Presentation is loading. Please wait.

Presentation is loading. Please wait.

Combating E-mail Abuse Brian Nisbet NOC Manager HEAnet.

Published byRuby Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "Combating E-mail Abuse Brian Nisbet NOC Manager HEAnet."— Presentation transcript:

1 Combating E-mail Abuse Brian Nisbet NOC Manager HEAnet

2 Introduction SMTP was never expected to handle this. Huge volume of email, huge volume of email abuse. Not restricted to just spam. –Viruses –Phishing –Malware Links

3 General Principles “Be liberal in what you accept, be conservative in what you send.” – Jon Postel –Also, your network, your rules. Multiple areas to consider: –Technical measures –Education –Policies & Procedures –Tools

4 Technical Measures Realtime Block Lists –DNS based, some free, some charge. –HEAnet Anti-Spam service offers Trend Micro ERS and Spamhaus Zen service. http://www.spamhaus.org –Spamcop - bl.spamcop.net –combined.njabl.org –Checked in order, rejected on first match. –Check early, at Connect or Mail From: –Make your own! Port 25 outbound!

5 Restrict SMTP connection volumes. –Make sure to reserve some for internal users. Close open relays! Rules based system/spam heuristics. –Spamassassin - http://spamassassin.apache.org/ –Rules need constant monitoring/adjustment. –Maintain spam corpus for checking. –Whitelists vital. –Tailor score to suit individual needs. –Mark at one score, filter at another.

6 Reject mail from sources that announce with a single word. Beware of mailservers claiming to be you! Authorised users only. Secure connections. Greylisting –Delaying mails and waiting for resend. –Accepts ‘known’ mail immediately. –Rather controversial. Tarpitting

7 Backup MX Backup MXs used to be vital. Now more likely to be a vector for abuse. Recommendation is to only use MXs you control. Need to have exactly the same filters in place. Modern Internet substantially more secure. Mailservers resend for 2 – 4 days before abandoning. Consider a virtual machine.

8 Anti-Virus Anti-virus on your MX a must. AV that isn’t updated, isn’t AV. –Once per hour is good, once per day is maybe ok. Block “dangerous” extensions. –Multiple lists, mainly executables. Keep updated. –SMTP is not a file transfer protocol. Quarantine and release systems are questionable.

9 Phishing & Links Servers and clients beginning to detect this. Also detectable with programs like Spamassassin. Main tool is education. Also change message to remove clickable links.

10 DKIM, SPF etc Various systems in the wild to prove the sender is who they say they are, and often to assign a reputation. Worth configuring SPF to make sure of deliverability. Much discussion about usefulness for receiving. Spammers (either intentional or bots) often are who they say they are. Websites: –http://www.openspf.orghttp://www.openspf.org –http://www.dkim.org/

11 Education Users should feel safe when online, but not too safe! –You wouldn’t give your credit card number to someone you bumped into in town? Some users will always think “Maybe this time it’s real?” Make sure you never send out a real mail that looks phishy. Never: –Ask for passwords. –Put in a link to a login page in an unsolicited mail. –Offer millions of dollars in exchange for a bank a/c number.

12 Policies & Procedures Abuse contacts must be published & monitored. Reports must be acted on as a matter of urgency. Systems taken offline, a/cs closed. Users and machines must be traceable. Allegedly legitimate outbound mail must comply with laws and general standars of good behaviour. http://www.ripe.net/ripe/docs/ripe-409.html

13 Irish law on spam is encoded in SI 535 of 2003. –Personal addresses (mary.kelly@eircom.net) are opt-in.mary.kelly@eircom.net –Business addresses (brian.nisbet@heanet.ie) are opt-out.brian.nisbet@heanet.ie Many SMTP server operators are more stringent than this. Decide on and publish your own code of practice. This may be part of a larger AUP.

14 Tools & Resources Vast number of SMTP and AV programs. –No official HEAnet recommendation. –Remember HEAnet Tech list. Spamhaus (http://www.spamhaus.org)http://www.spamhaus.org RIPE Anti-Abuse WG –http://www.ripe.net/ripe/wg/anti-abuse/index.htmlhttp://www.ripe.net/ripe/wg/anti-abuse/index.html RIPE Resource Explainer –http://labs.ripe.net/content/rex-resource-explainerhttp://labs.ripe.net/content/rex-resource-explainer noc@heanet.ie!

Download ppt "Combating E-mail Abuse Brian Nisbet NOC Manager HEAnet."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Basic Communication on the Internet:

Basic Communication on the Internet:
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via email, text message, online chat, blogs or various other.

What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via , text message, online chat, blogs or various other.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Methods for Stopping Spam James Lick

Methods for Stopping Spam James Lick
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.

ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.

UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.

Spam Reduction Techniques Using greylisting and SpamAssassin.

Similar presentations

Ads by Google