• Save
Spamming
Upcoming SlideShare
Loading in...5
×
 

Spamming

on

  • 835 views

brief presentation on Spamming and its protection

brief presentation on Spamming and its protection

Statistics

Views

Total Views
835
Views on SlideShare
784
Embed Views
51

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 51

http://sharadchhetri.com 51

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Spamming Spamming Presentation Transcript

    • Index● Introduction about spamming● Types of Spamming● Email spamming● How mail server works with spam
    • Spammer Technical definition Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. Bla bla bla bla bla.................. Reference: wikipedia
    • Types of SpammingThere are many ways of doing spamming.● Comment spamming : eg. In CMS or websites● Chat Spamming : eg. Yahoo,facebook● Microbloging : eg. Twitter● Social networking: eg. Facebook,myspace● Email spamming : eg. All Mail services are targeted
    • Easy targetWho can not recognise the spam (stupid internet people)
    • Comment Spamming
    • CMS and Forums are well targeted for comment spamming
    • Wordpress,joomla and drupal blogs are highly targeted
    • Chat spamming
    • Microbloging spaming
    • Another twitter spam
    • Social networking spaming
    • Method of spaming attack in comment,chat,social networking and microbloging ● Manually : Mostly u can find in forums,social networking sites,twitter etc. ● They offer some lottery win,password reset suggestion in problem,free tickets,free download of music & videos etc.
    • Spamming usingTools
    • How to reduce spaming ,Applicable to all CMS/websites/forum ● Comment moderation ● In Captcha ● Anti spam plugin from reliable source like akismet ● Blacklisting ● Registeration form with - E-mail confirmation Mobile phone confirmation via automated calling or sms etc. ● Bayesian filtering What the hack is Bayesian
    • Bayesian TheoramBayesian spam filtering( Thomas Bayes) is a statistical technique of e-mail filtering. It makes use of a naive Bayes classifier to identify spam e-mail.Bayesian classifiers work by correlating the use of tokens (typically words, or sometimes other things), with spam and non-spam e-mails and then using Bayesian inference to calculate a probability that an email is or is not spam.Bayesian spam filtering is a very powerful technique for dealing with spam, that can tailor itself to the email needs of individual users, and gives low false positive spam detection rates that are generally acceptable to users● Reference : http://en.wikipedia.org/wiki/Bayesian_spam_filtering
    • How Bysian Theoram Works
    • Useful links to read about Bysian Theoram● http://en.wikipedia.org/wiki/Bayesian_spam_filtering● http://kb.mozillazine.org/Junk_Mail_Controls● http://en.wikipedia.org/wiki/Recursive_Bayesian_estim● http://en.wikipedia.org/wiki/Bayes%27_theorem
    • e-m@il sp@mming
    • Mail Server Internet StandardsMail Server must follow internet standards monitored by ICANN,IANA,SPAM listing databaseWhile confguring Server these standard should be followed.(1) setting email for complaints like abuse@example.com(2) Mail server must have reverse DNS(3)Using SPF record for mail server(4)Using DKIM for mail server (ADSP)(5) smtp authentication
    • Protecting Mail Server from spamThe mail server also must have antispam softwares. We should use the blacklisted ip to reject the email coming from spammer in your email.The following major open source softwares are used in Antispaming -(1) spamassasin(2) Amavisd(3) clamav(4) dspam
    • Mail Server is exploited, How !?Even if you follow the Internet mailing standardsYour mail server is exploitedReason:(1) It has no smtp authentication(2) mail server is open relay(3) No robust iptables(4) Allowing all network to access(5) no DDOS attack rules in Server
    • identifying spamming ,check header of emailCheck following things in mail client like webinterface,outlook, thunderbird etc.(1) Senders list(2) Content in email(3) SPF(4) DKIM
    • Recognising the Spam emails It is not necessary the spam email will go in spam folder always. When you see in senders address “to undisclosed recipients” that can be spam also
    • Spammer use the well known identity name/ Whenchecked in linkedin no such user has sent the request
    • Check the header of email
    • Spamming blacklisting OrganisationWe have multiple antispaming organisation who keep the track of spaming.Once they blacklist the server,domain or network etc. Either the email will not go out from mail server or if it goes out ,it will be marked as SPAM .Below one are major key player.* SBL advisories* XBL* PBL* Zen* DBL
    • SBLThe Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.The SBL is queriable in realtime by mail systems thoughout the Internet, allowing mail server administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending, hosting or origination of Unsolicited Bulk Email (aka "Spam"). The SBL database is maintained by a dedicated
    • PBLPBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customers use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
    • XBLXBL is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
    • DBLDBL is a realtime database of domains (typically web site domains) found in spam messages. Mail server software capable of scanning email message body contents for URIs can use the DBL to identify, classify or reject spam containing DBL-listed domains.
    • ZenZEN is the combination of all Spamhaus IP- based DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists
    • New Arrival : DMARCDMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols
    • How DMARC will work
    • How to check blacklisted Server,network or domainhttp://www.spamhaus.org/zen/ :Spamhous is project which has almost key advisories list.http://mxtoolbox.com/ : This website provide service to check blacklisting of serverhttp://spamlinks.net/: The website provides multiple service plus reporting the spammer
    • Big players supporting DMARC
    • Presented By: Sharad Kumar Chhetri