3 levels of spam filtering  Most of messages is rejected by the first level

9 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Cause of messages rejection  1 st layer – source analysis: 1056475, ~94% of rejection  2 nd layer – protocol analysis: 44198, ~4% of rejection  3 rd layer – content analysis: 22455, ~2% of rejection

10 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS 1 st layer of defense – source analysis Tell me what is your IP and I will tell you if you are SPAMMER DNS block list One of the most effective means to counter spam attacks Forefront retrieves from public databases lists of blocked IP addresses Different providers: SPAMHAUS, Hotmail etc. Sender id framework Prevent false positives

11 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS 2 nd layer - protocol analysis Accept only legitimate recipients and senders Sender filtering Rejecting blocked senders Accepting white listed Recipient filtering Rejecting recipients which doesn’t exist at CERN Low percentage of false positives and false negatives ~4% of rejected messages

12 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Content analysis – 3 rd layer Why there are no messages in my Junk folder Two methodologies are applied on messages Fingerprint of a spam message (updates are received each 45 seconds) Heuristic At present only few hundreds messages per day are delivered to spam folder, over all 18 000 mailboxes 2% of rejected messages

13 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Content filtering engine and fingerprints ForeFront with Cloudmark Service providers Consumer Mobile operator Enterprise Updates each 45 sec Nomination DB Catalog Database Trust Evaluation System Cloudmark system

14 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Remaining challenges  Phishing  Looking for a solution  Troubleshooting of messages rejected by Content Filtering  Improved by migrating users to Exchange 2010 – white listing  Forwarding messages from mailboxes in other institutes  Improved by migrating users to Exchange 2010 – mailbox merge

15 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS What will come next  When mailboxes are migrated to Exchange 2010  Possibility to whitelist senders  Whitelisting will be applied on all layers of filtering  By default all contacts will be whitelisted.  Blacklisting  Control of compromised accounts  Limits on number of recipients per 24h

16 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Thank you!

Download ppt "CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall."

Similar presentations

Email Deliverability @ Eloqua Providing Industry-Leading Email Management Tools.

Eloqua Providing Industry-Leading Management Tools.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Email Assurance Gateway Not Just Warmed-over Open Source Technology…

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.

Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.

Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Managing and Avoiding Junkmail. Junk E-mail  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.
OCR Functional Skills Keywords Use the right keywords To do this you need to know what it is you are searching for! – For example, you might want to search.

OCR Functional Skills Keywords Use the right keywords To do this you need to know what it is you are searching for! – For example, you might want to search.

Similar presentations

Ads by Google