Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Published byGeneviève Dumais Modified over 5 years ago

Similar presentations

Presentation on theme: "Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey."— Presentation transcript:

1 Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey

2 What is Spam ? Estimated cost for companies: Cost for spammers:
Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a café everything on the menu includes SPAM™ luncheon meat. Estimated cost for companies: 1 spam = 1$ cost per company (investment in spam fighting, helpdesk handling user complaints, time spent cleaning folders…) Cost for spammers: 39$ for 1 million French addresses. 12 January 2019 Emmanuel Ormancey

3 stealing Test at CERN: an address was published on the Mail Service Website, 37 days after the first Spam was received. 6 Weeks study: 275 addresses published on 175 different supports. (source Federal Trade Commission, November 2002) In 6 weeks: 3349 Spams were received by the 275 addresses. Speed record: First Spam was received 9 minutes after publishing an in a Chat room. Support Spammed s Chat room 100% Newsgroup 86% Standard Web site Personal Web Site 50% Forum 27% WebMail 9% 12 January 2019 Emmanuel Ormancey

4 Products review Existing market products were reviewed:
Technology too young Results are not accurate Missing a per user basis configuration While the market consolidates … CERN/IT developed its own Anti-Spam filter. Less effort than running after immature commercial technology. Now running for 1.5 year. Easy to modify and update detection techniques. CERN specific user level configuration / customization. 12 January 2019 Emmanuel Ormancey

5 Mail filtering overview
Low level Spam Filter ESRE Evident Spam Rejection based on Envelope DNS checks Internal Blacklists Mail from Internet Exchange Back-Ends / Other CERN Mail Servers Internet / Outside CERN Reject Anti Flood System IFD Intelligent Flood Detection IP From To Content Spam Filter SpamKiller Content based Intelligent Detection Add header with Spam Detection Score Virus Scanning Symantec Symantec Antivirus for Exchange Clean viruses, remove un-cleanable files. Clean mail with Spam header Reject Reject If 500 mails in 10 minutes If score too high

6 Content Spam Filtering
CERN SpamKiller is NOT McAfee Spamkiller. SpamKiller calculates the probability for a message to be spam Regular expressions. “Intelligent” content parsing. Statistical heuristics (Bayesian Filters). Charset detection algorithm. The user sets the threshold at which he wants spam to be rejected Rejected message can be seen by the user (CERN Spam folder) Per user configuration Rejection of foreign languages mail on a per user basis (Chinese, Korean, Russian, Japanese, Arabic, etc …) 12 January 2019 Emmanuel Ormancey

7 User configuration Filtering level Language-based rejection
12 January 2019 Emmanuel Ormancey

8 Efficiency More than 50% of accepted traffic is detected as spam.
1 day statistics on smtp gateways, all checks enabled: CERN receives 81% of Spam ! But 67% is rejected. More than 50% of accepted traffic is detected as spam. 12 January 2019 Emmanuel Ormancey

9 Efficiency False positives are quite low Good spam detection
Except for commercial lists (spam that you want). White lists at user level can be configured to prevent this. Good spam detection My mailbox filtering is standard: 30 to 40 Spams filtered per day. 3 or 4 Spams still go to the INBOX per week. Can be improved, but new algorithms must be found. Not enough for some users with “public” address Old address or published address are more targeted for Spam. 12 January 2019 Emmanuel Ormancey

10 Future evolution Spammer techniques always follow anti-spam techniques. New detection mechanisms work only for a few months. Needs a full time work to have a constantly “up-to-date” filter. Only viable long term solution is to accept only mails from people you know: ICQ (and other messenger systems) already have this feature. Accept only messages from people in my contact list. Adding someone to the contact list requires validation. 12 January 2019 Emmanuel Ormancey

11 Move to Inbox.Quarantine
New feature (in test) Good Mails not matching the user’s whitelist are quarantined. Mail is send to sender requiring action to validate himself. Once validated, sender is added to whitelist, mails are moved back to Inbox. Delete Delete if evident spam level Move to Cern Spam Spam Filter level Move to Inbox.Quarantine Mail to sender for validation. Quarantine level Inbox 12 January 2019 Emmanuel Ormancey

12 Next… Current situation: Improvements
Think, test and add new techniques. Improve a fully customizable solution at user level. Improvements Automatic whitelist currently in test. Future is to join forces against Spam: Share rules, regular expressions patterns and Bayesian statistics dictionary with other organizations. Central Antispam configuration with Live Update like antivirus definitions will be the solution. Therefore … Long term goal: use a commercial product. Like for antivirus products, only a full time working team will provide up-to-date filters. 12 January 2019 Emmanuel Ormancey

13 Questions ? emmanuel.ormancey@cern.ch 12 January 2019

Download ppt "Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey."

Similar presentations

K12 WebMail http://access.k12.wv.us:1081.

K12 WebMail
Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
© 2012 Eloqua, Inc. Confidential 1 Deliverability and IP Warming Overview and Implementation Using Eloqua.

© 2012 Eloqua, Inc. Confidential 1 Deliverability and IP Warming Overview and Implementation Using Eloqua.
Basic Communication on the Internet:

Basic Communication on the Internet:
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Email Assurance Gateway Not Just Warmed-over Open Source Technology…

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of servers Across dozens of.

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Dealing With Spam The email kind, not the Food product.

Dealing With Spam The kind, not the Food product.
Are You Spamming Your Clients? June 17, 2011. Introductions  Doug Ladendorf Manager of Marketing Databases & CRM Mayer Brown LLP  1,600 Attorneys 

Are You Spamming Your Clients? June 17, Introductions  Doug Ladendorf Manager of Marketing Databases & CRM Mayer Brown LLP  1,600 Attorneys 
Course 201 – Administration, Content Inspection and SSL VPN Filtering

Course 201 – Administration, Content Inspection and SSL VPN Filtering
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
6/1/2015 Email Spam Filtering - Muthiyalu Jothir 1 Email Spam Filtering Computer Security Seminar N.Muthiyalu Jothir – 271120 Media Informatics.

6/1/2015 Spam Filtering - Muthiyalu Jothir 1 Spam Filtering Computer Security Seminar N.Muthiyalu Jothir – Media Informatics.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
Tony BrettOUCS Course Code ZAE 1 March 2004 Webmail – the new WING Tony Brett Oxford University Computing Services.

Tony BrettOUCS Course Code ZAE 1 March 2004 Webmail – the new WING Tony Brett Oxford University Computing Services.
Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.

Similar presentations

Ads by Google