spam
DESCRIPTION
SPAM. Problem Description. Develop a tool to send email with phony SMTP headers to simulate SPAM. Latest initiatives to reduce SPAM. Email Protocols. - PowerPoint PPT PresentationTRANSCRIPT
SPAM
Problem Description
Develop a tool to send email with phony SMTP headers to simulate SPAM.
Latest initiatives to reduce SPAM
Email Protocols
Simple Mail Transfer Protocol (SMTP) – Transfer mail reliably and efficiently. Used to send emails between 2 SMTP servers (mail transfer agents)
Post Office Protocol (POP) or Internet Message Access Protocol (IMAP) – Retrieve mail from SMTP servers to email client (mail user agent)
Email Flow illus Protocols
Delivery initiated by transfer of message to SMTP server Bases on domain of recipient, SMTP server queries DNS server for
the name of destination SMTP server If recipient account exists on destination server, email is tranferred If destination server cannot be contacted, mail transferred to an
intermediate relay server. This will transfer to dest or other relays
SMTP
InternetInternetLocal Mail Transfer Agent (Sendmail, MS Exhange)
Email Client
Remote Mail Transfer Agent (Sendmail, MS Exhange)
Mail Client
POP/IMAP
Mail Relay Servers (Sendmail, MS Exhange)
DNS server
Differences : IMAP/POP
SMTP Protocol Simple ASCII Protocol (protocol
that transmits only ASCII characters and uses ASCII control codes. Demands little, if any, error checking). SMTP service runs on port 25.
No authentication to send email, only to retrieve (POP)
Run SMTP via telnetClient initiates connection (“telnet cs.sjsu.edu 25”), No login/password reqd
Greeting - 220 eniac.cs.sjsu.edu ESMTP Sendmail 8.12.10/8
HELO request, waits for resp. Quits if server refuses Returns status code and text
MAIL FROM request Returns status code, 250 for success, 500 for failure
RCPT TO request Returns status code
DATA request Returns status code
QUIT request Disconnects
Program
Implementation of SMTP protocol. Uses socket communication
No login/passwd. cs.sjsu.edu as server
Program Output
The From, To and originating PC name fields are received correctly.
IP address of PC still visible. Procedure to hide IP involves manipulating data at network layer instead of application. Sendmail daemons (UNIX) used to forge IPs. No conclusive evidence on checking source code
Hide IP in SMTP headers Open relay (insecure relay/third-party
relay) is an SMTP e-mail server that allows third-party relay of e-mail messages (process emails neither for/from local user). Unaware owner donates network and computer resources to the sender's purpose. So, cs.sjsu.edu was used as an open relay in previous example.
A blind relay is a relay that hides (modifies) the IP address of the sender and relays the message to destination
Scenarios to Hide IP
Spammer buys “service” from Blind Relay service provider to “relay” his emails
Spammer sends bulk emails via ISP server to Blind Relay Host Blind Relay Host forges SMTP headers, modifying the IP
addresses/hostnames of spammer and his ISP Blind Relay forwards the emails to destination or to the next
relay host. The destination host thinks that the emails originated from an “untraceable” server. Relay host server claims it has been “spammed”.
InternetInternetSpammer
ISP/Firewall
Blind Relay
Destination Host
How to reduce SPAM? Filters – Text based Turing Tests – CAPTCHA
(Visual/Audio) Sender Pays - The Penny Black
Project
Penny Black Project Penny Black stamp reformed
British postal system in 1830s. Before this, postage was paid by addressee and calculated for each letter. After Penny Black, cost of postage shifted to sender.
Computational Spam Fight "If I don't know you, and you want to send me
unsolicited mail, then you must prove to me that you have expended 10 secs, just for me and just for this message." S’pose, effort may be in terms of CPU cycles. With 80,000 secs/day and 10 secs/msg, spammer restricted to 8,000 msgs/server/day. More investment on servers reqd to generate current traffic (biggest spammers send 250 mil/day).
User Experience:o Automatically and in the backgroundo Checking proof extremely easy
Economics (80,000 s/day) / (10s/message) = 8,000 msgs/day Hotmail’s billion daily spams:
o 125,000 CPUso Up front capital cost just for HM: circa
$150,000,000 The spammers can’t afford it. Sites like Amazon unaffected as it will add fraction
of a penny to total cost/per order Circa 300 people total; very top few spammers
make a few million/year (F. Krueger, SMN; also, see the recent articles about Alan Ralsky)
Comparison: FastClick, with 30% of popunder market, has profit of $2 mil/yr (income of $4 mil/yr)
Hard to compute; f(S,R,t,nonce)• lots of work for the sender
Easy to check “z = f(S,R,t,nonce)”• little work for receiver
Parameterized to scale with Moore's Law• easy to exponentially increase computational
cost, while barely increasing checking cost
Cryptographic Puzzles
Sender client
S
Sender client
S
Recipient client
R
Recipient client
R
m, f(S,R,t,nonce)
Memory Bound PuzzlesSlow CPUs are a lot slower than
the fastesto Factor of 10 – 30 within desktops
Memory latencies vary little o factor of 3
So: design a puzzle leading to a large number of cache misseso Equalizes actual computation time
Ticket Server(Ideal Message Flow)Ticket kit = (#, puzzle)Ticket = (#, response) Tickets may be
accumulated in advance (pre-computation).
Centralization eases updates
RecipientServer
MSG + TicketSender
Ticket Server
GetTicket
Kit
HTTP
SMTP
HTTP TicketOK?
1,2
4,5
3
Conclusions Computational spam-fighting – No money is
charged, No challenge-response mechanism, Control of mail servers remains as it is now, no infrastructure change - four Stanford students implemented the scheme. Once in place, virtually no maintenance
Who chooses f?o One global f? Who sets the price?
How is f distributed (ultimately)?o Global f built into all mail clients? ISPs?
Awkward Introductory Periodo Old versions of mail programs; bounces
Very Slow/Small-Memory Machines
References http://www.faqs.org/rfcs/rfc2821.html http://whatis.techtarget.com/
definition/0,,sid9_gci782509,00.html http://www.codeguru.com/Cpp/I-N/
internet/ http://www.insecure.org/sploits/
sendmail.helo.overflow.html MSDN Library – Penny Black Project