SPAM

Problem Description

Develop a tool to send email with phony SMTP headers to simulate SPAM.

Latest initiatives to reduce SPAM

Email Protocols

Simple Mail Transfer Protocol (SMTP) – Transfer mail reliably and efficiently. Used to send emails between 2 SMTP servers (mail transfer agents)

Post Office Protocol (POP) or Internet Message Access Protocol (IMAP) – Retrieve mail from SMTP servers to email client (mail user agent)

Email Flow illus Protocols

Delivery initiated by transfer of message to SMTP server Bases on domain of recipient, SMTP server queries DNS server for

the name of destination SMTP server If recipient account exists on destination server, email is tranferred If destination server cannot be contacted, mail transferred to an

intermediate relay server. This will transfer to dest or other relays

SMTP

InternetInternetLocal Mail Transfer Agent (Sendmail, MS Exhange)

Email Client

Remote Mail Transfer Agent (Sendmail, MS Exhange)

Mail Client

POP/IMAP

Mail Relay Servers (Sendmail, MS Exhange)

DNS server

Differences : IMAP/POP

SMTP Protocol Simple ASCII Protocol (protocol

that transmits only ASCII characters and uses ASCII control codes. Demands little, if any, error checking). SMTP service runs on port 25.

No authentication to send email, only to retrieve (POP)

Run SMTP via telnetClient initiates connection (“telnet cs.sjsu.edu 25”), No login/password reqd

Greeting - 220 eniac.cs.sjsu.edu ESMTP Sendmail 8.12.10/8

HELO request, waits for resp. Quits if server refuses Returns status code and text

MAIL FROM request Returns status code, 250 for success, 500 for failure

RCPT TO request Returns status code

DATA request Returns status code

QUIT request Disconnects

Program

Implementation of SMTP protocol. Uses socket communication

No login/passwd. cs.sjsu.edu as server

Program Output

The From, To and originating PC name fields are received correctly.

IP address of PC still visible. Procedure to hide IP involves manipulating data at network layer instead of application. Sendmail daemons (UNIX) used to forge IPs. No conclusive evidence on checking source code

Hide IP in SMTP headers Open relay (insecure relay/third-party

relay) is an SMTP e-mail server that allows third-party relay of e-mail messages (process emails neither for/from local user). Unaware owner donates network and computer resources to the sender's purpose. So, cs.sjsu.edu was used as an open relay in previous example.

A blind relay is a relay that hides (modifies) the IP address of the sender and relays the message to destination

Scenarios to Hide IP

Spammer buys “service” from Blind Relay service provider to “relay” his emails

Spammer sends bulk emails via ISP server to Blind Relay Host Blind Relay Host forges SMTP headers, modifying the IP

addresses/hostnames of spammer and his ISP Blind Relay forwards the emails to destination or to the next

relay host. The destination host thinks that the emails originated from an “untraceable” server. Relay host server claims it has been “spammed”.

InternetInternetSpammer

ISP/Firewall

Blind Relay

Destination Host

How to reduce SPAM? Filters – Text based Turing Tests – CAPTCHA

(Visual/Audio) Sender Pays - The Penny Black

Project

Penny Black Project Penny Black stamp reformed

British postal system in 1830s. Before this, postage was paid by addressee and calculated for each letter. After Penny Black, cost of postage shifted to sender.

Computational Spam Fight "If I don't know you, and you want to send me

unsolicited mail, then you must prove to me that you have expended 10 secs, just for me and just for this message." S’pose, effort may be in terms of CPU cycles. With 80,000 secs/day and 10 secs/msg, spammer restricted to 8,000 msgs/server/day. More investment on servers reqd to generate current traffic (biggest spammers send 250 mil/day).

User Experience:o Automatically and in the backgroundo Checking proof extremely easy

Economics (80,000 s/day) / (10s/message) = 8,000 msgs/day Hotmail’s billion daily spams:

o 125,000 CPUso Up front capital cost just for HM: circa

$150,000,000 The spammers can’t afford it. Sites like Amazon unaffected as it will add fraction

of a penny to total cost/per order Circa 300 people total; very top few spammers

make a few million/year (F. Krueger, SMN; also, see the recent articles about Alan Ralsky)

Comparison: FastClick, with 30% of popunder market, has profit of $2 mil/yr (income of $4 mil/yr)

Hard to compute; f(S,R,t,nonce)• lots of work for the sender

Easy to check “z = f(S,R,t,nonce)”• little work for receiver

Parameterized to scale with Moore's Law• easy to exponentially increase computational

cost, while barely increasing checking cost

Cryptographic Puzzles

Sender client

S

Sender client

S

Recipient client

R

Recipient client

R

m, f(S,R,t,nonce)

Memory Bound PuzzlesSlow CPUs are a lot slower than

the fastesto Factor of 10 – 30 within desktops

Memory latencies vary little o factor of 3

So: design a puzzle leading to a large number of cache misseso Equalizes actual computation time

Ticket Server(Ideal Message Flow)Ticket kit = (#, puzzle)Ticket = (#, response) Tickets may be

accumulated in advance (pre-computation).

Centralization eases updates

RecipientServer

MSG + TicketSender

Ticket Server

GetTicket

Kit

HTTP

SMTP

HTTP TicketOK?

1,2

4,5

3

Conclusions Computational spam-fighting – No money is

charged, No challenge-response mechanism, Control of mail servers remains as it is now, no infrastructure change - four Stanford students implemented the scheme. Once in place, virtually no maintenance

Who chooses f?o One global f? Who sets the price?

How is f distributed (ultimately)?o Global f built into all mail clients? ISPs?

Awkward Introductory Periodo Old versions of mail programs; bounces

Very Slow/Small-Memory Machines

References http://www.faqs.org/rfcs/rfc2821.html http://whatis.techtarget.com/

definition/0,,sid9_gci782509,00.html http://www.codeguru.com/Cpp/I-N/

internet/ http://www.insecure.org/sploits/

sendmail.helo.overflow.html MSDN Library – Penny Black Project