spam filtering at cern
play

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 - PowerPoint PPT Presentation

Nov 06, 2022 •157 likes •348 views

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1 Topics Topics Statistics Current Spam filtering at CERN Products overview Selected solution How it works Exchange 2000

  1. Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1

  2. Topics Topics � Statistics � Current Spam filtering at CERN � Products overview � Selected solution � How it works � Exchange 2000 integration 23 October 2002 Emmanuel Ormancey 2

  3. Some statistics… Some statistics… � At CERN: � Low level existing filters: 25% of mails detected as spam and rejected. � New filtering solution identifies 10% more. � Measurements in Europe for 2001 (NetValue users panel) : � Spam increased of 80% in 2001. � 36.8% of received mails are Spam. � According to US AntiSpam company Brightmail: � Spam increased of 450% during last year � 74% of received mails are Spam. 23 October 2002 Emmanuel Ormancey 3

  4. Current Spam Filtering Current Spam Filtering � Basic checks: � Sendmail level tests. � Local lists of banned IP addresses, domains, subject keywords, emails. � Header “consistency” tests (i.e. message id format). � Mail rejected if identified as Spam. � Manual work: � Update local banned lists from abuse reports. � Remove entries when users report false positive rejections. 23 October 2002 Emmanuel Ormancey 4

  5. Commercial products Commercial products � Commercial products too basic � Basic tests: � keywords in subject/body � IP address ban � Sender / recipient ban � Action: � Delete: helpdesk will receive user complaints if false positive. � Quarantine (i.e. Norton antivirus): require manual lookup to validate real spam and good mails. 23 October 2002 Emmanuel Ormancey 5

  6. SpamAssassin testing SpamAssassin testing � How it works: � All in one: Different tests based on different techniques � Client / server version, with a ‘simple client’ allowing portability. � Good for spam detection. � Stability problem (on our Solaris). � Need to correct regular expressions bugs. � Not enough, need a mix of: � Mail content tests (SpamAssassin) � Low level “sendmail” tests (actual spam tests) � Need some custom rules and tests. � Need logs and statistics. 23 October 2002 Emmanuel Ormancey 6

  7. Solution Solution � Start from SpamAssassin base � Add existing rules and custom tests � Easy to modify and to create add-ins. � Windows based: Future Exchange 2000 C# .NET SpamKiller � Easy to develop in any language. � Compiled regular expressions, compatible with unix. � After 3 months running and stress testing: no crash, no leak: seems stable. 23 October 2002 Emmanuel Ormancey 7

  8. Detecting spam - - Tests Tests Detecting spam � Different tests: � Text only (regular expressions): � Header � Body full text � Body raw for base64 encoded spam � “Smart tests” more complex than regular expressions. � Header consistency. � Open relays blacklist check on several servers. � Catalog check: compares mail with spam catalog (calculated signatures and subjects keywords). 23 October 2002 Emmanuel Ormancey 8

  9. Detecting spam – – Scoring Scoring Detecting spam � Score calculation: � Each test returning true returns a score. � If sum of all scores is greater than ‘required hits’, mail is spam. � Lowest ‘required hits’ value is 5. Sample : Spam: True ; 5.559 / 5 Content analysis details: (5.559 hits, 5 required) 2 points: HTML-only mail, with no text version 0.21 points: 'Received:' has 'may be forged' warning 0.814 points: Subject has an exclamation mark 0.5 points: Spam phrases score is 00 to 01 (low) 2.035 points: 'remove' URL contains an email address 23 October 2002 Emmanuel Ormancey 9

  10. Detecting spam - - Action Action Detecting spam � When spam is detected: � Do not delete mail, it may be an error or a commercial mailing list subscribed by user. � Do not reply to sender “we don’t accept spam” → it helps to improve spammer techniques. � Do not quarantine mail at server level: too much traffic and too much work. � A good mail service don’t loose mails. Solution: Let the user decide � Quarantine spam mail at the user level. � Allow user to check in quarantined mails for missing mails. � Allow user to choose a spam detection level (lowest level = 5) � Allow user to choose quarantine behavior. 23 October 2002 Emmanuel Ormancey 10

  11. User choice User choice • Configure Spam Level. • Set expiration time. Cern Spam folder automatically created. 23 October 2002 Emmanuel Ormancey 11

  12. SpamKiller – – Overview Overview SpamKiller � Server: � Windows service. � Multithread "http like" server (clients on any platform can use it). � High exception catch to prevent server crash on error or bug. � Configuration: � Configuration in XML files (import from original SpamAssassin configuration possible). � Precompiled regular expressions to gain performance. � Statistics and logging: � Logs to perfmon (performance monitor) real-time statistics. � Logs statistics into XML files. 23 October 2002 Emmanuel Ormancey 12

  13. Exchange integration Exchange integration Internet Internet Incoming mail Exchange SMTP (1 to n servers) Check mail SM SMTP Event TP Event s sink nk Spam Killer service Add header if score >= 5 (1 to n servers) Return score Exchange store 1. Check user requested spam level. Asynchron Asynchronous OnSave ous OnSave 2. Check header for score. Event s Event sink nk 3. Move mail to CERN Spam if score > requested level. 23 October 2002 Emmanuel Ormancey 13

  14. Reporting Spam Reporting Spam � Outlook XP: Com Add-in adds button to report spam (moves selected mails to specific public folder). � Others: Forward mail to abuse@cern.ch 23 October 2002 Emmanuel Ormancey 14

  15. Use of reported Spam Use of reported Spam � Spam reported with add-in button: � Mail in original format. � Create signatures. � Add signatures to catalog. � Can be automated. 23 October 2002 Emmanuel Ormancey 15

  16. Use of reported Spam Use of reported Spam � Spam forwarded to abuse@cern.ch � Mail modified due to forward. � Extract header information. � Create catalog: � Subjects � IP � Senders 23 October 2002 Emmanuel Ormancey 16

  17. Statistics Statistics Online statistics available on SpamKiller website: 23 October 2002 Emmanuel Ormancey 17

  18. Conclusion Conclusion � Now available to CERN Exchange users. � Up since July. � Low manual work: populate Spam catalog with tools, tune rules. � Problem with mailing lists filtering: add white list at user level in next release. � Clients can be created on any system. (possible reuse of SpamAssassin client). 23 October 2002 Emmanuel Ormancey 18

  19. Questions ? Contact: emmanuel.ormancey@cern.ch 23 October 2002 Emmanuel Ormancey 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee Institute of Computer Science, University of Tartu Overview Spam is Evil ML for Spam Filtering: General Idea, Problems. Some Algorithms Nave Bayesian

391 views • 35 slides
Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What is spam? Different spam types Anti-Spam Techniques Probability theory basics Conditional probability Bayes Theorem Naive Bayes Theorem Spam

1.04k views • 27 slides
SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr

SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr

Spam and its detection Quantitative profile approach Results Conclusions SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr pitalsk Slovanet a.s., Zhradncka 151, 821 08 Bratislava, Slovakia

680 views • 22 slides
Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid

Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid

Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid Sikl osi J acint Szab ur 1 Andr as A. Bencz 1 Data Mining and Web Search Group Computer and Automation Institute Hungarian Academy

627 views • 14 slides
Tightening the net: a review of current and next generation spam filtering tools James Carpinter

Tightening the net: a review of current and next generation spam filtering tools James Carpinter

Tightening the net: a review of current and next generation spam filtering tools James Carpinter & Ray Hunt Department of Computer Science and Software Engineering University of Canterbury Abstract IT infrastructure worldwide. While it

412 views • 19 slides
A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary

A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary

Spam & HCI R. Beverly The Problem A Human A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary Robert Beverly MIT CSAIL rbeverly@csail.mit.edu July 27, 2009 Conference on Email and

506 views • 16 slides
Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

Filtering May be Your Work Adaptive Information Filtering Using Bayesian Graphical Models Yi Zhang Baskin School of Engineering University of California Santa Cruz yiz@soe.ucsc.edu 1 2 Filtering May be Your Work Filtering May be Your Work

415 views • 8 slides
Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial

Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial

Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial Lecture Series, CUED 1 A typical machine learning problem A typical machine learning problem 2 Spam filtering by linear separation Not spam Spam

1.07k views • 82 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
and Fashionable Nonprofit Communication Conference, Presented by Drury University Friday, Oct.

and Fashionable Nonprofit Communication Conference, Presented by Drury University Friday, Oct.

Get Your E-Newsletter Fit, Fascinating and Fashionable Nonprofit Communication Conference, Presented by Drury University Friday, Oct. 16, 2015; Track 2: Internal & External Communication (12:45 to 2 p.m.) Most communications professionals

148 views • 4 slides
Spamalytics Steve Johnson Wednesday, February 23, 2011 Introduction What percentage of

Spamalytics Steve Johnson Wednesday, February 23, 2011 Introduction What percentage of

Spamalytics Steve Johnson Wednesday, February 23, 2011 Introduction What percentage of people click on spam? How profitable is spam? Answer these questions for a better understanding of how to stop spam But how to answer them?

259 views • 24 slides
Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL

Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL

Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL INITIATIVE ALYSE ZAVALA, DUKE IT SECURITY OFFICE INTERNET OF THINGS (IoT) u The network of physical devices, smart appliances, vehicles, and other items

88 views • 8 slides
Description and the merits of M-Protect A new software, M-Protect, based on a U.S. Patent #

Description and the merits of M-Protect A new software, M-Protect, based on a U.S. Patent #

Description and the merits of M-Protect A new software, M-Protect, based on a U.S. Patent # 7571220, delivers many powerful commercial features. The new product will not only stop the spam mails, it will also offer auto-sorting of incoming

81 views • 4 slides
Mailchimp Introduction Author List Management Resources and Links Authors:

Mailchimp Introduction Author List Management Resources and Links Authors:

Mailchimp Introduction Author List Management Resources and Links Authors: http://adamcroft.net/ http://jfpenn.com/ http://www.agriddle.com/ http://www.eliciahyder.com/ http://www.charlotte-byrd.com/

409 views • 14 slides
Using BGP for realtime import and export of spam whitelist/blacklist entries a year in the life

Using BGP for realtime import and export of spam whitelist/blacklist entries a year in the life

Using BGP for realtime import and export of spam whitelist/blacklist entries a year in the life Peter Hessler phessler@openbsd.org OpenBSD 16 May, 2014 bgp-spamd.net network-based spam fighting: bypass and trap lists from spamd(8) use

546 views • 28 slides
Using BGP for realtime import and export of spam whitelist/blacklist entries Peter Hessler

Using BGP for realtime import and export of spam whitelist/blacklist entries Peter Hessler

Using BGP for realtime import and export of spam whitelist/blacklist entries Peter Hessler phessler@hostserver.de Hostserver GmbH 17 September, 2015 traditional methods network-based spam fighting: download a file from a server every

381 views • 26 slides
YOUR DIGITAL MARKETING KEY SOCIAL MEDIA | SEO | WEB DEVELOPMENT www.digitalchaabi.com Mob :

YOUR DIGITAL MARKETING KEY SOCIAL MEDIA | SEO | WEB DEVELOPMENT www.digitalchaabi.com Mob :

YOUR DIGITAL MARKETING KEY SOCIAL MEDIA | SEO | WEB DEVELOPMENT www.digitalchaabi.com Mob : 8012300095 ABOUT DIGITAL CHAABI NO FANCY PROMISES NO HIGH WORDS JUST REAL EFFORT 01 Our team consists of hand-picked members, who are dedicated to your

332 views • 14 slides

More recommend