Abaca: The World's Most Effective Spam Filter
Upcoming SlideShare
Loading in...5
×
 

Abaca: The World's Most Effective Spam Filter

on

  • 2,056 views

Abaca

Abaca

Statistics

Views

Total Views
2,056
Views on SlideShare
2,053
Embed Views
3

Actions

Likes
0
Downloads
15
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Unprecedented accuracy Accuracy monotonically increases as time and the number of protected users increases Easy to identify mistakes: Quarantine is ranked with rigorously calculated likelihood of the observation being correct so that virtually all mistakes are in the email “greymail” report Real-time rating: reaction times are nearly instantaneous Content independent: works on image spams, foreign spams, word salads, etc. 100% language-independent High performance Highly decisive; greymail list is typically <1% of all emails No training/ramp up period Immune to human rating errors User feedback is optional (personal preferences). No tuning (whitelists, blacklists, high-medium-low settings, etc)

Abaca: The World's Most Effective Spam Filter Abaca: The World's Most Effective Spam Filter Presentation Transcript

  • Next Generation Protection Against a Dangerous New Generation of Spam Abaca The world’s most effective spam filter
  • Agenda
    • Traditional spam defenses suffer
    • Abaca Corporation
    • Next-generation technology
    • Abaca Products
  • A History of Flawed Anti-spam Approaches Blacklists Slow and insufficient Punishes the innocent Rules-based Slow and labor intensive Content inspection Relies on end users reporting Consumes much memory Decoys and Honeypots Relies on slow humans to write rules, Trouble differentiating similar messages Collaborative checksum Reactive — damage already done Checksums can be defeated Greylisting Unacceptable delay easy for a spammer to defeat
  • Accuracy Claims have been Greatly Exaggerated Vendors trade false positives for accuracy
  • About Abaca
    • Abaca: A Steve Kirsch Company
      • Mouse Systems – 1 st Optical Mouse
      • Frame Technology – Desktop Publishing (Adobe)
      • Infoseek – Internet Search Engine (Disney)
    • Founded during 2005 in San Jose, California
    • Next-generation anti-spam with unsurpassed accuracy
    • Battle-tested at Yahoo!Mail – a juicy spam target
    • Over 350 million email accounts under contract
  • Abaca Delivers Critical Component Of Messaging Security Effectiveness /Accuracy Ease of Administration Messaging Security : Large and Growing Market IDC: worldwide messaging security market 11.5% CAGR
  • Customer Successes
        • “ Abaca offers superior e-mail security capabilities and has built a reputation for reducing unsolicited e-mail within mailboxes. We believe that by deploying Abaca’s solution with our anti-spam toolkit, we will offer Yahoo! Mail users not only added email security, but an enhanced user experience as well.”
        • John Kremer
        • Vice President of Yahoo! Mail
        • “ Their remarkable performance, combined with Abaca's scalability and flexibility guaranteed the performance we were looking for.”
        • Marco Schilling
        • Director of Technology, Terra Latin America
  • Next Generation Anti-spam Technology
    • Real-time, crowd-sourced
    Abaca © 2010, All rights reserved
  • Abaca Works Because Spam Obeys Some Laws
    • Defined by relationship between sender and receiver,
    • not the content
    • RCPT TO is the only familiar item
    • Must be sent in high volume
    • Spammers must send to people who collectively receive more spam than average
    • Recipient’s ham:spam mix is relatively constant
    Envelope Contains the Key not the message From: To:
  • Receiver Reputation: A Unique and Protected Algorithm
    • Receiver reputation precisely differentiate spam from legitimate messages
    • Characterize (by passive observation) each protected user based on the % of spam they receive (receiver reputations)
    • Message ratings are based on each user's overall legitimate/spam ratio
    • Automatically learns and improves accuracy with real time legitimate/spam statistics for each protected user
  • 90% Spam 75% Spam 50% Spam 25% Spam 10% Spam Recipient Spam % = Receiver Reputation ReceiverNet ™ Receiver Reputation Legitimate Email Legitimate Email Spam Email Spam Email
  • 90% Spam 75% Spam 50% Spam 25% Spam 10% Spam Based on the Reputation of the Recipients this Message is Spam ReceiverNet ™ Receiver Reputation Legitimate Email Spam Email Spam Email Spam Email
  • 90% Spam 75% Spam 50% Spam 25% Spam 10% Spam Based on the Reputation of the Recipients this Message is Legitimate ReceiverNet ™ Receiver Reputation Legitimate Email Spam Email Legitimate Email Legitimate Email
  • ABACA PRODUCTS
    • Designed for hosted mail providers
    Abaca © 2010, All rights reserved
  • CLX : Carrier Class Anti-spam Solution CLX Outbound Spam Filter CLX Spam Rating Engine CLX Solution CLX Spam Quarantine * Optionally deployed in-line as supplemental filter *
  • Simple Integration, Rapid Deployment
    • Simple programming interface
    • Standard SMTP filtering protocols including milter
    • Seamless integration with messaging infrastructure
      • Leverages existing feedback mechanisms
      • Tag, block, quarantine or deliver messages to easily conform to existing user behavior
    • Self contained, no need to open ports to outside
  • Reduces Anti-spam Expenses
    • Accurate, zero hour protection
    • Automatic real-time reputation updates
        • No waiting for new rules
        • No updating signatures
    • Reduces the burden on IT resources
    • Green requires one tenth the CPU cycles of conventional content-based filtering
    Abaca © 2010, All rights reserved
  • Abaca CLX Inbound Solution Components
    • The Abaca CLX Anti-spam Solution includes the following components:
      • abacam Client, available as a milter
      • (Note the abacam client is run on a standard MTA)
      • CLX Inbound Rating Server
      • CLX Feedback Server
      • CLX Admin
      • CLX Quarantine (optional)
    • Individual hardware servers are not required for all components
    • The following slide illustrates the architecture of a typical inbound deployment
  • Scalable CLX Inbound Architecture CLX Server CLX Server Internet Quarantine Quarantine Email Server Email Server CLX Server Email Server Message rating CLX Admin Inbound Outbound MTA abacam MTA abacam MTA abacam SPAM
  • CLX Outbound Solution Components
    • Abacam Client, available as a milter for
      • Milter plugs into SendMail, PostFix and Zimbra
    • CLX Outbound Rating Server
    • CLX Administrator Console
    • CLX Outbound Quarantine
    • Components can share hardware servers
    * Note the abacam client is run on a standard MTA)
  • Outbound Spam Filter Deployment CLX Outbound Quarantine Email Server Email Server CLX Outbound Server Inbound training information Email Server Admin Rate request Outbound CLX Outbound Server CLX Outbound Server CLX Outbound Quarantine Rate response Feedback Outbound Outbound MTA abacam MTA abacam MTA abacam MTA abacam SPAM
  • Abaca CLX Clustering
    • Redundant component deployment
      • On the MTAs
      • Abacam requests ratings from multiple severs
      • Reputation data is synchronized and shared
    • If CLX Server hardware fails
    • Abacam routes requests to the remaining servers
      • User preferences are preserved
      • Message flow is not interrupted
      • Accuracy is maintained
    • When the hardware is serviced and is back online
      • CLX Server will be included in rating requests
  • Abaca CLX Cluster Architecture CLX Rating Cluster Client (abacam) … Client (abacam) Client (abacam)
    • Incoming Request
    • Rate Inbound
    • Rate Outbound
    • Feedback
    Load Balancer (abacam) CLX Rating Server CLX Rating Server
    • Synchronization
    • Outbound Messages
    • Feedback
    Cluster Exploded View > 50 million mailboxes - Mail flow partitioned between CLX servers < 50 million mailboxes – Round-robin partitioning used Blue fill indicates Abaca components
  • Abaca CLX Multi-site Support
    • Redundancy at the site level is supported though synchronization between each site
      • Servers synchronized and share reputation data
    • Synchronization does not require significant bandwidth between servers or sites
    • Emails for a user can come into either site at any time and will be processed with the same results
    • When a site becomes unavailable, the remaining site will rate the entire message flow
      • User preferences are preserved
      • Message flow is not interrupted
      • Accuracy is maintained
  • Abaca Multi-site CLX Deployment CLX Server CLX Server CLX Server CLX Server Feedback and outbound synchronization Failover Rate requests Rate requests
  • Abaca Difference
    • Proactive Real-Time Defense
    • Learns in real time so not playing catch up
    • No Blacklists to update
    • No content rules to maintain
    • Set and forget
    • Language-independent
    • Encryption-independent
    • Rated quarantine highlights useful mail
  • For more information Abaca © 2010, All rights reserved
    • John Jefferies
    • General Manager and CMO
    • [email_address]
    • 408.205.5320
  • ADDITIONAL SLIDES Abaca © 2010, All rights reserved
  • Attack Prevention Technique
    • They could buy a box and pollute one global server
      • Limit the # of daily contributions per unique user
    • They could use accounts within an ISP to create good reputations at that ISP to allow spammers to attack that ISP from the outside
      • Yahoo could Use someone else’s global
    • Spammers buying good lists and using them exclusively
      • Make any unsolicited emails being bad, regardless of reputation of receiver. So anyone sending out mass mailings all of a sudden gets caught, regardless of list quality
      • Use logistic regression filter
      • If spammers are using fixed IP range, block those
      • Good list will eventually become bad (the weaker addresses)
  • When it Comes to Filtering Accuracy Matters * For a 1,000 person entity whose employees receive 50 messages / day
  • >100 times faster than other approaches
    • The core algorithm is very simple
      • currently rates at over 100,000 msgs/sec/core
    • A single quad core PC w/32G RAM can easily handle the ratings for 20M users with just 5% of the CPU capacity
      • Cost is about $4,000
  • Accurate rating allows a personalized greyzone
    • One size doesn’t fit all: some hate FPs; others hate spam
    • Each user controls the level of acceptable false positive and false negative rates
    • At low user count, the “review zone” is less than 1 message out of 100
  • Accuracy increases over time
    • Each message is rated using the real-time data
      • No time delay for push “updates”
    • Huge number of raters
      • Every rcpto is a rater
    • Every rater is extremely accurate
      • It is the user’s statistics that we use, not their human opinion (which is far less accurate than their stats due to phish, operator error, etc)
    • The raters work for us 24x7 (for free)
      • Other systems rely on human feedback which is sporadically available
    • Our raters “decide” instantly
      • No time delay; messages are rated before the content is received
  • Who Uses Abaca? Market Solution Product Enterprise CLX Hosted Solution CLX Solution CLX Outbound Cloud Service (beta) xSPs Complete Solution Abaca Rating Engine Outbound Spam Filter CLX Solution CLX Engine Only CLX Outbound VMware Customers Virtual Appliance VPG SMBs Hardware Appliance EPG Education Hardware Appliance Virtual Appliance Outbound Spam Filter EPG VPG Outbound Filter