SlideShare une entreprise Scribd logo

Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail System

Peter Eisentraut
Peter Eisentraut

originally presented at the Chaos Communication Congress 2005

TechnologieBusiness
1  sur  20
Télécharger pour lire hors ligne
Collateral Damage Consequences of Spam and Virus Filtering for the E-Mail System Peter Eisentraut credativ GmbH 22C3 Peter Eisentraut credativ GmbH Collateral Damage
Introduction 12 years of spam. . . 24 years of SMTP. . . Things have changed: SMTP is no longer enough. Spam filters, virus filters are part of the system But they are not standardized, verified, or predictable. Getting e-mail through is a challenge. Peter Eisentraut credativ GmbH Collateral Damage
Filtering Techniques Examples of questionale defense mechanisms: DNS blackhole lists Bounce messages Greylisting SPF Blocking port 25 Challenge/response systems Inventing your own Peter Eisentraut credativ GmbH Collateral Damage
DNS Blackhole Lists: Concept Publish list of “problem” hosts via DNS Every mail server can query the lists First DNSBL MAPS did manual inspections Current DNSBLs are mostly automatic Peter Eisentraut credativ GmbH Collateral Damage
DNS Blackhole Lists: Discussion Indiscriminate treatment of temporary problems Large ISPs often blocked Useless against dial-up accounts Low correlation with spam occurrence DNS is insecure Only usable as part of scoring system (SpamAssassin) Peter Eisentraut credativ GmbH Collateral Damage
Bounce Messages: Concept Original concept: 1. Host A sends message to host B. 2. Host B checks the message. 3. Host B accepts or rejects the message. Problem: Checking took too long, host A timed out. New concept: 1. Host A sends message to host B. 2. Host B accepts the message. 3. Host B checks the message and sends rejection message to the sender. How to find the sender? Peter Eisentraut credativ GmbH Collateral Damage
Bounce Messages: Discussion Junk e-mail fakes sender addresses. Rejection messages go to innocent users. Users now reject rejection messages. Alternatives: discard messages, quarantine Better: fix MTA time-outs, spam filter performance, go back to original concept Peter Eisentraut credativ GmbH Collateral Damage
Greylisting: Concept Mail server sends temporary error on first contact Normal client tries again Spamming software, zombies doesn’t try again Extremely effective Spammers could react easily, but don’t. . . (?) Peter Eisentraut credativ GmbH Collateral Damage
Greylisting: Discussion Full of configuration pitfalls: Poorly implemented software Sender-side server pools Recipient-side load balancing Broken MTAs that don’t retry Mailing list software with variable sender addresses Time-critical e-mails (eBay) Multistage relays Very hard to get right with diverse user populations Peter Eisentraut credativ GmbH Collateral Damage
SPF: Concept Sender Policy Framework: Domain owner publishes SPF record via DNS, identifying valid outgoing mail servers Mail recipient checks SPF records, rejects mail from invalid mail servers SPF checks envelope sender, Sender ID checks sender address in mail content Peter Eisentraut credativ GmbH Collateral Damage
SPF: Discussion Does not stop spam, spammers just use a different domain Spammers can publish their own SPF records SPF does not stop phishing, the envelope address is hidden from the user (Sender ID is better) Does prevent certain kinds of e-mail forgery Breaks forwarding ISPs can control users’ mail routes DNS is insecure Don’t use it! Peter Eisentraut credativ GmbH Collateral Damage
Blocking Port 25: Concept Most junk e-mail is sent by zombies Hard to track (DNSBL) Spammers just switch to the next set of zombies Solution: block outgoing port 25 on dial-up accounts Users are forced to go through ISP’s mail server Dial-up PCs no longer attractive targets for installing zombieware Peter Eisentraut credativ GmbH Collateral Damage
Blocking Port 25: Discussion Problems: Users want to use other e-mail accounts than the one provided by their ISP Workaround: ISP allows all customers to route through ISP’s mail server Users cannot use their own mail server Use your own mail server software ISP’s mail server is misconfigured (or blacklisted) Privacy Incompatible with SPF! Peter Eisentraut credativ GmbH Collateral Damage
Challenge/Response Systems: Concept 1. Receiving mail server intercepts message, sends challenge 2. Original sender must manually answer the challenge 3. Receiving mail server checks response, delivers original message Peter Eisentraut credativ GmbH Collateral Damage
Challenge/Response Systems: Discussion Major annoyance! Sender addresses are faked, innocent users get challenge messages. Users of CR systems get blacklisted. Spam can fake already authenticated sender addresses. Two users of CR can never talk to each other. CR systems would require (exploitable) loopholes in e-mail filters. Facilitates phishing CR transaction tracking violates privacy. Loses e-mail, quite useless against spam Peter Eisentraut credativ GmbH Collateral Damage
Being Smarter Than Everyone Else Running a local DNSBL Running a local Pyzor server Forgetting the MX backup Random RFC purity checking Changing your e-mail address regularly ... Don’t invent your own filters. Peter Eisentraut credativ GmbH Collateral Damage
Legal Issues: Privacy Bayesian filter word databases Insecure greylisting databases Distributed e-mail counting Challenge/response transaction records SPF + blocking port 25 forcing e-mail routes Everything controlled at ISP’s mail server, not by user! Peter Eisentraut credativ GmbH Collateral Damage
Legal Issues: Database Building Everyone is building databases: Spam filter manufacturers Industry associations (eco, Wettbewerbszentrale) Governments (FTC) to be shared internationally impossible to control Peter Eisentraut credativ GmbH Collateral Damage
Legal Issues: Recourse Spam filtering not allowed without user’s consent ISPs must inform users, or Users must activate the filters Most users don’t care Peter Eisentraut credativ GmbH Collateral Damage
Conclusion E-mail has become unreliable. Users accept it as such. Spammers and virus writers are to blame. But inappropriate junk mail filters as well. Check each filter technique thoroughly. Check what your ISP is doing. Peter Eisentraut credativ GmbH Collateral Damage

Recommandé

34794241 ii-samuel-9-commentary
34794241 ii-samuel-9-commentary34794241 ii-samuel-9-commentary
34794241 ii-samuel-9-commentaryGLENN PEASE
 
Modern Anti-Spam: Rejection - No Sorting
Modern Anti-Spam: Rejection - No SortingModern Anti-Spam: Rejection - No Sorting
Modern Anti-Spam: Rejection - No SortingThomas Stensitzki
 
spam.ppt
spam.pptspam.ppt
spam.pptJayaprabhuPrabhu
 
Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Thomas Stensitzki
 
La seguridad sí importa: Windows Live & IE9
La seguridad sí importa: Windows Live & IE9La seguridad sí importa: Windows Live & IE9
La seguridad sí importa: Windows Live & IE9Eventos Creativos
 
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Peter Eisentraut
 
Electronic mail and online safety (Sep 17, 2008) (beginner)
Electronic mail and online safety (Sep 17, 2008) (beginner)Electronic mail and online safety (Sep 17, 2008) (beginner)
Electronic mail and online safety (Sep 17, 2008) (beginner)Henry Van Styn
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Denise Bailey
 

Recommandé

34794241 ii-samuel-9-commentary
34794241 ii-samuel-9-commentary34794241 ii-samuel-9-commentary
34794241 ii-samuel-9-commentaryGLENN PEASE
 
Modern Anti-Spam: Rejection - No Sorting
Modern Anti-Spam: Rejection - No SortingModern Anti-Spam: Rejection - No Sorting
Modern Anti-Spam: Rejection - No SortingThomas Stensitzki
 
spam.ppt
spam.pptspam.ppt
spam.pptJayaprabhuPrabhu
 
Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Thomas Stensitzki
 
La seguridad sí importa: Windows Live & IE9
La seguridad sí importa: Windows Live & IE9La seguridad sí importa: Windows Live & IE9
La seguridad sí importa: Windows Live & IE9Eventos Creativos
 
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Peter Eisentraut
 
Electronic mail and online safety (Sep 17, 2008) (beginner)
Electronic mail and online safety (Sep 17, 2008) (beginner)Electronic mail and online safety (Sep 17, 2008) (beginner)
Electronic mail and online safety (Sep 17, 2008) (beginner)Henry Van Styn
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Denise Bailey
 
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017Shyam Pareek
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-worldLuc Beirens
 
Network Security
Network SecurityNetwork Security
Network SecurityGiftifyGiftify
 
31.ppt
31.ppt31.ppt
31.pptssuserec53e73
 
31.ppt
31.ppt31.ppt
31.pptKarmanChandi
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity fraudsEddy Cormon
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection SystemApollo_n
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSanket Gogoi
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Programming with Python and PostgreSQL
Programming with Python and PostgreSQLProgramming with Python and PostgreSQL
Programming with Python and PostgreSQLPeter Eisentraut
 
Getting Started with PL/Proxy
Getting Started with PL/ProxyGetting Started with PL/Proxy
Getting Started with PL/ProxyPeter Eisentraut
 
Linux distribution for the cloud
Linux distribution for the cloudLinux distribution for the cloud
Linux distribution for the cloudPeter Eisentraut
 
Most Wanted: Future PostgreSQL Features
Most Wanted: Future PostgreSQL FeaturesMost Wanted: Future PostgreSQL Features
Most Wanted: Future PostgreSQL FeaturesPeter Eisentraut
 
Porting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPorting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPeter Eisentraut
 
Porting Oracle Applications to PostgreSQL
Porting Oracle Applications to PostgreSQLPorting Oracle Applications to PostgreSQL
Porting Oracle Applications to PostgreSQLPeter Eisentraut
 
PostgreSQL and XML
PostgreSQL and XMLPostgreSQL and XML
PostgreSQL and XMLPeter Eisentraut
 
XML Support: Specifications and Development
XML Support: Specifications and DevelopmentXML Support: Specifications and Development
XML Support: Specifications and DevelopmentPeter Eisentraut
 
PostgreSQL: Die Freie Datenbankalternative
PostgreSQL: Die Freie DatenbankalternativePostgreSQL: Die Freie Datenbankalternative
PostgreSQL: Die Freie DatenbankalternativePeter Eisentraut
 
The Road to the XML Type: Current and Future Developments
The Road to the XML Type: Current and Future DevelopmentsThe Road to the XML Type: Current and Future Developments
The Road to the XML Type: Current and Future DevelopmentsPeter Eisentraut
 
Access ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsAccess ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsPeter Eisentraut
 
PostgreSQL and PL/Java
PostgreSQL and PL/JavaPostgreSQL and PL/Java
PostgreSQL and PL/JavaPeter Eisentraut
 

Contenu connexe

Similaire à Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail System

E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017Shyam Pareek
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-worldLuc Beirens
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity fraudsEddy Cormon
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection SystemApollo_n
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 

Similaire à Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail System (10)

E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
E-Mail Crimes - Gurugram Cyber Crime Cell July 2017
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world
 
Network Security
Network SecurityNetwork Security
Network Security
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Managing identity frauds
Managing identity fraudsManaging identity frauds
Managing identity frauds
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection System
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 

Plus de Peter Eisentraut

Programming with Python and PostgreSQL
Programming with Python and PostgreSQLProgramming with Python and PostgreSQL
Programming with Python and PostgreSQLPeter Eisentraut
 
Getting Started with PL/Proxy
Getting Started with PL/ProxyGetting Started with PL/Proxy
Getting Started with PL/ProxyPeter Eisentraut
 
Linux distribution for the cloud
Linux distribution for the cloudLinux distribution for the cloud
Linux distribution for the cloudPeter Eisentraut
 
Most Wanted: Future PostgreSQL Features
Most Wanted: Future PostgreSQL FeaturesMost Wanted: Future PostgreSQL Features
Most Wanted: Future PostgreSQL FeaturesPeter Eisentraut
 
Porting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPorting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPeter Eisentraut
 
Porting Oracle Applications to PostgreSQL
Porting Oracle Applications to PostgreSQLPorting Oracle Applications to PostgreSQL
Porting Oracle Applications to PostgreSQLPeter Eisentraut
 
XML Support: Specifications and Development
XML Support: Specifications and DevelopmentXML Support: Specifications and Development
XML Support: Specifications and DevelopmentPeter Eisentraut
 
PostgreSQL: Die Freie Datenbankalternative
PostgreSQL: Die Freie DatenbankalternativePostgreSQL: Die Freie Datenbankalternative
PostgreSQL: Die Freie DatenbankalternativePeter Eisentraut
 
The Road to the XML Type: Current and Future Developments
The Road to the XML Type: Current and Future DevelopmentsThe Road to the XML Type: Current and Future Developments
The Road to the XML Type: Current and Future DevelopmentsPeter Eisentraut
 
Access ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsAccess ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsPeter Eisentraut
 
Replication Solutions for PostgreSQL
Replication Solutions for PostgreSQLReplication Solutions for PostgreSQL
Replication Solutions for PostgreSQLPeter Eisentraut
 
Access ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsAccess ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsPeter Eisentraut
 
Docbook: Textverarbeitung mit XML
Docbook: Textverarbeitung mit XMLDocbook: Textverarbeitung mit XML
Docbook: Textverarbeitung mit XMLPeter Eisentraut
 
The Common Debian Build System (CDBS)
The Common Debian Build System (CDBS)The Common Debian Build System (CDBS)
The Common Debian Build System (CDBS)Peter Eisentraut
 

Plus de Peter Eisentraut (20)

Programming with Python and PostgreSQL
Programming with Python and PostgreSQLProgramming with Python and PostgreSQL
Programming with Python and PostgreSQL
 
Getting Started with PL/Proxy
Getting Started with PL/ProxyGetting Started with PL/Proxy
Getting Started with PL/Proxy
 
Linux distribution for the cloud
Linux distribution for the cloudLinux distribution for the cloud
Linux distribution for the cloud
 
Most Wanted: Future PostgreSQL Features
Most Wanted: Future PostgreSQL FeaturesMost Wanted: Future PostgreSQL Features
Most Wanted: Future PostgreSQL Features
 
Porting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPorting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQL
 
Porting Oracle Applications to PostgreSQL
Porting Oracle Applications to PostgreSQLPorting Oracle Applications to PostgreSQL
Porting Oracle Applications to PostgreSQL
 
PostgreSQL and XML
PostgreSQL and XMLPostgreSQL and XML
PostgreSQL and XML
 
XML Support: Specifications and Development
XML Support: Specifications and DevelopmentXML Support: Specifications and Development
XML Support: Specifications and Development
 
PostgreSQL: Die Freie Datenbankalternative
PostgreSQL: Die Freie DatenbankalternativePostgreSQL: Die Freie Datenbankalternative
PostgreSQL: Die Freie Datenbankalternative
 
The Road to the XML Type: Current and Future Developments
The Road to the XML Type: Current and Future DevelopmentsThe Road to the XML Type: Current and Future Developments
The Road to the XML Type: Current and Future Developments
 
Access ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsAccess ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-Frontends
 
PostgreSQL and PL/Java
PostgreSQL and PL/JavaPostgreSQL and PL/Java
PostgreSQL and PL/Java
 
Replication Solutions for PostgreSQL
Replication Solutions for PostgreSQLReplication Solutions for PostgreSQL
Replication Solutions for PostgreSQL
 
PostgreSQL News
PostgreSQL NewsPostgreSQL News
PostgreSQL News
 
PostgreSQL News
PostgreSQL NewsPostgreSQL News
PostgreSQL News
 
Access ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-FrontendsAccess ohne Access: Freie Datenbank-Frontends
Access ohne Access: Freie Datenbank-Frontends
 
Docbook: Textverarbeitung mit XML
Docbook: Textverarbeitung mit XMLDocbook: Textverarbeitung mit XML
Docbook: Textverarbeitung mit XML
 
Spaß mit PostgreSQL
Spaß mit PostgreSQLSpaß mit PostgreSQL
Spaß mit PostgreSQL
 
The Common Debian Build System (CDBS)
The Common Debian Build System (CDBS)The Common Debian Build System (CDBS)
The Common Debian Build System (CDBS)
 
SQL/MED and PostgreSQL
SQL/MED and PostgreSQLSQL/MED and PostgreSQL
SQL/MED and PostgreSQL
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail System

  • 1. Collateral Damage Consequences of Spam and Virus Filtering for the E-Mail System Peter Eisentraut credativ GmbH 22C3 Peter Eisentraut credativ GmbH Collateral Damage
  • 2. Introduction 12 years of spam. . . 24 years of SMTP. . . Things have changed: SMTP is no longer enough. Spam filters, virus filters are part of the system But they are not standardized, verified, or predictable. Getting e-mail through is a challenge. Peter Eisentraut credativ GmbH Collateral Damage
  • 3. Filtering Techniques Examples of questionale defense mechanisms: DNS blackhole lists Bounce messages Greylisting SPF Blocking port 25 Challenge/response systems Inventing your own Peter Eisentraut credativ GmbH Collateral Damage
  • 4. DNS Blackhole Lists: Concept Publish list of “problem” hosts via DNS Every mail server can query the lists First DNSBL MAPS did manual inspections Current DNSBLs are mostly automatic Peter Eisentraut credativ GmbH Collateral Damage
  • 5. DNS Blackhole Lists: Discussion Indiscriminate treatment of temporary problems Large ISPs often blocked Useless against dial-up accounts Low correlation with spam occurrence DNS is insecure Only usable as part of scoring system (SpamAssassin) Peter Eisentraut credativ GmbH Collateral Damage
  • 6. Bounce Messages: Concept Original concept: 1. Host A sends message to host B. 2. Host B checks the message. 3. Host B accepts or rejects the message. Problem: Checking took too long, host A timed out. New concept: 1. Host A sends message to host B. 2. Host B accepts the message. 3. Host B checks the message and sends rejection message to the sender. How to find the sender? Peter Eisentraut credativ GmbH Collateral Damage
  • 7. Bounce Messages: Discussion Junk e-mail fakes sender addresses. Rejection messages go to innocent users. Users now reject rejection messages. Alternatives: discard messages, quarantine Better: fix MTA time-outs, spam filter performance, go back to original concept Peter Eisentraut credativ GmbH Collateral Damage
  • 8. Greylisting: Concept Mail server sends temporary error on first contact Normal client tries again Spamming software, zombies doesn’t try again Extremely effective Spammers could react easily, but don’t. . . (?) Peter Eisentraut credativ GmbH Collateral Damage
  • 9. Greylisting: Discussion Full of configuration pitfalls: Poorly implemented software Sender-side server pools Recipient-side load balancing Broken MTAs that don’t retry Mailing list software with variable sender addresses Time-critical e-mails (eBay) Multistage relays Very hard to get right with diverse user populations Peter Eisentraut credativ GmbH Collateral Damage
  • 10. SPF: Concept Sender Policy Framework: Domain owner publishes SPF record via DNS, identifying valid outgoing mail servers Mail recipient checks SPF records, rejects mail from invalid mail servers SPF checks envelope sender, Sender ID checks sender address in mail content Peter Eisentraut credativ GmbH Collateral Damage
  • 11. SPF: Discussion Does not stop spam, spammers just use a different domain Spammers can publish their own SPF records SPF does not stop phishing, the envelope address is hidden from the user (Sender ID is better) Does prevent certain kinds of e-mail forgery Breaks forwarding ISPs can control users’ mail routes DNS is insecure Don’t use it! Peter Eisentraut credativ GmbH Collateral Damage
  • 12. Blocking Port 25: Concept Most junk e-mail is sent by zombies Hard to track (DNSBL) Spammers just switch to the next set of zombies Solution: block outgoing port 25 on dial-up accounts Users are forced to go through ISP’s mail server Dial-up PCs no longer attractive targets for installing zombieware Peter Eisentraut credativ GmbH Collateral Damage
  • 13. Blocking Port 25: Discussion Problems: Users want to use other e-mail accounts than the one provided by their ISP Workaround: ISP allows all customers to route through ISP’s mail server Users cannot use their own mail server Use your own mail server software ISP’s mail server is misconfigured (or blacklisted) Privacy Incompatible with SPF! Peter Eisentraut credativ GmbH Collateral Damage
  • 14. Challenge/Response Systems: Concept 1. Receiving mail server intercepts message, sends challenge 2. Original sender must manually answer the challenge 3. Receiving mail server checks response, delivers original message Peter Eisentraut credativ GmbH Collateral Damage
  • 15. Challenge/Response Systems: Discussion Major annoyance! Sender addresses are faked, innocent users get challenge messages. Users of CR systems get blacklisted. Spam can fake already authenticated sender addresses. Two users of CR can never talk to each other. CR systems would require (exploitable) loopholes in e-mail filters. Facilitates phishing CR transaction tracking violates privacy. Loses e-mail, quite useless against spam Peter Eisentraut credativ GmbH Collateral Damage
  • 16. Being Smarter Than Everyone Else Running a local DNSBL Running a local Pyzor server Forgetting the MX backup Random RFC purity checking Changing your e-mail address regularly ... Don’t invent your own filters. Peter Eisentraut credativ GmbH Collateral Damage
  • 17. Legal Issues: Privacy Bayesian filter word databases Insecure greylisting databases Distributed e-mail counting Challenge/response transaction records SPF + blocking port 25 forcing e-mail routes Everything controlled at ISP’s mail server, not by user! Peter Eisentraut credativ GmbH Collateral Damage
  • 18. Legal Issues: Database Building Everyone is building databases: Spam filter manufacturers Industry associations (eco, Wettbewerbszentrale) Governments (FTC) to be shared internationally impossible to control Peter Eisentraut credativ GmbH Collateral Damage
  • 19. Legal Issues: Recourse Spam filtering not allowed without user’s consent ISPs must inform users, or Users must activate the filters Most users don’t care Peter Eisentraut credativ GmbH Collateral Damage
  • 20. Conclusion E-mail has become unreliable. Users accept it as such. Spammers and virus writers are to blame. But inappropriate junk mail filters as well. Check each filter technique thoroughly. Check what your ISP is doing. Peter Eisentraut credativ GmbH Collateral Damage