advanced topics of mail service
play

Advanced Topics of Mail Service Deal with Malicious Mail, including - PowerPoint PPT Presentation

Sep 11, 2022 •25 likes •915 views

Advanced Topics of Mail Service Deal with Malicious Mail, including Virus, Phishing, Spam, Computer Center, CS, NCTU Nature of Spam Spam Simultaneously Posted Advertising Message UBE Unsolicited Bulk Email UCE

  1. Advanced Topics of Mail Service Deal with Malicious Mail, including Virus, Phishing, Spam, …

  2. Computer Center, CS, NCTU Nature of Spam  Spam – Simultaneously Posted Advertising Message • UBE – Unsolicited Bulk Email • UCE – Unsolicited Commercial Email  Spam • There is no relationship between receiver and  Sender  Message content • Opt out instruction • Conceal trail  False return address  Forged header information • Use misconfigured mail system to be an accomplice • Circumvent spam filters either encode message or insert random letters 2

  3. Computer Center, CS, NCTU Problems of Spam  Cost • Waste bandwidth and disk space • DoS like side-effect • Waste time • False deletion • Bounce messages of nonexistent users  Nonexistent return address  Forged victim return address  Detection • Aggressive spam policy may cause high false positive 3

  4. Computer Center, CS, NCTU SPAM detection  SPAM vs. non-SPAM • Mail sent by spammer vs. non-spammer  Problem of SPAM mail • About 90% of E-mail are SPAM! Useless for mankind!  SPAM detection • Client-based detection  spammer detection  cost-effective, which can easily reach over 95% accuracy • Content-based detection  spam detection  costly with less than 90% accuracy, needing training and computation • Who is the winner? Client-based? Content-based? (or Spammer?) • Endless war between the administrators and spammers. 4

  5. Computer Center, CS, NCTU Anti-Spam – Client-Based Detection  Client-blocking • Check their IP address, hostnames, email address, and/or behavior when the client connect to send a message • Problems  IP address, hostname, email address are forged  Innocent victim open relay host  Techniques • DNSBL/WL (DNS Blacklists and Whitelists)  RFC 5782 • Greylisting • SPF – Sender Policy Framework • Sender ID • … 5

  6. Computer Center, CS, NCTU Anti-Spam – Content-Based Detection  Spam patterns in message header/body • Encrypted • Encoded  Techniques • Pattern detection • Bayesian spam filtering • DomainKeys/DKIM • …  Difficulties • Embed HTML codes within words of their message to break up phrases • Randomly inserted words • Slower and resource consumption 6

  7. Computer Center, CS, NCTU Anti-Spam – Action  When you suspect that a mail is spam, you can: • Reject  immediately during the SMTP conversation  directly discard the mail without notifying someone else • Save spam into a suspected spam repository • Label spam and deliver it with some kind of spam tag • Ex:  X-Spam-Status: Yes, hits=18.694 tagged_above=3 required=6.3  X-Spam-Level: ******************  X-Spam-Flag: YES 7

  8. Computer Center, CS, NCTU Client-based Detections  Fight with spammers: • DNSBL/WL  DNS-based blacklist/whitelist for suspected/trusted senders(IP address) • Greylisting  client-based method that can stop mail coming from some spamming programs • SPF (Sender Policy Framework)  A client-based method to detect whether a client is authorized or not  Sender ID – paypal.com – http://www.openspf.org/SPF_vs_Sender_ID 8

  9. Computer Center, CS, NCTU DNSxL  What DNSBL/WL maintainers do • Suppose cs.nctu.edu.tw has a DNSxL database  DNSBL Domain “ dnsbl.cs.nctu.edu.tw ” • If 140.112.23.118 is detected as open relay  118.23.112.140.dnsbl.cs.nctu.edu.tw • When we receive a connection from 140.112.23.118  DNS query for 118.23.112.140.dnsbl.cs.nctu.edu.tw – A 127.0.0.2 ( SHOULD in 127.0.0.0/8) » http://www.spamhaus.org/zen/ – TXT Reason • List domain names  RHSBL  Using DNSBL • Review their service options and policies carefully • http://www.dnsbl.info/dnsbl-database-check.php 9

  10. Computer Center, CS, NCTU Greylisting (1/2)  http://www.greylisting.org/  Greylisting is a client-based method that can stop mail coming from some spamming programs  Behavior of different clients while receiving SMTP response codes Response Codes 2xx 4xx 5xx Normal MTA Success Retry later Give-up Success Ignore and Give-up Most Spamming Programs send another • While spammers prefer to send mail to other recipients rather than keeping log and retrying later, MTAs have the responsibility of retring a deferred mail (in 10-30 mins) 10

  11. Computer Center, CS, NCTU Greylisting (2/2)  Idea of greylisting: • Taking use of 4xx SMTP response code to stop steps of spamming programs  Steps: • Pair (recipient, client-ip) • Reply a 4xx code for the first coming of every (recipient, client-ip) pair. • Allow retrial of this mail after a period of time (usually 5~20 mins)  Suitable waiting time will make the spamming programs giving up this mail  Limitation • Can NOT detect “open relay” mail servers 11

  12. Computer Center, CS, NCTU Sender Policy Framework (SPF)  A client-based method to detect whether a client is authorized or not  http://www.openspf.org • RFC 4408 12

  13. Computer Center, CS, NCTU Sender Policy Framework (SPF) – Is following mail questionable? Delivered-To: lwhsu.tw@gmail.com Received: by 10.204.137.3 with SMTP id u3cs64867bkt; Sat, 21 May 2011 13:19:49 -0700 (PDT) Received: by 10.68.58.38 with SMTP id n6mr1407584pbq.5.1306009188186; Sat, 21 May 2011 13:19:48 -0700 (PDT) Return-Path: <lwhsu@cs.nctu.edu.tw> Received: from zfs.cs.nctu.edu.tw (zfs.cs.nctu.edu.tw [140.113.17.215]) by mx.google.com with ESMTP id a2si4001228pbs.91.2011.05.21.13.19.46; Sat, 21 May 2011 13:19:46 -0700 (PDT) Received: from zfs.cs.nctu.edu.tw (localhost [127.0.0.1]) by zfs.cs.nctu.edu.tw (Postfix) with ESMTP id 50E2A4ABC5 for <lwhsu.tw@gmail.com>; Sun, 22 May 2011 04:16:08 +0800 (CST) Date: Sun, 22 May 2011 04:12:57 +0800 From: Li-Wen Hsu <lwhsu@cs.nctu.edu.tw> To: Li-Wen Hsu <lwhsu.tw@gamil.com> Subject: test Message-ID: <20110521201257.GA58179@zfs.cs.nctu.edu.tw> this is a test 13

  14. Computer Center, CS, NCTU Sender Policy Framework (SPF) – SMTP trace zfs-$ telnet zfs.cs.nctu.edu.tw 25 220 zfs.cs.nctu.edu.tw ESMTP Postfix helo zfs.cs.nctu.edu.tw 250 zfs.cs.nctu.edu.tw mail from: <lwhsu@cs.nctu.edu.tw> 250 2.1.0 Ok rcpt to: <lwhsu.tw@gmail.com> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Date: Sun, 22 May 2011 04:12:57 +0800 From: Li-Wen Hsu <lwhsu@cs.nctu.edu.tw> To: Li-Wen Hsu <lwhsu.tw@gamil.com> Subject: test Message-ID: <20110521201257.GA58179@zfs.cs.nctu.edu.tw> this is a test . 250 2.0.0 Ok: queued as 50E2A4ABC5 14

  15. Computer Center, CS, NCTU Sender Policy Framework (SPF) – With SPF detection Delivered-To: lwhsu.tw@gmail.com Received: by 10.204.137.3 with SMTP id u3cs64867bkt; Sat, 21 May 2011 13:19:49 -0700 (PDT) Received: by 10.68.58.38 with SMTP id n6mr1407584pbq.5.1306009188186; Sat, 21 May 2011 13:19:48 -0700 (PDT) Return-Path: <lwhsu@cs.nctu.edu.tw> Received: from zfs.cs.nctu.edu.tw (zfs.cs.nctu.edu.tw [140.113.17.215]) by mx.google.com with ESMTP id a2si4001228pbs.91.2011.05.21.13.19.46; Sat, 21 May 2011 13:19:46 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning lwhsu@cs.nctu.edu.tw does not designate 140.113.17.215 as permitted sender) client-ip=140.113.17.215; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning lwhsu@cs.nctu.edu.tw does not designate 140.113.17.215 as permitted sender) smtp.mail=lwhsu@cs.nctu.edu.tw Received: from zfs.cs.nctu.edu.tw (localhost [127.0.0.1]) by zfs.cs.nctu.edu.tw (Postfix) with ESMTP id 50E2A4ABC5 for <lwhsu.tw@gmail.com>; Sun, 22 May 2011 04:16:08 +0800 (CST) Date: Sun, 22 May 2011 04:12:57 +0800 From: Li-Wen Hsu <lwhsu@cs.nctu.edu.tw> To: Li-Wen Hsu <lwhsu.tw@gamil.com> 15

  16. Computer Center, CS, NCTU Sender Policy Framework (SPF) – The idea  For a domain administrator, he can claim which mail server will be used in his environment • Ex. For cs.nctu.edu.tw, {csmailer,csmailgate,csmail}.cs.nctu.edu.tw are the authorized mail servers  Mail out from these servers are authorized mail (under control of administrator)  Other mail might be forged and have higher probability to be SPAMs  SPF technique specifies all possible outgoing mail clients in the TXT/SPF record of DNS service to claim the authorized mail servers  When destination MTA receives a mail, it will check the client ip: • For a mail out from authorized servers, it should be safe. • For a mail out from unauthorized servers, it might be forged. 16

  17. Computer Center, CS, NCTU SPF Record Syntax – Mechanisms (1/2)  all • Always matches • Usually at the end of the SPF record  ip4 (NOT ipv4) • ip4: <ip4-address> • ip4: <ip4-network>/<prefix-length>  ip6 (NOT ipv6) • ip6:<ip6-address> • ip6:<ip6-network>/<prefix-length>  a • a • a/<prefix-length> • a:<domain> • a:<domain>/<prefix-length> The content of this page and following are from http://www.openspf.org/SPF_Record_Syntax 17

  18. Computer Center, CS, NCTU SPF Record Syntax – Mechanisms (2/2)  mx • mx • mx/<prefix-length> • mx:<domain> • mx:<domain>/<prefix-length>  ptr • ptr • ptr:<domain>  exists • exists:<domain>  Does A record exist?  include • include:<domain>  Warning: If the domain does not have a valid SPF record, the result is a permanent error . Some mail receivers will reject based on a PermError 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Rochester Customer Service Mail Processing Center Area Mail Processing (AMP) Public Meeting

Rochester Customer Service Mail Processing Center Area Mail Processing (AMP) Public Meeting

Rochester Customer Service Mail Processing Center Area Mail Processing (AMP) Public Meeting November 16, 2011 Two Topics Radical Area Mail Network Processing Realignment Study 2 Mail Volume Shifting to a Less Profitable Mix Volume in

313 views • 20 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
Advanced Topics in Theoretical Computer Science Part 4: Computability and (Un-)Decidability

Advanced Topics in Theoretical Computer Science Part 4: Computability and (Un-)Decidability

Advanced Topics in Theoretical Computer Science Part 4: Computability and (Un-)Decidability 8.01.2015 Viorica Sofronie-Stokkermans Universit at Koblenz-Landau e-mail: sofronie@uni-koblenz.de 1 Last time Recall: Turing machines and

681 views • 50 slides
Advanced MySQL topics Presented by : John A Mahady AndrewInfoServices.com Topics Topics

Advanced MySQL topics Presented by : John A Mahady AndrewInfoServices.com Topics Topics

Advanced MySQL topics Presented by : John A Mahady AndrewInfoServices.com Topics Topics Introduction Stored Procedures Views Triggers Cursors ODBC &amp; OO Base Press Release - April 15, 2009 Next Week's MySQL

438 views • 40 slides
ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer Networks The Intel Internet Exchange Architecture 10/30/03 Tilman Wolf 1 Overview Overview We have looked at Network processor concepts

771 views • 18 slides
Advanced Topics in Theoretical Computer Science Part 4: Computability and (Un-)Decidability (3)

Advanced Topics in Theoretical Computer Science Part 4: Computability and (Un-)Decidability (3)

Advanced Topics in Theoretical Computer Science Part 4: Computability and (Un-)Decidability (3) 9.01.2019 Viorica Sofronie-Stokkermans Universit at Koblenz-Landau e-mail: sofronie@uni-koblenz.de 1 Last time Theorem of Rice: All

664 views • 38 slides
Dealing With Missing Data Possible Future Topics Novice user topics: Advanced topics:

Dealing With Missing Data Possible Future Topics Novice user topics: Advanced topics:

Dealing With Missing Data Possible Future Topics Novice user topics: Advanced topics: Using R Growth curve modeling of eye Contrast coding &amp; fixations hypothesis testing Overfitting Random slopes &amp; Path

723 views • 27 slides
The Problem Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in

The Problem Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in

The Problem Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Network Security Peter Reiher May 3, 2006 Lecture 9 Lecture 9 Page 1 Page 2 CS 239, Spring 2006 CS 239, Spring 2006 Distributed Denial of Service

500 views • 4 slides
Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica

Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica

Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica Sofronie-Stokkermans Universit at Koblenz-Landau e-mail: sofronie@uni-koblenz.de Wintersemester 2017/2018 1 Acknowledgments In preparing this

1.13k views • 80 slides
Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica

Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica

Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica Sofronie-Stokkermans Universit at Koblenz-Landau e-mail: sofronie@uni-koblenz.de Wintersemester 2012-2013 1 Acknowledgments In preparing this

895 views • 75 slides
Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica

Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica

Vertiefung Theoretische Informatik Advanced Topics in Theoretical Computer Science Viorica Sofronie-Stokkermans Universit at Koblenz-Landau e-mail: sofronie@uni-koblenz.de Summersemester 2016 1 Acknowledgments In preparing this lecture

1.05k views • 83 slides
ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer Networks Microengine Programming I 11/18/03 Tilman Wolf 1 Overview Overview Lab 2: IP forwarding on IXP1200 Any problems with Part I?

791 views • 24 slides
ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer Networks Course Summary 12/04/03 Tilman Wolf 1 Final Projects Final Projects Any questions? Please send slides by Tuesday noon via email

395 views • 37 slides
SERVICE SECTOR ADVANCED POS A P S 15 0 1 8 2 2 00 3 A n ni v e r s a r y Our experience and

SERVICE SECTOR ADVANCED POS A P S 15 0 1 8 2 2 00 3 A n ni v e r s a r y Our experience and

COMPUTER CONSULTING SERVICES FOR FOOD SERVICE SECTOR ADVANCED POS A P S 15 0 1 8 2 2 00 3 A n ni v e r s a r y Our experience and service make us leaders 305 381 0902 www.aps-posfl.com About Us Advanced POS Solutions, Inc (APS) is an

387 views • 9 slides
A few announcements CSC630: Advanced topics in interactive data analysis catalog

A few announcements CSC630: Advanced topics in interactive data analysis catalog

A few announcements CSC630: Advanced topics in interactive data analysis catalog advertises as Advanced topics in Software Systems Research seminar all paper readings, discussions, presentations, projects CSC630: Advanced

647 views • 29 slides
Advanced Topics in Theoretical Computer Science Part 3: Recursive Functions (4) 18.12.2014

Advanced Topics in Theoretical Computer Science Part 3: Recursive Functions (4) 18.12.2014

Advanced Topics in Theoretical Computer Science Part 3: Recursive Functions (4) 18.12.2014 Viorica Sofronie-Stokkermans Universit at Koblenz-Landau e-mail: sofronie@uni-koblenz.de Wintersemester 2014-2015 1 Contents Recapitulation:

439 views • 42 slides
Strata: A Cross Media File System Youngjin Kwon , Henrique Fingler, Tyler Hunt, Simon Peter,

Strata: A Cross Media File System Youngjin Kwon , Henrique Fingler, Tyler Hunt, Simon Peter,

Strata: A Cross Media File System Youngjin Kwon , Henrique Fingler, Tyler Hunt, Simon Peter, Emmett Witchel, Thomas Anderson 1 Lets build a fast server NoSQL store, Database, File server, Mail server Requirements Small updates (1

1.34k views • 80 slides
Getting AAI WPs funded Who, how, why? Ann Harding, Jens

Getting AAI WPs funded Who, how, why? Ann Harding, Jens

Getting AAI WPs funded Who, how, why? Ann Harding, Jens Jensen Why is it a problem? Lots of par3es involved in end to end service delivery

292 views • 8 slides
Spam Is Bad John R. Levine Chair, IRTF ASRG Chair@asrg.sp.am http://asrg.sp.am Why is spam

Spam Is Bad John R. Levine Chair, IRTF ASRG Chair@asrg.sp.am http://asrg.sp.am Why is spam

Spam Is Bad John R. Levine Chair, IRTF ASRG Chair@asrg.sp.am http://asrg.sp.am Why is spam bad? Theres too much of it Its offensive Its fraudulent 2 Why is spam bad? Theres too much of it 98% More spam

655 views • 31 slides
Column-Stores vs. Row-Stores: How Different Are They Really? Daniel Abadi (Yale), Samuel Madden

Column-Stores vs. Row-Stores: How Different Are They Really? Daniel Abadi (Yale), Samuel Madden

Column-Stores vs. Row-Stores: How Different Are They Really? Daniel Abadi (Yale), Samuel Madden (MIT), Nabil Hachem (AvantGarde Consulting) June 12 th , 2008 Daniel Abadi -- Yale University Row vs. Column-Stores Row-Store Column-Store Last

495 views • 26 slides
Improve your SQL workload with observability PostgresOpen 2019 @ Orlando Wilfried ROSET,

Improve your SQL workload with observability PostgresOpen 2019 @ Orlando Wilfried ROSET,

Improve your SQL workload with observability PostgresOpen 2019 @ Orlando Wilfried ROSET, Engineering Manager 1 Speaker Wilfried ROSET wilfriedroset @ github Engineering Manager @ OVH 2 WE BUILD A a truly Cloud SMART DIFFERENT

950 views • 62 slides
Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low

Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low

The European School on Magnetism Targoviste (Romania) August 22rd September 2nd, 2011 Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low Dimensional Systems in Low Dimensional Systems Andrea

1.08k views • 44 slides
TRANSMISSION CONTROL PROTOCOL Jasleen Kaur Fall 2015 1 Impact of Wireless on Protocol

TRANSMISSION CONTROL PROTOCOL Jasleen Kaur Fall 2015 1 Impact of Wireless on Protocol

11/12/15 COMP 635: WIRELESS NETWORKS TRANSMISSION CONTROL PROTOCOL Jasleen Kaur Fall 2015 1 Impact of Wireless on Protocol Layers Application layer service location new/adaptive applications multimedia Transport layer

559 views • 9 slides
TCP Sequence Number Plots Carey Williamson Department of Computer Science University of Calgary

TCP Sequence Number Plots Carey Williamson Department of Computer Science University of Calgary

TCP Sequence Number Plots Carey Williamson Department of Computer Science University of Calgary Tutorial: TCP 101 The Transmission Control Protocol (TCP) is the protocol that sends your data reliably Used for email, Web, ftp, telnet,

612 views • 37 slides

More recommend