Learning Center
Plans & pricing Sign in
Sign Out




   May 15 2006
                        From: Thrifty Health-Insurance <>Mailed-By:
                        noticeoption.comReply-To: Thrifty Health-Insurance
   E-mail (UBE)        <>
                        Date: May 10, 2006 9:30 PM
       Advertisement   Subject: No obligation Health Insurance Quotes

       Phishing        Great health insurance quotes.

                        Get a quote from us and let local agents compete for your
   Webpage             business. Health insurance is more affordable than you think.

                        Health Plans
       Content         Dental Plans
                        Prescription Plans
       Links           Vision Plans and more

                        Check out the lowest rates in the industry.


                        This email is a commercial message. ………….
How worse is the situation

   30-40% mail traffic are spam

   End-user
       Waste time reading junk (may fall in trap)
       ~1 billion productivity lost per year
   System operator
       Increased running cost
Why people spam?

   Economic incentive
       Effectiveness = sent x (1-Pfiltered) x Pread x Pclickthrough

   Business strategy?
How spammer collect e-mails

   UseNet
   Web pages
   Registration forms
   Dictionary attacks
Defense mechanism

   Authentication
   Challenge/response system
   DNSxL

   Check-sum based filtering
   Statistical filtering

   Micro-payment
   Spam poisoning

   A brand new architecture

   Avoid forged sender address
       SMTP AUTH
           Verify sender is a legitimate user
       Sender Policy Framework (SPF)
           Verify sender’s IP corresponds to the domain
Challenge/response system

   Work together with white list
       Only sender in the contact list can get through
       If not, a challenge is posted to the sender
       Ensure sender is a human instead of a program

   Block list
       A list of IP/domain observed to be sending out
        spam consistently
       use DNS to distribute the list
       Similar to reverse DNS lookup

   White list
       Similar idea but work in the other way
Check-sum based filtering

   Collaborative filtering
       Distributed Checksum Clearinghouse (DCC)
       Vipul’s Razor
       Brightmail
   A checksum is computed for a spam reported
   The list is consistently updated and
Statistical filtering

   2-class text classification problem
       Words, phrases
       Training samples
       Adaptive
Statistical filtering

   False positive

                          Classified   Classified   Total
                          junk         legitimate

          Acutally junk   36           9            45

          Actually                     174          177
          Total           39           183          222

   Increase the cost of spammers
   Micro-payment / e-cash
   “Computational” payment
       HashCash (SHA-1)

           Takes 1 second to generate
           Takes 1 microsecond to verify (both on 1GHz machine)
       CAMRAM
Spam poisoning

   Expose e-mail address in human-readable format
   Generate fake e-mail dynamically by CGI script

   Create e-mail addresses to harvest spam e-mails
    (similar to honeypot)
New architecture

   Internet Mail 2000
       Pull based
       Sender’s ISP responsible for storing e-mails
       Receiver gets a notification only

       A global deployment is unlikely anytime in the
        near future
How spammer response?

   Append random string at the end of each
    spam e-mail
   Improve spambot to filter characters used in
    spam poisoning
   Use worms to infect e-mail client programs
   Analyze user’s e-mail pattern

To top