1 / 24

Using Traffic Shaping to Combat Spam

Using Traffic Shaping to Combat Spam. David Cawley, Senior Engineer December 12th, 2007. Overview. Evolution of E-mail & Spam Spamonomics SMTP Multiplexing Traffic Shaping Asynchronous IO Passive OS Fingerprinting. The Dawn of E-mail. 1965 MIT shared mainframe 1971 The @ symbol

lavinia-peterson
Download Presentation

Using Traffic Shaping to Combat Spam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Traffic Shaping to Combat Spam David Cawley, Senior Engineer December 12th, 2007

  2. Overview Evolution of E-mail & Spam Spamonomics SMTP Multiplexing Traffic Shaping Asynchronous IO Passive OS Fingerprinting

  3. The Dawn of E-mail 1965 MIT shared mainframe 1971 The @ symbol 1976 Queen of England sends an e-mail 1982 IETF RFC821/822 1989 Lotus Notes released (35k copies sold)‏ 1996 Microsoft Internet Mail 1.0 2001 IETF RFC2821/2822

  4. Attempts to secure... SMTP is inherently insecure SMTP-Auth/TLS SPF Sender-ID Why it didn't stop spam

  5. The Evolution of Spam 1978 The first spam 1988 Usenet cross-posting 1993 “spam” coined as a name 1997 Open Relays abused 2000 Birth of Nigerian spam 2001 Formail exploit 2003 Sobig virus sends spam

  6. The Evolution of Spam 2003 CAN-SPAM act 2004 Bill gates prediction & botnets 2005 Image spam, Ascii art 2006 Animated images, flash, pdf 2007 mp3, excel, p2p botnets

  7. The escalating spam problem The good old days. Source: spamnation.info/stats

  8. Spammer Economics 0.02% people click and buy [source: NY Times] Average filter effectiveness is 90% 1/10 of spam messages get through Improve effectiveness to 95% 1/20 of spam messages get through Spammer Solution? Double spam volume Same profit

  9. Traditional Filtering MD5's, Fuzzy Signatures, Bayesian Header Regex, RBL's, URL Lists, Grey Listing Problems Obfuscation Techniques Formats – html, image, pdf, doc, xls, ole, mp3.. Zombies, Botnets

  10. SMTP Multiplexing Transparent SMTP Proxy Connection Pooling Insulates the MTA Avoids delay of legitimate mail High Concurrency Up to 10,000 simultaneous connections

  11. 12

  12. Traffic Shaping What can we do? Provide a Quality of Service Reputation Network Throttle unknown senders Fast track legitimate senders

  13. 16

  14. Does Sendmail Throttle? ratecontrol ConnectionRateThrottle conncontrol

  15. Asynchronous IO Non-Blocking front end Blocking Back-end Event driven Finite State Machine Management of Resources

  16. Passive OS Fingerprinting Look at IP packet data Determine the Operating System Decision to Throttle

  17. OS Comparison

  18. Conclusions Spamming is driven by economics Botnet operators need to make money Slowing down spam makes it go away

  19. Nick Shelness, Former CTO, Lotus: “I am able to report that I have been running an instance of TrafficControl in my own network for four months, and that it has reduced the volume of spam hitting my boundary MTAs on most days by approximately 95%.” questions@mailchannels.com +1-778-785-6143 www.mailchannels.com

More Related