Mail Filtering Update in WiscMail Report on Current Status and by armedman1


									Mail Filtering Update in WiscMail –
     Report on Current Status
          and Future Plans

                  ITC Briefing
                  Friday January 16th, 2004
WiscMail Quick Summary

   WiscMail Currently Serves 67,500 Users
   WiscMail has 1.8 TB of Storage Allocated
   Over 6,000 Viruses Daily
   Over 400,000 Pieces of SPAM Daily
   SPAM Filtering Introduced, July, 2003
Message Composition July, 2003
Message Composition January 2004
The Goals & Requirements of the
Filtering Project Have Been Met

   Reduce SPAM by 80% or More
    –   Anecdotal user evidence as well as vendor evidence show over
        90% accuracy

   Comply with legal mandates that prevent system wide
    SPAM filtering – filters must be applied using an
    individual Opt-In basis
    –   All users can opt-in to have their mail filtered.
    –   Other users’ mail is not interfered with
The Goals & Requirements of the
Filtering Project Have Been Met

   Provide an option to select levels of filtering
    –   The provided user interface allows 7 levels of sensitivity

   System must perform well and be scalable as message
    volumes increase
    –   The spam scanners add less than 1 second delay to message

   Provide a Web Interface to system
    –   A custom interface has been built to allow users to filter their
The Goals & Requirements of the
Filtering Project Have Been Met

   Compatible with WiscMail SunOne message system
    –   Filters are based on the Sieve mail filtering language, which
        is a feature of SunOne

   Vendor supported system
    –   The Spam scanners are running PureMessage, a product of
How WiscMail Anti-Spam Works

   Scan the messages
    –   All potentially unsafe messages are scanned
    –   Messages are marked with a spam “score” and
        then delivered as intended
How WiscMail Anti-Spam Works

   Filter the messages
    –   Users can choose (opt-in) and Control
          Whether or not to filter spam messages
          What threshold (based on spam score) to filter
          To use their local email client to filter spam
           instead of the provide server filters. (e.g. POP
Message SPAM Ratings – Jan 2004
Front Line Filters

   Site-wide filters can be created to block
    specific messages from entering the system
    –   Hundreds of thousands of SoBig messages
        stopped using this method.
    –   Commonly used in stopping large virus outbreaks.
    –   Saves load on spam and virus scanners.
User Filters

   Users can configure their own filters
    –   Filters are executed by the server, not the local email
    –   Over 13,000 users participating
    –   Filter SPAM into “Junk Mail” folder
User Filters

   Users can configure their own filters
    –   Create filters to bypass the spam filter
            White List – mail from senders always stay in Inbox
            Black List – mail from senders always go to Junk Mail
            Mailing Lists – mail to list addresses always stay in Inbox

    –   Custom Filters
            Create custom criteria for filtering messages into specific
How Mail is Treated

                      Server    Spam   Virus   User
   Type of Mail       Filters   Scan   Scan    Filters
Incoming Mail from
                        X               X        X
  WiscMail Users
 All Other Incoming
                        X        X      X        X

   Outgoing Mail        X               X       N/A
WiscMail Message Flow

           Anti-Spam                     Message
                                           Junk Mail

                       Anti-   Filters      INBOX
           MTA         Virus

                                           Any Folder
The War on Spam

   The Good
    –   Anti-Spam companies are out-spending and out-
        smarting spammers
            New spamming techniques provide only short term
             gains for the spammers before the anti-spam companies
             thwart them

    –   Legislation may help prevent US based spam
The War on Spam

   The Bad
    –   Spammers learn how to get past filters
            Requires constant monitoring and research by vendors

    –   Legislation has no effect on foreign spam
            A Do-Not-Spam List may be exploited by these

    –   Spam volumes are increasing
            Now around 50% of total mail volumes
The War on Spam

   The Ugly
    –   The SMTP protocol is inadequate
            It allows spammers to lie

    –   Spammers are teaming up with virus writers
            Virus-infected computers DoS attack Anti-Spam
             services (RBLs)
            Virus-infected computers send spam
            SoBig is an example of this
Problems we are having

   User Participation and Knowledge
    –   Advertisements have only enticed 13,000 users to
        participate in the filtering service
    –   We do not know who is using the service with client
        filters (e.g. POP users)
    –   Some users do not understand that they have to
    –   Many users do not understand that SPAM detection
        is not an exact science
Future Plans for the Anti-Spam Project

   Further integrate anti-spam and anti-virus
    –   Increase performance by combining virus and spam
        detection into a single operation
    –   Develop a process to automatically tag viruses as
   Possible use of quarantining
    –   Keep spam on spam servers instead of Junk Mail
    –   Users can choose what to do with the messages that
        are quarantined
Question and Answer

To top