2. Contents Facts & Statistics Cost of Spam Defining Spam Sending Mechanisms Spammer Tricks Techniques for Identifying Spam The tools Microsoft uses to fight spam Conclusion
3. Facts & Statistics More than 97 % of e-mail messages sent over the internet are unwanted (have malicious attachments or are phishing attacks or spam) 349.6 Billion in 2008 192 % increase in Spam over the past year *Source: Microsoft Security intelligence Report Volume 6 (July – December 2008)
4. Cost of Spam Spam costs U.S. companies US$ 712 per employee each year. Users are spending 3 minutes identifying average of 21 unwanted messages and deleting each spam e-mail, which translates into an annual cost of $70 billion to all US businesses. Around 60 % of the email processing time is wasted in receiving Spam. *nucleusresearch.com – ferriys.com
5. How to defeat spam Security Awareness Tool Legislations
10. Mining message boards and chat roomsValid e-mail account!
11. Sending Mechanisms Open proxies Free email services Other free services Stolen Netblocks Botnets
12. Techniques for Identifying Spam Reputation of the sending IP address Profiling the sender’s operating system Standards compliance Greylisting Greet pause Format standards compliance. Statistical content analysis (Bayesian) Throttling
13. Spammer Tricks HTML tricks. Bayesian poisoning. Content morphing. Images and other attachments Forcing secondary MX. Countering IP reputation Hiding the call-to-action.
14. The tools Microsoft uses to fight spam Intelligent Message Filter (IMF) Sender ID Framework (SIDF) Outlook 2007 Email Postmark Microsoft Forefront Security for Exchange Exchange Hosted Filtering
18. Sender ID Framework "I only send mail from these machines. If any other machine claims that I'm sending mail from there, they're lying.“
20. FSE Forefront Security for Exchange Microsoft IP Reputation filter service and automated updates. Automated updates for Microsoft SmartScreen spam heuristics, Phishing Websites, and intelligent message Filter (IMF). Targeted Spam signature data and automatic updates to identify spam campaigns.
21. Thanks for your attention Waleed Omar wmahmoud@mantrac.com.eg CISSP, CCDA, MCSE, MCT, Exchange-MVP.