That Ain't You: Detecting Spearphishing Emails Before They

Total Page:16

File Type:pdf, Size:1020Kb

That Ain't You: Detecting Spearphishing Emails Before They That Ain't You: Blocking Spearphishing Emails Before They Are Sent Gianluca Stringhinix and Olivier Thonnardz xUniversity College London z Amadeus [email protected] [email protected] Abstract 1 Introduction Companies and organizations are constantly under One of the ways in which attackers try to steal sen- attack by cybercriminals trying to infiltrate corpo- sitive information from corporations is by sending rate networks with the ultimate goal of stealing sen- spearphishing emails. This type of emails typically sitive information from the company. Such an attack appear to be sent by one of the victim's cowork- is often started by sending a spearphishing email. At- ers, but have instead been crafted by an attacker. tackers can breach into a company's network in many A particularly insidious type of spearphishing emails ways, for example by leveraging advanced malware are the ones that do not only claim to come from schemes [21]. After entering the network, attackers a trusted party, but were actually sent from that will perform additional activities aimed at gaining party's legitimate email account that was compro- access to more computers in the network, until they mised in the first place. In this paper, we pro- are able to reach the sensitive information that they pose a radical change of focus in the techniques used are looking for. This process is called lateral move- for detecting such malicious emails: instead of look- ment. Attackers typically infiltrate a corporate net- ing for particular features that are indicative of at- work, gain access to internal machines within a com- tack emails, we look for possible indicators of im- pany and acquire sensitive information by sending personation of the legitimate owners. We present spearphishing emails. In a spearphishing attack an IdentityMailer, a system that validates the au- email is crafted and sent to a specific person within a thorship of emails by learning the typical email- company, with the goal of infecting her machine with sending behavior of users over time, and compar- an unknown piece of malware, luring her to hand out access credentials, or to provide sensitive informa- arXiv:1410.6629v1 [cs.CR] 24 Oct 2014 ing any subsequent email sent from their accounts against this model. Our experiments on real world e- tion. Recent research showed that spearphishing is mail datasets demonstrate that our system can effec- a real threat, and that companies are constantly tar- tively block advanced email attacks sent from genuine geted by this type of attack [38]. email accounts, which traditional protection systems Spearphishing is not spam. While they may share are unable to detect. Moreover, we show that it is re- a few common characteristics, it is important to note silient to an attacker willing to evade the system. To that spearphishing is still very different from tra- the best of our knowledge, IdentityMailer is the ditional email spam. In most cases, spearphishing first system able to identify spearphishing emails that emails appear to be coming from accounts within the are sent from within an organization, by a skilled at- same company or from a trusted party, to avoid rais- tacker having access to a compromised email account. ing suspicion by the victim [40]. This can be done in a trivial way, by forging the From: field in the attack and modal words in their emails. The core of Identi- email. However, in more sophisticated attacks, the tyMailer consists in building a user profile reflect- malicious emails are actually sent from a legitimate ing her email-sending behavior. When a user's ac- employee's email account whose machine has been count gets compromised, the attack emails that are compromised, or whose credentials have been previ- sent from this account are likely to show differences ously stolen by the attacker [30]. From the attacker's from the behavioral profile of the genuine user. perspective, this modus operandi presents two key Behavioral anomalies can be very evident or more advantages. First, it leverages a user's social connec- subtle. An example of a \noisy" attack is a worm tions: previous research showed that users are more that sends an email to the entire address book of likely to fall for scams if the malicious message is a user [39], which is a behavior that typical users sent by somebody they trust [14]. Secondly, it cir- do not show. In more realistic scenarios, attackers cumvents existing detection systems, which are typ- might try to mimic the typical behavior of the person ically based on anti-spam techniques. This happens they are impersonating in their emails. What they for two reasons: first, the content of spearphishing could do is sending emails only at hours in which the emails looks in many cases completely legitimate and user is typically sending them, and only to people she it does not contain any words that are indicative of frequently interacts with, or even imitate the user's spam, since the goal is to make it resemble typical writing style. business emails. Second, if an email impersonating To make it more difficult for attackers to success- one of the company's employees comes from that per- fully evade our system, IdentityMailer builds the son's computer, which has been compromised, then email-sending behavioral profile for a particular user origin-based detection techniques, such as IP reputa- by leveraging both the emails previously sent by that tion, become useless. Secondly, it circumvents all IP specific user and a set of emails that other users in and origin-based blacklisting systems, as well as email the organization authored. In a nutshell, Identi- sender or domain verification systems such as Sender tyMailer compares the emails written by the user Policy Framework (SPF) and DomainKeys Identified to the ones written by everybody else and extracts Mail (DKIM) [19, 43], since the email is sent from a those characteristics that are the most representative genuine email account. of the user's behavior. If common characteristics are A new paradigm for fighting targeted at- shared by multiple users, however, these will be de- tack emails. Given how different spearphishing emphasized because they are not specific to a particu- emails are compared to traditional spam and phish- lar user. For example, certain functional words only ing emails, we propose a paradigm shift in detection used by a given user (and rarely by others) would approaches to fight this threat, and present Identi- model her behavior well. tyMailer, a system to detect and block spearphish- When an attacker tries to learn a victim's sending ing emails sent from compromised accounts. In- behavior to mimic it in his attack emails, he only has stead of looking for signs of maliciousness in emails access to that user's emails (since he compromised her (such as words that are indicative of illicit content, account or personal machine). It is unlikely, however, phishy-looking content, or suspicious origin), Iden- that he has access to the ones authored by all other tityMailer determines whether an email was ac- users within the company { besides the few emails tually written by the author that it claims to come exchanged by the victim and the coworkers he/she from. In other words, we try to automatically val- is interacting with. Therefore, all the attacker can idate the genuineness of the email authorship. Our do is learning the most common habits of the user approach is based on a simple, yet effective observa- (such as the email address that is more frequently tion: most users develop habits when sending emails. contacted, and at what time the user generally sends These habits include frequent interactions with spe- emails), but he has no guarantee that those traits are cific people, sending emails at specific hours of the actually representative of the victim's behavior. day, and using certain greetings, closing statements, Working on the sending end. Traditional anti- spam systems work on the receiving end of the email the anomaly as a false positive, and the email is for- process. This means that they analyze incoming warded. In addition, we update the user's behavioral emails, and establish whether they are legitimate or profile to include this particular email, so that we malicious. This approach is very effective in gen- will we avoid similar false positives in the future. If eral, but it has many drawbacks in our specific case. the user fails at solving the challenge, however, we First of all, the analysis that can be performed on consider the email as a possible attack, and we dis- incoming emails has to be lightweight, due to the card it. We acknowledge that having to go through large amount of emails, mostly malicious, that mail an identity-verification process can be annoying for servers receive [36]. As a second drawback, learn- users. However, we think that having users confirm ing the typical behavior of a user on the receiving their identity once in a while is a fair price to pay to end has the problem that a mail server only has protect a company against advanced email attacks, as visibility of the emails that are exchanged between long as the verifications are rare enough (for example, that user and people whose mailboxes are hosted on one in every 30 emails on average). the server. Therefore, a behavioral profile built from We tested IdentityMailer on a large set of these emails might not be representative enough to publicly-available emails, and on real world data sets correctly model the sending habits of users. made of malicious targeted emails sent to the cus- Because of the aforementioned problems, we pro- tomers of a large security company.
Recommended publications
  • Discussion Paper Countering Spam: How to Craft an Effective Anti-Spam
    DISCUSSION PAPER COUNTERING SPAM: HOW TO CRAFT AN EFFECTIVE ANTI-SPAM LAW International Telecommunication Union This paper has been prepared for the ITU World Summit on the Information Society (WSIS) thematic workshop on Countering Spam, organized under the ITU New Initiatives Programme by the Strategy and Policy Unit (SPU). The paper was written by Matthew B. Prince, CEO and co-founder of Unspam, LLC, a Chicago-based business and government consulting company helping to draft and enforce effective anti-spam laws. He is a member of the Illinois Bar and an Adjunct Professor at the John Marshall Law School. He received his J.D. from the University of Chicago Law School and his B.A. from Trinity College, Hartford, Connecticut. For more information visit: http://www.unspam.com/. The meeting project is managed by Robert Shaw ([email protected]) and Claudia Sarrocco ([email protected]) of the Strategy and Policy Unit (SPU) and the series is organized under the overall responsibility of Tim Kelly, Head, SPU. This and the other papers in the series are edited by Joanna Goodrick. The views expressed in this paper are those of the author and do not necessarily represent those of ITU or its membership. 1 Introduction Since the first anti-spam law worldwide was passed in 1997, at least 75 governments around the world have passed anti-spam laws.1 That first anti-spam law was in fact passed at state-level in the United States, by the state of Nevada.2 The anti-spam laws in existence today take the form of so-called “opt-in” or “opt-out” regulations.
    [Show full text]
  • Characterizing Spam Traffic and Spammers
    2007 International Conference on Convergence Information Technology Characterizing Spam traffic and Spammers Cynthia Dhinakaran and Jae Kwang Lee , Department of Computer Engineering Hannam University, South Korea Dhinaharan Nagamalai Wireilla Net Solutions Inc, Chennai, India, Abstract upraise of Asian power houses like China and India, the number of email users have increased tremendously There is a tremendous increase in spam traffic [15]. These days spam has become a serious problem these days [2]. Spam messages muddle up users inbox, to the Internet Community [8]. Spam is defined as consume network resources, and build up DDoS unsolicited, unwanted mail that endangers the very attacks, spread worms and viruses. Our goal is to existence of the e-mail system with massive and present a definite figure about the characteristics of uncontrollable amounts of message [4]. Spam brings spam and spammers. Since spammers change their worms, viruses and unwanted data to the user’s mode of operation to counter anti spam technology, mailbox. Spammers are different from hackers. continues evaluation of the characteristics of spam and Spammers are well organized business people or spammers technology has become mandatory. These organizations that want to make money. DDoS attacks, evaluations help us to enhance the existing technology spy ware installations, worms are not negligible to combat spam effectively. We collected 400 thousand portion of spam traffic. According to research [5] most spam mails from a spam trap set up in a corporate spam originates from USA, South Korea, and China mail server for a period of 14 months form January respectively. Nearly 80% of all spam are received from 2006 to February 2007.
    [Show full text]
  • Criminals Become Tech Savvy
    Attack Trends Elias Levy, [email protected] Ivan Arce, [email protected] Criminals Become Tech Savvy n this installment of Attack Trends, I’ll look at the growing 2003 alone. Fraud schemes are usu- ELIAS LEVY ally peddled by individuals who Symantec convergence of technically savvy computer crackers with spam potential victims (www. brightmail.com/brc_fraud-stats. financially motivated criminals. Historically, most com- html), such as the Nigerian, or 419, scam (see the 419 Coalition’s Web puter crime on the Internet has not been financially moti- site at http://home.rica.net/alphae/ I 419coal/). But as the number of vated: it was the result of either curious or malicious technical fraud cases has increased, so has the public’s awareness of them; fraudsters attackers, called crackers. This changed Increasingly on the defensive, are increasingly forced to resort to as the Internet became more com- spammers are fighting back by be- more intricate schemes. mercialized and more of the public has coming more sophisticated, generat- We’re now seeing the practice of gone online. Financially motivated ing unique messages, and finding new “phishing” gaining popularity with actors in the fauna of the Internet’s open proxies or SMTP relays to send fraudsters. Using this scheme, crimi- seedy underbelly—spammers and messages and hide their true sources. nals create email messages with re- fraudsters—soon joined crackers to turn addresses, links, and branding exploit this new potential goldmine. Fraud that seem to come from trusted, Internet fraud has also become a se- well-known organizations; the hope Spam rious problem.
    [Show full text]
  • Locating Political Power in Internet Infrastructure by Ashwin Jacob
    Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Information in the Graduate Division of the University of California, Berkeley Committee in charge: Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair Professor Paul Duguid Professor Peter Evans Fall 2014 Where in the World is the Internet? Locating Political Power in Internet Infrastructure Copyright 2014 by Ashwin Jacob Mathew This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.1 1The license text is available at http://creativecommons.org/licenses/by-nc-sa/4.0/. 1 Abstract Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew Doctor of Philosophy in Information University of California, Berkeley Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair With the rise of global telecommunications networks, and especially with the worldwide spread of the Internet, the world is considered to be becoming an information society: a society in which social relations are patterned by information, transcending time and space through the use of new information and communications technologies. Much of the popular press and academic literature on the information society focuses on the dichotomy between the technologically-enabled virtual space of information, and the physical space of the ma- terial world. However, to understand the nature of virtual space, and of the information society, it is critical to understand the politics of the technological infrastructure through which they are constructed.
    [Show full text]
  • Opting out of Spam: a Domain Level Do-Not-Spam Registry
    Opting Out of Spam: A Domain Level Do-Not-Spam Registry Rebecca Bolint INTRODUCTION Spain, or unsolicited commercial email,' drastically lowers the costs of advertising directly to prospective consumers by exploiting open electronic mail protocols. And it has become an obnoxious big business. Markets, norms, and technological measures 2 have all failed to change sufficiently the economics of the spain business model. Spare is clogging businesses' servers and users' inboxes, and costing too much money and time in return for too little benefit. This Note argues that despite widespread criticism, current federal spain law has in fact effectively targeted the most egregious senders. But it has also created an entitlement to send spam--one free message-before a recipient's wish to avoid spain must be honored. This reverses the entitlement set in other media and ignores consumer demand for privacy and a Do-Not-Call Registry for email. Part I of this Note describes spain, its scale, and its costs and benefits. Part II analyzes attempts to use the market and state legislation to fix the problem. It explains why these efforts failed, and why federal legislation was required. Part III outlines the successes of CAN-SPAM, the groundbreaking federal spain law, as well as the interlocking set of state laws used to combat spainmers. Part IV compares spain law to policies addressing unsolicited commercial speech in other media and proposes a policy suggested in CAN-SPAM, but ultimately overlooked: a Do-Not-Call Registry for email. This Note concludes that a Do- Not-Spain Registry balances the easy detection of a strict liability rule with the t Yale Law School, J.D.
    [Show full text]
  • Monthly Security Bulletin
    Advanced Security Operations Center Telelink Business Services www.telelink.com Monthly Security Bulletin March 2020 This security bulletin is powered by Telelink’s Advanced Security Operations Center The modern cybersecurity threat landscape is constantly evolving. Why Advanced Security New vulnerabilities and zero-day attacks are discovered every day. The Operations Center (ASOC) by old vulnerabilities still exist. The tools to exploit these vulnerabilities are Telelink? applying more complex techniques. But are getting easier to use. • Delivered as a service, which Mitigating modern cyber threats require solutions for continuous guarantees fast implementation, monitoring, correlation, and behavior analysis that are expensive and clear responsibility in the require significant amount of time to be implemented. Moreover, many Supplier and ability to cancel the organizations struggle to hire and retain the expensive security experts contract on a monthly basis. needed to operate those solutions and provide value by defending the • Built utilizing state of the art organizations. leading vendor’s solutions. • Can be sized to fit small, The ASOC by Telelink allows organizations get visibility, control, and medium and large business recommendations on improving their security posture for a fixed and needs. predictable monthly fee. • No investment in infrastructure, team, trainings or required technology. • Flexible packages and add-ons that allow pay what you need approach. • Provided at a fraction of the cost of operating your own SOC. LITE
    [Show full text]
  • How Is E-Mail Sender Authentication Used and Misused?
    How is E-mail Sender Authentication Used and Misused? Tatsuya Mori Yousuke Takahashi NTT Service Integration Laboratories NTT Service Integration Laboratories 3-9-11 Midoricho Musashino 3-9-11 Midoricho Musashino Tokyo, Japan 180-8585 Tokyo, Japan 180-8585 [email protected] [email protected] Kazumichi Sato Keisuke Ishibashi NTT Service Integration Laboratories NTT Service Integration Laboratories 3-9-11 Midoricho Musashino 3-9-11 Midoricho Musashino Tokyo, Japan 180-8585 Tokyo, Japan 180-8585 [email protected] [email protected] ABSTRACT tive way of avoiding spam filtration. Thus, e-mail sender authen- E-mail sender authentication is a promising way of verifying the tication mechanisms have attracted attention as a promising way sources of e-mail messages. Since today’s primary e-mail sender of verifying sender identities. Large webmail service providers authentication mechanisms are designed as fully decentralized ar- such as Google have leveraged sender authentication mechanisms chitecture, it is crucial for e-mail operators to know how other or- to classify authenticated sending domains as either likely legit or ganizations are using and misusing them. This paper addresses the spammy [23]. question “How is the DNS Sender Policy Framework (SPF), which Of the several e-mail sender authentication mechanisms, we fo- is the most popular e-mail sender authentication mechanism, used cus on Sender Policy Framework (SPF) [28], which is the most and misused in the wild?” To the best of our knowledge, this is used sender authentication mechanism today [16, 26, 12, 23]. Ac- the first extensive study addressing the fundamental question.
    [Show full text]
  • Draft NIST Special Publication 800-177, Trustworthy Email
    This (First) DRAFT of Special Publication 800-177 document has been superceded by the following draft publication: The first draft has been attached for HISTORICAL PURPOSE – PLEASE refer to the Second Draft (see details below): Publication Number: Second Draft Special Publication 800-177 Title: Trustworthy Email Publication Date: March 2016 Second Draft Publication: http://csrc.nist.gov/publications/PubsDrafts.html#800-177 Information on other publications: http://csrc.nist.gov/publications/ The following information was posted with the attached DRAFT document: NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions. This draft guide includes recommendations for the deployment of domain-based authentication protocols for email as well as end-to-end cryptographic protection for email contents. Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP) and the Domain Name System (DNS) include mechanisms for authenticating a sending domain (Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain based Message Authentication, Reporting and Conformance (DMARC). Email content security is facilitated through encryption and authentication of message content using S/MIME and/or Transport Layer Security (TLS) with SMTP. This guide is written for the federal agency email administrator, information
    [Show full text]
  • QUICK LOOK • Blacklists, Also Called 'Blocklists', Are Lists of Mail Servers Or Domains That Have Been Identified by a Blacklist Provider As Being a Source of Spam
    QUICK LOOK • Blacklists, also called 'blocklists', are lists of mail servers or domains that have been identified by a blacklist provider as being a source of spam. • There are dozens of blacklists across the Internet; however, only a handful are considered reliable enough for widespread usage. • The criteria for appearing on blacklists are different for each list, and may be factbased or completely arbitrary, making it sometimes challenging to get removed from blacklists. • Given the unique nature of each blacklist, appearance on a blacklist may or may not present meaningful deliverability challenges. OVERVIEW A blacklist is a list of mail servers (or domains) that have been identified by an individual or group as senders of spam. Some lists are compiled automatically, while others are manually compiled by individuals. Blacklist services range from respected and formalized groups to one-man operations, sometimes self-appointed vigilantes of the email world. Both methods can be extremely arbitrary and often result in "false positives" (e.g. email desired by the recipient that does not get delivered due to filtering or blocking). There is no single reason a sender may get listed on a blacklist. In general, blacklisting services target companies perceived to be sending spam. Typically, this is because the group or individual maintaining the blacklist has received unsolicited email from the listed server. Some public groups, such as SpamCop, base their listings on the number of complaints issued from consumers. Even one complaint can cause a block to be issued. There also is no one single source for blacklists, making it difficult if not impossible to identify every blacklist currently active.
    [Show full text]
  • OPINION Security Columns Standards Book Reviews
    DECEMBER 2008 VOLUME 33 NUMBER 6 OPINION Musings 2 Rik Farrow SECURITY Masquerade: Simulating a Thousand Victims 6 Sam Small, JoShua maSon, Ryan macaRthuR, and Fabian monRoSe THE USENIX MAGAZINE SCADA: Issues, Vulnerabilities, and Future Directions 14 tim yaRdley Highly Predictive Blacklisting 21 Jian Zhang, PhilliP Porr aS, and JohanneS ullRich Investigating Argos 29 Jeffrey beRg, evan teRan, and Sam StoveR Architecture and Threat Analysis of a Campus Wireless Network 36 calvin Ardi and daniel chen CoLUMns Practical Perl Tools: This Column Is Password-Protected. 46 david n. blank-edelman Pete’s All Things Sun: The Death of Solaris 51 PeteR baeR galvin iVoyeur: You Should Write an NEB Module, Revisited 57 david JoSePhSen /dev/random 61 RobeRt g. Ferrell STANDARDs Update on Standards: Diary of a Standards Geek, Part 2 63 nick Stoughton BooK REVIEWS Book Reviews 68 eliZabeth Zwicky et al. USEniX NOTES Thanks to Our Volunteers 72 ellie young ConFERENCES Security ’08 Reports 75 WOOT ’08 Reports 99 EVT ’08 Reports 102 HotSec ’08 Reports 109 Metricon 3.0 114 The Advanced Computing Systems Association DecCovers.indd 1 11/13/08 10:36:40 AM Upcoming Events 1s t Wo r k s h o p o n t h e th e o r y a n d pr a c t i c e o f 6t h USENIX sy M p o s i um o n ne t W o r k e d sy s t e M s pr o v e n a n c e (taPP ’09) de s i g n a n d iM p l e M e n t a t i o n (NSDI ’09) Co-located with FAST ’09 Sponsored by USENIX in cooperation with ACM SIGCOMM February 23, 2009, San FranciSco, CA, uSa and ACM SIGOPS http://www.usenix.org/tapp09 april 22–24, 2009,
    [Show full text]
  • Drpjournal 5Pm S1 2011.Pdf
    table of contents table of contents Digital Publishing: what we gain and what we lose 4 The Impact of Convergence Culture on News Publishing: the Shutong Wang rise of the Blogger 112 Renae Englert Making Online Pay: the prospect of the paywall in a digital and networked economy 14 The New Design of Digital Contents for Government Yi Wang Applications: new generations of citizens and smart phones applications 120 E-mail Spam: advantages and impacts in digital publishing 22 Lorena Hevia Haoyu Qian Solving the Digital Divide: how the National Broadband Net- Advertising in the new media age 32 work will impact inequality of online access in Australia Quan Quan Chen 133 Michael Roberts Twitter Theatre: notes on theatre texts and social media platforms 40 The Blurring of Roles: journalists and citizens in the new Alejandra Montemayor Loyo media landscape Nikki Bradley 145 The appearance and impacts of electronic magazines from the perspective of media production and consumption 50 Wikileaks and its Spinoffs:new models of journalism or the new Ting Xu media gatekeepers? 157 Nadeemy Chen Pirates Versus Ninjas: the implications of hacker culture for eBook publishing 60 Shannon Glass Online Library and Copyright Protection 73 Yang Guo Identities Collide: blogging blurs boundaries 81 Jessica Graham How to Use Sina Microblog for Brand Marketing 90 Jingjing Yu Inheriting the First Amendment: a comparative framing analysis of the opposition to online content regulation 99 Sebastian Dixon journal of digital research + publishing - 2011 2 journal of digital research + publishing - 2011 3 considerably, reaching nearly 23% of the level of printed book Digital Publishing: what we gain and usage.
    [Show full text]
  • Curbing Spam Via Technical Measures: an Overview
    ITU WSIS THEMATIC MEETING ON COUNTERING SPAM CURBING SPAM VIA TECHNICAL MEASURES: AN OVERVIEW International Telecommunication Union This paper has been prepared for the ITU World Summit on the Information Society (WSIS) thematic meeting on Countering Spam, organized under the ITU New Initiatives Programme by the Strategy and Policy Unit (SPU). The paper was written by Ho Khee Yoke, Senior Consultant, and Lawrence Tan, Senior Manager, both with the Infocomm Development Authority of Singapore.1 The meeting project is managed by Robert Shaw ([email protected]) and Claudia Sarrocco ([email protected]) of the Strategy and Policy Unit (SPU) and the series is organized under the overall responsibility of Tim Kelly, Head, SPU. This and the other papers in the series are edited by Joanna Goodrick; see www.itu.int/ni. The views expressed in this paper are those of the author and do not necessarily represent those of ITU or its membership. Abstract Unsolicited e-mail (colloquially known as “spam”) is a problem for most Internet users. Although there is no “silver bullet” that can completely eradicate spam, there are many technical measures that can effectively reduce the amount of spam that reaches end-users. This paper outlines the various technical measures that are currently available, and describes how each can play a role in the battle against spam. When combined, these measures can provide a “good enough” solution to the spam problem for e-mail users. Coupled with appropriate legislative and legal action, such measures may even help turn the tide against spammers. 1 Introduction In just a few years, spam has grown from a minor annoyance to a significant economic and social problem.
    [Show full text]