spam and anti spam techniques

This presentation uses some slides from lecture slides of Associate Prof. Tran Quang Anh from FIT - HANU

&&

Anti-spam Anti-spamGroup No 2C12Group No 2C12

Contents

1.Background knowledge

2.Spam

3.Anti spam techniques

4.An introduction to Gmail anti-spam

5.Q&A

1. Background knowledge

1.1 Email format: 2 components• Header• BodySeparated by a free line.

1. Background knowledge

PRIMARY FIELDS SECONDARY FIELDS MIME FIELDS

1. From2. To3. Subject4. Date5. Message-ID

6. Bcc (Blind Carbon Copy)

7. Cc (Carbon copy)8. Content-Type9. Importance10.In-Reply-To11.Precedence12.Received13.Return-Path14.Sender15. X-Originating-IP

16.MIME format17.Content

encoding18.Content type19.Content-

Disposition

1. Background knowledge

1.2 Email sending steps

If server Gmail wants to send an email to manhnv@hanu.edu.vn, it will

Step 1: Check MX record (IP) of hanu.edu.vn

Step 2: Connect to port 25 in that IP address

Step 3: Follow SMTP protocol

2. Email Spam

2.1 What is email spam?

UBE (Unsolicited Bulk Email)

Same content but lots of mails

Purposes: Advertisement, phishing, spreading malware, etc.

2. Email Spam

2.2 Why is email spam?o Technical consideration

o Sender is anonymous

o Internet (email, ADSL) is prevalent

o Economical consideration

o Low cost to send an email

o Demand of advertisement

2. Email Spam

2.3 Problems caused by email spam:

oDenied of service (full mail box, wrong delete)

2. Email Spam

2.3 Problems caused by email spam:

oVirus

2. Email Spam

2.3 Problems caused by email spam:

oPhishing

3. Anti-spam

3.1 Anti-spam framework:

3. Anti - spam

3.2 Anti-spam techniques Content-based method

Header-based method

Protocol-based method

Sender authentication

Social network

3. Anti - spam

Content-based method

o Analyze the frequency of top keywords in email (SpamAssassin)

o Effective algorithm: Bayesian filtering algorithm

o Example: giá, cơ hội, siêu, miễn phí (Vietnamese keywords), free, like, subscribe, Facebook, hot deal, sale off (English keywords)

3. Anti - spam

Header-based method

o Examines the headers of email messages to detect spam

o Approaches:

o Whitelist: email addresses of legitimate email in a database

o Blacklist schemes collect the IP addresses of all known spammer

3. Anti - spam

Source: http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx

3. Anti – spam Protocol-based method

3. Anti - spam Sender authenticationo Spammer can fake identity (they can claim who they are). o Sender authentication treat this way. o How does SA work?

1. SA adds a “marker” to the DNS server, which inform the designated email servers for a specific domain.

2. A server verify if a received email message actually came from on these email servers.

o Example: Sender Policy Framework (AOL, HANU), SenderID (Microsoft), DomainKeys (Yahoo)

3. Anti-spam

Social networko PageRank (Google)o Graph theory:

• Consider an email network with nodes are users and links are email transaction activities

• Coefficient: low (do not exchange email frequently), high

4. Gmail anti-spam

4.1 Gmail anti-spam techniqueo Gmail uses multiple techniques:

o SPF (Sender Policy Framework), o DomainKeyso DKIM (DomainKeys Identified Mail)

4. Gmail anti-spam

4.2 Gmail header formato How to read a header? (Demonstration with web

browser)