1

Anti-Spam Anti-Spam 101101

2

3

OverviewOverview What is spam? Who are the spammers?What is spam? Who are the spammers? How do you get ON spam lists?How do you get ON spam lists? How can you avoid getting on the lists?How can you avoid getting on the lists? Helping others (and yourself) avoid spamHelping others (and yourself) avoid spam How to get OFF spam listsHow to get OFF spam lists Extra efforts: things worth knowingExtra efforts: things worth knowing Extended session for those needing extra Extended session for those needing extra

helphelp

4

ConstraintsConstraints We have a lot to cover in a limited We have a lot to cover in a limited

timetime We won’t go deep (unless in Q&A)We won’t go deep (unless in Q&A) We will provide starting points and We will provide starting points and

practical “do it now” suggestionspractical “do it now” suggestions

5

WarningWarningThis is a very difficult/delicate This is a very difficult/delicate

subjectsubject I may insult somebody in this I may insult somebody in this

presentationpresentation YouYou Your friendsYour friends Your familyYour family Your co-workersYour co-workers MeMe

Spam is largely a result of doing Spam is largely a result of doing Stupid Stupid uneducateduneducated things things

6

Let’s get educatedLet’s get educated Do I owe anyone an apology? Yet?Do I owe anyone an apology? Yet?

7

A bit of historyA bit of history I did a talk on spam in 2000I did a talk on spam in 2000 At that time, Perimeter was At that time, Perimeter was

receiving under 100 TOTAL spam receiving under 100 TOTAL spam messages per daymessages per day

We started looking for a solution to We started looking for a solution to what seemed a “big” problemwhat seemed a “big” problem

8

Fast forward - January Fast forward - January 20032003

Of 2000-3000 messages per day, Of 2000-3000 messages per day, 500-800 were spam500-800 were spam

20-25% of all received20-25% of all received

9

July 2003July 2003 Typical day, we received about 3000-Typical day, we received about 3000-

5000 messages5000 messages 30-40% were spam!30-40% were spam! Weekends, with legitimate mail Weekends, with legitimate mail

volume down, spam was about 60-volume down, spam was about 60-70%70%

Some users received over 200 per Some users received over 200 per day!day!

10

June 2005June 2005 Typical day, we received about 5000-Typical day, we received about 5000-

7000 messages7000 messages 65+% were spam!65+% were spam! Weekends were about 85-90%Weekends were about 85-90% Staff aren’t seeing Staff aren’t seeing muchmuch of the junk of the junk

– thanks Barracuda– thanks Barracuda

11

May, 2006 (typical)May, 2006 (typical) 6000-8000 incoming messages per day6000-8000 incoming messages per day 4000-5500 instantly rejected as spam 4000-5500 instantly rejected as spam

(70-85%)(70-85%) 150-300 “suspicious”150-300 “suspicious” 1800-2500 actually delivered1800-2500 actually delivered Weekends have less legitimate mail; not Weekends have less legitimate mail; not

much change in the junk! (90+% spam)much change in the junk! (90+% spam) We know we’re not catching everythingWe know we’re not catching everything

12

Some quick Perimeter Spam Some quick Perimeter Spam StatisticsStatistics

13

~10:55 AM 5/15/2006~10:55 AM 5/15/2006

14

What is spam? What is spam? Who sends it?Who sends it?

15

Some simple (loose) Some simple (loose) definitionsdefinitions

SPAM: Junk mail you don’t wantSPAM: Junk mail you don’t want Trying to sell you somethingTrying to sell you something Or trying to get you to take some actionOr trying to get you to take some action

UCE: Unsolicited Commercial EmailUCE: Unsolicited Commercial Email The official name; minor technical The official name; minor technical

variancevariance Viruses (including Trojans, time Viruses (including Trojans, time

bombs, worms, etc.): programs that bombs, worms, etc.): programs that intend harm. intend harm. These are NOT spam!These are NOT spam!

16

Commercial EmailCommercial Email Is there such a thing as Is there such a thing as legitimatelegitimate

(Solicited) Commercial Email?(Solicited) Commercial Email? ProbablyProbably

Subscriptions you ask for:Subscriptions you ask for: CNN, Fox, WSBCNN, Fox, WSB Christianity TodayChristianity Today Family Life TodayFamily Life Today American Airlines, Delta, Church newslettersAmerican Airlines, Delta, Church newsletters Etc.Etc.

17

Commercial email (cont)Commercial email (cont) If you quit wanting email you asked If you quit wanting email you asked

for, that does NOT make it spam!for, that does NOT make it spam! You need to unsubscribeYou need to unsubscribe Please don’t treat as spam – you Please don’t treat as spam – you

might mess up other people who still might mess up other people who still want these mailingswant these mailings

18

More definitionsMore definitions Urban Legends: Stories that are Urban Legends: Stories that are

fascinating and sound truefascinating and sound true But usually aren’tBut usually aren’t

Hoaxes: Somewhere between spam and Hoaxes: Somewhere between spam and Urban Legend; especially virus hoaxesUrban Legend; especially virus hoaxes

Chain Mail: "forward this to everyone Chain Mail: "forward this to everyone you know.” Often an Urban Legend or you know.” Often an Urban Legend or HoaxHoax

Phishing: specific intent to gather Phishing: specific intent to gather [steal] personal data[steal] personal data

19

AsideAside Possible urban legends, etc. Check Possible urban legends, etc. Check

out on snopes before distributingout on snopes before distributing http://www.snopes.comhttp://www.snopes.com

21

Some “facts” about Some “facts” about spammersspammers

They lie!They lie! They sell your email address to othersThey sell your email address to others They don’t care [much] about dead They don’t care [much] about dead

addresses (NDRs)addresses (NDRs) They use many “harvesting” toolsThey use many “harvesting” tools Most have little moralityMost have little morality A few are unfortunates who have been A few are unfortunates who have been

duped by “you too can get rich using the duped by “you too can get rich using the Internet”Internet”

22

““Lie” is a strong wordLie” is a strong word I believe it’s the right wordI believe it’s the right word We (users) often fall for these lies. In We (users) often fall for these lies. In

particular:particular:1.1. A spam message often starts with “you are A spam message often starts with “you are

receiving this because you asked for it.”receiving this because you asked for it.”2.2. It often ends with “click here to remove It often ends with “click here to remove

yourself.”yourself.” Is #1 a lie? Then why do you believe Is #1 a lie? Then why do you believe

#2?#2?

24

Anti-spam 101 specificsAnti-spam 101 specifics Handout 10 parallels this Handout 10 parallels this

presentationpresentation

25

How do you get on a How do you get on a spammer’s list?spammer’s list?

Often, voluntarily!Often, voluntarily! Well, sometimes people do silly thingsWell, sometimes people do silly things Especially when the word “free” is usedEspecially when the word “free” is used

By registering on questionable sitesBy registering on questionable sites By not reading carefullyBy not reading carefully By exposing your email address on By exposing your email address on

ANY web siteANY web site

26

How do you get on? How do you get on? (cont.)(cont.)

By falling for hoaxesBy falling for hoaxes If you forward this … you’ll receive $$$ ...If you forward this … you’ll receive $$$ ... Responding to scams/probesResponding to scams/probes Responding to spam!Responding to spam!

Watch out for joke listsWatch out for joke lists And “fun” listsAnd “fun” lists

Choosing your family and friends Choosing your family and friends unwiselyunwisely This may take some explainingThis may take some explaining

27

How spammers harvest How spammers harvest emailsemails

Spammers have plenty of tools for Spammers have plenty of tools for finding new addressesfinding new addresses

They scan many document sources They scan many document sources extracting email addressesextracting email addresses

They add those addresses to their They add those addresses to their listslists

And sell them to other spammersAnd sell them to other spammers

28

Harvesting (cont.)Harvesting (cont.) Where do they get the sources for Where do they get the sources for

harvesting?harvesting? From you. (certainly not)From you. (certainly not) What about your friends? And What about your friends? And

family?family? Anyone who “exposes” a lot of Anyone who “exposes” a lot of

addresses is a problemaddresses is a problem Mass forwardersMass forwarders

29

Harvesting (cont.)Harvesting (cont.) Exposed addressesExposed addresses

How about hoaxes of the “forward this How about hoaxes of the “forward this to your friends” type?to your friends” type?

Those emails that ask you to add your Those emails that ask you to add your friends’ emails for pyramid schemesfriends’ emails for pyramid schemes

EXPECT that a spammer ultimately EXPECT that a spammer ultimately will see these messageswill see these messages

AND extract the emailsAND extract the emails

30

Virus/spam overlapVirus/spam overlap Some recent viruses seem to have Some recent viruses seem to have

been written specifically to help been written specifically to help expose email addressesexpose email addresses

Spammers picked up those Spammers picked up those addressesaddresses

31

Practical avoidancesPractical avoidances Do a web search for your own email Do a web search for your own email

addressaddress At Perimeter, you have several. Check them At Perimeter, you have several. Check them

allall If you find your email address on the web, you If you find your email address on the web, you

can expect spammers will too, eventuallycan expect spammers will too, eventually Avoid “forward this to everyone you Avoid “forward this to everyone you

know” messagesknow” messages Don’t send themDon’t send them Look out when you receive themLook out when you receive them

32

Avoidances (cont.)Avoidances (cont.) Hide addresses when emailingHide addresses when emailing Use disposable email addresses for Use disposable email addresses for

potentially risky needspotentially risky needs Use reply-to-all sparingly, or better, Use reply-to-all sparingly, or better,

not at allnot at all Beware using your email address on Beware using your email address on

behalf of your children or others; behalf of your children or others; especially having especially having themthem use your use your email addressemail address

33

Home AvoidancesHome Avoidances(obvious?)(obvious?)

Use Anti-virus software and keep it Use Anti-virus software and keep it up-to-date. (daily updates to pattern up-to-date. (daily updates to pattern files!)files!)

Use an anti-spyware toolUse an anti-spyware tool Use multiple login accounts – avoid Use multiple login accounts – avoid

“administrator” settings“administrator” settings SpamAware, AVG – good, cheap SpamAware, AVG – good, cheap

(free!)(free!)

34

So what’s the point?So what’s the point? Choose your friends wellChoose your friends well Teach the benefits of BCCTeach the benefits of BCC AND hoax/Urban Legend researchAND hoax/Urban Legend research AND cleaning up addresses in AND cleaning up addresses in

forwardsforwards Or better yet…Or better yet…

Teach your friends not to forwardTeach your friends not to forward Easy, right?Easy, right?

35

Can you be part of the Can you be part of the solution?solution?

Teach other about hiding addressesTeach other about hiding addresses Teach others about phishingTeach others about phishing Teach others NOT to reply to spamTeach others NOT to reply to spam Teach other NOT to mass forwardTeach other NOT to mass forward Avoid trivial email messages, Avoid trivial email messages,

including attachment only email. including attachment only email. Teach others the sameTeach others the same

Avoid “killer” subjects and phrasesAvoid “killer” subjects and phrases

37

One more considerationOne more consideration What about Plaxo and Jigsaw and What about Plaxo and Jigsaw and

similar services for keeping up with similar services for keeping up with email addresses?email addresses?

My opinion: Risky! Some disagree. My opinion: Risky! Some disagree. Caveat Emptor. Oh, wait, it’s free! Caveat Emptor. Oh, wait, it’s free! Hmmm…Hmmm…

38

How do you get off spam How do you get off spam lists?lists?

I have bad news:I have bad news:You don’t!You don’t!

You You especiallyespecially don’t get off by trying don’t get off by trying to unsubscribeto unsubscribe That can often make things worseThat can often make things worse Remember – they are liarsRemember – they are liars

39

What can you do?What can you do? Switch to a new email address (alias)Switch to a new email address (alias) CarefullyCarefully inform others of the new inform others of the new

addressaddress Wean yourself from the old addressWean yourself from the old address

How quickly can you afford to do this?How quickly can you afford to do this? Don’t expect it to be painlessDon’t expect it to be painless

41

Good email messagesGood email messages Non-trivial subjectsNon-trivial subjects Subject doesn’t start with hi, hello, or heySubject doesn’t start with hi, hello, or hey

Worse if that’s the Worse if that’s the entireentire subject! subject! Non-trivial message textNon-trivial message text NOT NOT justjust an attachment (including an attachment (including

pictures)pictures) If replying, include the original, or If replying, include the original, or

extractsextracts But, of course, suppressing email addressesBut, of course, suppressing email addresses

42

Email HeadersEmail Headers Handout 11 is stuff most people Handout 11 is stuff most people

don’t want to knowdon’t want to know Sometimes you need to know itSometimes you need to know it What about non-Outlook users? What about non-Outlook users?

43

Learn all your email aliasesLearn all your email aliases(does this apply to your church?)(does this apply to your church?)

See handout 12See handout 12 As a Perimeter staff member, you As a Perimeter staff member, you

have a lot of email addresses, all have a lot of email addresses, all coming to a single mailboxcoming to a single mailbox

You can have more (why!?)You can have more (why!?) You can use “disposable” addressesYou can use “disposable” addresses

44

45

Looking at your addressesLooking at your addresses(one of many ways – Exchange (one of many ways – Exchange

assumed)assumed)

Click the Address Book Icon

Find Your Name

46

Double-Click to openDouble-Click to open

47

Click the email tabClick the email tab

48

Tom can receive email Tom can receive email as:as:

tomm@perimeter.orgtomm@perimeter.orgtommullis@perimeter.orgtommullis@perimeter.orgtom.mullis@perimeter.ortom.mullis@perimeter.orggtmullis@perimeter.orgtmullis@perimeter.org

The upper case SMTP The upper case SMTP indicates the indicates the outboundoutbound address to be used: address to be used: TomMTomM

Note: email addresses Note: email addresses are case-insensitiveare case-insensitive

52

SummarySummary We’ve talked about spam, and We’ve talked about spam, and

spammersspammers How you get ON spam listsHow you get ON spam lists How can you avoid getting on the listsHow can you avoid getting on the lists

For yourself and othersFor yourself and others Getting OFF spam lists – it doesn’t Getting OFF spam lists – it doesn’t

happenhappen Extra efforts: things worth knowingExtra efforts: things worth knowing

54

Questions?Questions?

55

Extended SessionExtended Session Special invitation to our own “dirty Special invitation to our own “dirty

dozen”dozen” Others are welcomed to stayOthers are welcomed to stay Taking the hard steps to get away Taking the hard steps to get away

from “lost cause” email addressesfrom “lost cause” email addresses

56

Other dangers?Other dangers? Can you think of any other ways you Can you think of any other ways you

ended up on spam lists?ended up on spam lists?

57

Steps for abandoning a Steps for abandoning a heavily spammed email heavily spammed email

addressaddress IT will work with you to establish a ‘new’ IT will work with you to establish a ‘new’

email alias. Suggestion: email alias. Suggestion: Firstname.Lastname@perimeter.orgFirstname.Lastname@perimeter.org Example: Tom.Mullis@perimeter.orgExample: Tom.Mullis@perimeter.org We’re OK with something elseWe’re OK with something else

IT will switch this to become your IT will switch this to become your primaryprimary email addressemail address Note: This has very little effect, only OUT-going Note: This has very little effect, only OUT-going

email will have any changed appearance, only email will have any changed appearance, only for those really paying attentionfor those really paying attention

58

Abandonment steps Abandonment steps (cont.)(cont.)

CarefullyCarefully start giving this email start giving this email address to your address to your Avoid the things that caused the Avoid the things that caused the

original problemsoriginal problems Change items on the web and Change items on the web and

printed materials that have your old printed materials that have your old addressaddress Be sure to encrypt addresses on the Be sure to encrypt addresses on the

webweb

59

Abandonment steps Abandonment steps (cont.)(cont.)

When you’re ready…part 1…When you’re ready…part 1… IT will create an Outlook Public folder IT will create an Outlook Public folder

and give it your old email addressand give it your old email address You need to review that folder You need to review that folder

occasionally for the good email occasionally for the good email remainingremaining

CautiouslyCautiously notify the senders of your notify the senders of your new, preferred, addressnew, preferred, address

60

Abandonment steps Abandonment steps (cont.)(cont.)

When you’re ready…part 2…When you’re ready…part 2… Once the Public Folder quits having Once the Public Folder quits having

value:value: IT will disconnect the old email addressIT will disconnect the old email address Any future mail to the old (bad) address Any future mail to the old (bad) address

will be bouncedwill be bounced

61

AdditionallyAdditionally If you absolutely must give your email If you absolutely must give your email

address in risky situations:address in risky situations: IT can create an alternate, “disposable,” aliasIT can create an alternate, “disposable,” alias Use it whenever you don’t care about Use it whenever you don’t care about

responses receivedresponses received When/if that address is spammed, we can When/if that address is spammed, we can

drop it and provide anotherdrop it and provide another Or, alternatively, use the Public Folder concept, Or, alternatively, use the Public Folder concept,

againagain We can give you more than one “disposable”We can give you more than one “disposable”

62

While transitioning…While transitioning… Please keep reporting spam and not Please keep reporting spam and not

spamspam You, collectively, are our best sourceYou, collectively, are our best source

64

Any other questions?Any other questions?

65

Handouts 13 & 14Handouts 13 & 14 Possible friendly responses to your Possible friendly responses to your

friends and familyfriends and family

66

What’s the next action?What’s the next action? Any “take-aways?”Any “take-aways?” Please record on your Please record on your My Actions My Actions

sheetsheet

67

How are we How are we doing?doing?

Time?Time?Content?Content?Depth?Depth?Value?Value?

68