Published on

brief presentation on Spamming and its protection

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Index● Introduction about spamming● Types of Spamming● Email spamming● How mail server works with spam
  2. 2. Spammer Technical definition Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. Bla bla bla bla bla.................. Reference: wikipedia
  3. 3. Types of SpammingThere are many ways of doing spamming.● Comment spamming : eg. In CMS or websites● Chat Spamming : eg. Yahoo,facebook● Microbloging : eg. Twitter● Social networking: eg. Facebook,myspace● Email spamming : eg. All Mail services are targeted
  4. 4. Easy targetWho can not recognise the spam (stupid internet people)
  5. 5. Comment Spamming
  6. 6. CMS and Forums are well targeted for comment spamming
  7. 7. Wordpress,joomla and drupal blogs are highly targeted
  8. 8. Chat spamming
  9. 9. Microbloging spaming
  10. 10. Another twitter spam
  11. 11. Social networking spaming
  12. 12. Method of spaming attack in comment,chat,social networking and microbloging ● Manually : Mostly u can find in forums,social networking sites,twitter etc. ● They offer some lottery win,password reset suggestion in problem,free tickets,free download of music & videos etc.
  13. 13. Spamming usingTools
  14. 14. How to reduce spaming ,Applicable to all CMS/websites/forum ● Comment moderation ● In Captcha ● Anti spam plugin from reliable source like akismet ● Blacklisting ● Registeration form with - E-mail confirmation Mobile phone confirmation via automated calling or sms etc. ● Bayesian filtering What the hack is Bayesian
  15. 15. Bayesian TheoramBayesian spam filtering( Thomas Bayes) is a statistical technique of e-mail filtering. It makes use of a naive Bayes classifier to identify spam e-mail.Bayesian classifiers work by correlating the use of tokens (typically words, or sometimes other things), with spam and non-spam e-mails and then using Bayesian inference to calculate a probability that an email is or is not spam.Bayesian spam filtering is a very powerful technique for dealing with spam, that can tailor itself to the email needs of individual users, and gives low false positive spam detection rates that are generally acceptable to users● Reference :
  16. 16. How Bysian Theoram Works
  17. 17. Useful links to read about Bysian Theoram●●●●
  18. 18. e-m@il sp@mming
  19. 19. Mail Server Internet StandardsMail Server must follow internet standards monitored by ICANN,IANA,SPAM listing databaseWhile confguring Server these standard should be followed.(1) setting email for complaints like Mail server must have reverse DNS(3)Using SPF record for mail server(4)Using DKIM for mail server (ADSP)(5) smtp authentication
  20. 20. Protecting Mail Server from spamThe mail server also must have antispam softwares. We should use the blacklisted ip to reject the email coming from spammer in your email.The following major open source softwares are used in Antispaming -(1) spamassasin(2) Amavisd(3) clamav(4) dspam
  21. 21. Mail Server is exploited, How !?Even if you follow the Internet mailing standardsYour mail server is exploitedReason:(1) It has no smtp authentication(2) mail server is open relay(3) No robust iptables(4) Allowing all network to access(5) no DDOS attack rules in Server
  22. 22. identifying spamming ,check header of emailCheck following things in mail client like webinterface,outlook, thunderbird etc.(1) Senders list(2) Content in email(3) SPF(4) DKIM
  23. 23. Recognising the Spam emails It is not necessary the spam email will go in spam folder always. When you see in senders address “to undisclosed recipients” that can be spam also
  24. 24. Spammer use the well known identity name/ Whenchecked in linkedin no such user has sent the request
  25. 25. Check the header of email
  26. 26. Spamming blacklisting OrganisationWe have multiple antispaming organisation who keep the track of spaming.Once they blacklist the server,domain or network etc. Either the email will not go out from mail server or if it goes out ,it will be marked as SPAM .Below one are major key player.* SBL advisories* XBL* PBL* Zen* DBL
  27. 27. SBLThe Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.The SBL is queriable in realtime by mail systems thoughout the Internet, allowing mail server administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending, hosting or origination of Unsolicited Bulk Email (aka "Spam"). The SBL database is maintained by a dedicated
  28. 28. PBLPBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customers use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
  29. 29. XBLXBL is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
  30. 30. DBLDBL is a realtime database of domains (typically web site domains) found in spam messages. Mail server software capable of scanning email message body contents for URIs can use the DBL to identify, classify or reject spam containing DBL-listed domains.
  31. 31. ZenZEN is the combination of all Spamhaus IP- based DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists
  32. 32. New Arrival : DMARCDMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols
  33. 33. How DMARC will work
  34. 34. How to check blacklisted Server,network or domain :Spamhous is project which has almost key advisories list. : This website provide service to check blacklisting of server The website provides multiple service plus reporting the spammer
  35. 35. Big players supporting DMARC
  36. 36. Presented By: Sharad Kumar Chhetri