logging in or signing up Spam Solutions 01 Domenica Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 161 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: January 08, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Spamming the Anti-Spam Solution Space : Spamming the Anti-Spam Solution Space SDForum Security Sig / 28-Oct-04 D. Crocker Brandenburg InternetWorking brandenburg.com/presentation/current.html Spammer? Phisher? What we will cover: What we will cover Problem space What is spam? How is it sent? Solution Space – Focus on technology Types and places for control Types of ‘Solution’ efforts Standards efforts PrognosticationsDisclaimer and Caveat: Disclaimer and Caveat Not a full tutorial Focus on technical efforts, primarily authentication Spam is complicated and simplistic solutions will be damaging Email is more complex than people usually realize Spam is a social problem, like crime Technical solutions need to follow the social assessment No single action will eliminate it — nothing will “eliminate” it!Setting the Context: Setting the Context © 1975(!) Datamation This? Oh, this is the display for my electronic junk mail.We Do Have A Problem!: We Do Have A Problem! We do not need to cite statistics We have a dire problem. It is getting worse, quickly. Nothing has yet reduced global spam! It is like moving from a safe, small town to a big (U.S.) city We must distinguish Local, transient effects that only move spammers to use different techniques, versus Global, long-term effects that truly reduce spam at its coreDangerous Logic: Dangerous Logic “We have to do something now!” (Ignore any side-effects, or dismiss them as minor.) “Maybe it’s not perfect… but at least we’re taking some action!” “What have we got to lose?” “At least it reduces the problem… for now.” “We must replace SMTP… even though we don’t know what we want to do “We can do something in the interim…” Even though nothing on the Internet is ever interim “…but this is urgent!!”A Bit of Perspective: A Bit of Perspective Spam is complex, confusing and emotional Imagine that time has passed What changes will be important? Effects of “solutions” on email Will it still be easy to reach everyone? Will it be cumbersome, with fragmented communities? Different types of spam Legitimate business will behave acceptably (mostly) Rogue (criminal) spammers will be worse than todayMake Changes Cautiously: Make Changes Cautiously Experience making Internet changes means… Changes to an installed base of 1billion users are risky, difficult, expensive and slow Assume there will be (bad) unintended consequences Providers operate differently, so control is limited Changes need to produce direct, basic benefit Directly affect key problem or directly improve service Orchestrated inter-dependent changes do not workUniversal spam solution rebuttal: Universal spam solution rebuttal Checkbox form-letter for responding to spam solutions proposals. See: <http://craphound.com/spamsolutions.txt> Your post advocates a ( ) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)…But What Is Spam, Exactly?: But What Is Spam, Exactly? No common definition UCE? UBE? Anything I don’t want? No technical differences from “regular” mail How can we make policy When we cannot formulate a common, Internet-wide definition? So, instead… Try a pragmatic approach Focus on core, identifiable characteristics Define specific solution Ignore the rest, for now And why do we still need this slide?A Spamming Network: A Spamming Network Spammer VictimWheel of Spam (Mis)Fortune: Wheel of Spam (Mis)Fortune Control of spam Cannot be “surgically” precise Must balance the wheel Needs range of partial solutions Different techniques for near-term vs. long-term, except that near-term never is Heuristics Long lists complicated Complicated Be careful! Many FacetsEmail Points of Control: Email Points of Control Email Architecture: draft-crocker-email-archSecondary Approaches: Secondary Approaches Charging – Sender pays fee Some vs. all senders How much? Who gets the money? Enforcement – Laws and contracts Scope of control – national boundaries? Precise, objective, narrow? Administration Exchange filtering rules Exchange incident (abuse) reports Coordination among Abuse desksEmail Security Functions Make someone accountable: Email Security Functions Make someone accountableWhat to Authenticate?: What to Authenticate?Security Models: Security Models Mail MailEmail Path(s) Today!: Email Path(s) Today! MUA MSA MTA MTA MDA MUA MTA MTA Peer MTA Peer MTA MTA MTA MTA MTA MTA MTA MDA MUA Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = DeliverySPF and Sender-ID: Source Registers Path: SPF and Sender-ID: Source Registers Path MUA MSA MTA1 MTA4 MDA MUA MTA3 MTA2 Peer Peer Assigns Sender and MailFrom Did MSA authorize MTA1 to send messages for domain? Did MSA authorize MTA2? Did MSA authorize MTA3? MSA must pre-register and trust each MTA in entire path to every recipient! Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = DeliveryEmerging Favorites: Emerging Favorites Validate content DomainKeys, Identified Internet Mail (IIM) Transit signature of msg Validate operator Client SMTP Validation (CSV) Operator validates MTA Validate Bounce Bounce Address Tag Validation (BATV) Sign MailFrom Reputation CSA & DNA (CSV) Still learning Reporting No candidates, yet Enforcement We are still learning Client SMTP Validation: Assess Peer MTA: Client SMTP Validation: Assess Peer MTA MUA MSA MTA MTA MDA MUA MTA MTA Peer MTA Does a domain's operator authorize this MTA to be sending email? Do independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse? CSV Functions: CSV FunctionsMoving Towards Standards: Moving Towards Standards Accountability (Author & Operator) Authentication Authorization (Accreditation) Filtering (Format of rules) Reporting & monitoring (Immediate problems) (Aggregate statistics) Enforcement (Contracts and laws are standards) Terminology Acceptable behaviorHow to Choose the Future : How to Choose the Future Look at each proposal Who must adopt it? When? How much effort is need to administer it? How much does it change email? Where to look for documents ietf.org Internet Drafts brandenburg.com/currentl.html You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Spam Solutions 01 Domenica Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 161 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: January 08, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Spamming the Anti-Spam Solution Space : Spamming the Anti-Spam Solution Space SDForum Security Sig / 28-Oct-04 D. Crocker Brandenburg InternetWorking brandenburg.com/presentation/current.html Spammer? Phisher? What we will cover: What we will cover Problem space What is spam? How is it sent? Solution Space – Focus on technology Types and places for control Types of ‘Solution’ efforts Standards efforts PrognosticationsDisclaimer and Caveat: Disclaimer and Caveat Not a full tutorial Focus on technical efforts, primarily authentication Spam is complicated and simplistic solutions will be damaging Email is more complex than people usually realize Spam is a social problem, like crime Technical solutions need to follow the social assessment No single action will eliminate it — nothing will “eliminate” it!Setting the Context: Setting the Context © 1975(!) Datamation This? Oh, this is the display for my electronic junk mail.We Do Have A Problem!: We Do Have A Problem! We do not need to cite statistics We have a dire problem. It is getting worse, quickly. Nothing has yet reduced global spam! It is like moving from a safe, small town to a big (U.S.) city We must distinguish Local, transient effects that only move spammers to use different techniques, versus Global, long-term effects that truly reduce spam at its coreDangerous Logic: Dangerous Logic “We have to do something now!” (Ignore any side-effects, or dismiss them as minor.) “Maybe it’s not perfect… but at least we’re taking some action!” “What have we got to lose?” “At least it reduces the problem… for now.” “We must replace SMTP… even though we don’t know what we want to do “We can do something in the interim…” Even though nothing on the Internet is ever interim “…but this is urgent!!”A Bit of Perspective: A Bit of Perspective Spam is complex, confusing and emotional Imagine that time has passed What changes will be important? Effects of “solutions” on email Will it still be easy to reach everyone? Will it be cumbersome, with fragmented communities? Different types of spam Legitimate business will behave acceptably (mostly) Rogue (criminal) spammers will be worse than todayMake Changes Cautiously: Make Changes Cautiously Experience making Internet changes means… Changes to an installed base of 1billion users are risky, difficult, expensive and slow Assume there will be (bad) unintended consequences Providers operate differently, so control is limited Changes need to produce direct, basic benefit Directly affect key problem or directly improve service Orchestrated inter-dependent changes do not workUniversal spam solution rebuttal: Universal spam solution rebuttal Checkbox form-letter for responding to spam solutions proposals. See: <http://craphound.com/spamsolutions.txt> Your post advocates a ( ) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)…But What Is Spam, Exactly?: But What Is Spam, Exactly? No common definition UCE? UBE? Anything I don’t want? No technical differences from “regular” mail How can we make policy When we cannot formulate a common, Internet-wide definition? So, instead… Try a pragmatic approach Focus on core, identifiable characteristics Define specific solution Ignore the rest, for now And why do we still need this slide?A Spamming Network: A Spamming Network Spammer VictimWheel of Spam (Mis)Fortune: Wheel of Spam (Mis)Fortune Control of spam Cannot be “surgically” precise Must balance the wheel Needs range of partial solutions Different techniques for near-term vs. long-term, except that near-term never is Heuristics Long lists complicated Complicated Be careful! Many FacetsEmail Points of Control: Email Points of Control Email Architecture: draft-crocker-email-archSecondary Approaches: Secondary Approaches Charging – Sender pays fee Some vs. all senders How much? Who gets the money? Enforcement – Laws and contracts Scope of control – national boundaries? Precise, objective, narrow? Administration Exchange filtering rules Exchange incident (abuse) reports Coordination among Abuse desksEmail Security Functions Make someone accountable: Email Security Functions Make someone accountableWhat to Authenticate?: What to Authenticate?Security Models: Security Models Mail MailEmail Path(s) Today!: Email Path(s) Today! MUA MSA MTA MTA MDA MUA MTA MTA Peer MTA Peer MTA MTA MTA MTA MTA MTA MTA MDA MUA Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = DeliverySPF and Sender-ID: Source Registers Path: SPF and Sender-ID: Source Registers Path MUA MSA MTA1 MTA4 MDA MUA MTA3 MTA2 Peer Peer Assigns Sender and MailFrom Did MSA authorize MTA1 to send messages for domain? Did MSA authorize MTA2? Did MSA authorize MTA3? MSA must pre-register and trust each MTA in entire path to every recipient! Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = DeliveryEmerging Favorites: Emerging Favorites Validate content DomainKeys, Identified Internet Mail (IIM) Transit signature of msg Validate operator Client SMTP Validation (CSV) Operator validates MTA Validate Bounce Bounce Address Tag Validation (BATV) Sign MailFrom Reputation CSA & DNA (CSV) Still learning Reporting No candidates, yet Enforcement We are still learning Client SMTP Validation: Assess Peer MTA: Client SMTP Validation: Assess Peer MTA MUA MSA MTA MTA MDA MUA MTA MTA Peer MTA Does a domain's operator authorize this MTA to be sending email? Do independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse? CSV Functions: CSV FunctionsMoving Towards Standards: Moving Towards Standards Accountability (Author & Operator) Authentication Authorization (Accreditation) Filtering (Format of rules) Reporting & monitoring (Immediate problems) (Aggregate statistics) Enforcement (Contracts and laws are standards) Terminology Acceptable behaviorHow to Choose the Future : How to Choose the Future Look at each proposal Who must adopt it? When? How much effort is need to administer it? How much does it change email? Where to look for documents ietf.org Internet Drafts brandenburg.com/currentl.html