Index● Introduction about spamming● Types of Spamming● Email spamming● How mail server works with spam
Spammer Technical definition Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. Bla bla bla bla bla.................. Reference: wikipedia
Types of SpammingThere are many ways of doing spamming.● Comment spamming : eg. In CMS or websites● Chat Spamming : eg. Yahoo,facebook● Microbloging : eg. Twitter● Social networking: eg. Facebook,myspace● Email spamming : eg. All Mail services are targeted
Easy targetWho can not recognise the spam (stupid internet people)
CMS and Forums are well targeted for comment spamming
Wordpress,joomla and drupal blogs are highly targeted
Another twitter spam
Social networking spaming
Method of spaming attack in comment,chat,social networking and microbloging ● Manually : Mostly u can find in forums,social networking sites,twitter etc. ● They offer some lottery win,password reset suggestion in problem,free tickets,free download of music & videos etc.
How to reduce spaming ,Applicable to all CMS/websites/forum ● Comment moderation ● In Captcha ● Anti spam plugin from reliable source like akismet ● Blacklisting ● Registeration form with - E-mail confirmation Mobile phone confirmation via automated calling or sms etc. ● Bayesian filtering What the hack is Bayesian
Bayesian TheoramBayesian spam filtering( Thomas Bayes) is a statistical technique of e-mail filtering. It makes use of a naive Bayes classifier to identify spam e-mail.Bayesian classifiers work by correlating the use of tokens (typically words, or sometimes other things), with spam and non-spam e-mails and then using Bayesian inference to calculate a probability that an email is or is not spam.Bayesian spam filtering is a very powerful technique for dealing with spam, that can tailor itself to the email needs of individual users, and gives low false positive spam detection rates that are generally acceptable to users● Reference : http://en.wikipedia.org/wiki/Bayesian_spam_filtering
How Bysian Theoram Works
Useful links to read about Bysian Theoram● http://en.wikipedia.org/wiki/Bayesian_spam_filtering● http://kb.mozillazine.org/Junk_Mail_Controls● http://en.wikipedia.org/wiki/Recursive_Bayesian_estim● http://en.wikipedia.org/wiki/Bayes%27_theorem
Mail Server Internet StandardsMail Server must follow internet standards monitored by ICANN,IANA,SPAM listing databaseWhile confguring Server these standard should be followed.(1) setting email for complaints like firstname.lastname@example.org(2) Mail server must have reverse DNS(3)Using SPF record for mail server(4)Using DKIM for mail server (ADSP)(5) smtp authentication
Protecting Mail Server from spamThe mail server also must have antispam softwares. We should use the blacklisted ip to reject the email coming from spammer in your email.The following major open source softwares are used in Antispaming -(1) spamassasin(2) Amavisd(3) clamav(4) dspam
Mail Server is exploited, How !?Even if you follow the Internet mailing standardsYour mail server is exploitedReason:(1) It has no smtp authentication(2) mail server is open relay(3) No robust iptables(4) Allowing all network to access(5) no DDOS attack rules in Server
identifying spamming ,check header of emailCheck following things in mail client like webinterface,outlook, thunderbird etc.(1) Senders list(2) Content in email(3) SPF(4) DKIM
Recognising the Spam emails It is not necessary the spam email will go in spam folder always. When you see in senders address “to undisclosed recipients” that can be spam also
Spammer use the well known identity name/ Whenchecked in linkedin no such user has sent the request
Check the header of email
Spamming blacklisting OrganisationWe have multiple antispaming organisation who keep the track of spaming.Once they blacklist the server,domain or network etc. Either the email will not go out from mail server or if it goes out ,it will be marked as SPAM .Below one are major key player.* SBL advisories* XBL* PBL* Zen* DBL
SBLThe Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.The SBL is queriable in realtime by mail systems thoughout the Internet, allowing mail server administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending, hosting or origination of Unsolicited Bulk Email (aka "Spam"). The SBL database is maintained by a dedicated
PBLPBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customers use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
XBLXBL is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
DBLDBL is a realtime database of domains (typically web site domains) found in spam messages. Mail server software capable of scanning email message body contents for URIs can use the DBL to identify, classify or reject spam containing DBL-listed domains.
ZenZEN is the combination of all Spamhaus IP- based DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists
New Arrival : DMARCDMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols
How DMARC will work
How to check blacklisted Server,network or domainhttp://www.spamhaus.org/zen/ :Spamhous is project which has almost key advisories list.http://mxtoolbox.com/ : This website provide service to check blacklisting of serverhttp://spamlinks.net/: The website provides multiple service plus reporting the spammer