sign in sign up
<<
Home , Address munging

SPAM AND SPAM PREVENTION

1 WHAT IS SPAM?

• Classic definition: • Any kind of unsolicited bulk messages, unwanted by the receiver

• Cambridge dictionary: • that is sent to a lot of people, esp. email that is not wanted • To send someone an advertisement that they do not want by email

2 WHAT IS SPAM?

• According to Finn Brunton: “ the project of leveraging information technology to exploit existing gatherings of attention”

• Other definitions: • Breakfast meat sold in tin cans • Abbreviation for Special Processed American Meat

3 MEANINGS OF SPAM

• Is spam a noun, adjective or a verb?

• It refers to exploitation, malfeasance, and bad behavior.

• Spam terminology has branched out into specific subdomains like: “ spam”, “419 spam”, splogs, linkfarms, floodbots, content farms.

4 HISTORY OF SPAM

• The three epochs of spam: 1. The first from 1970s – 1995 • During this time spam in this context was loud annoying messages 2. The second phase from 1995 – 2003 • Privatization of network • Passage of CAN-SPAM Act in the United States 3. The most recent phase from 2003 – present day • Algorithms and human attention • Adoption of powerful spam filters 5 SPAM STATISTICS

• Out of the that people receive daily, about 85% are spam That is about 122.3 billion messages

• The most common source: • 10.85% come from IPs based in the United States • 23.52% originated from Russia (largest source of spam unsolicited emails sent)

6 SPAM STATISTICS 2019 VS 2020

2019: 2020: • 50,37% of emails were spam (6,14 • Most common spam: Nigerian Prince spam decrease) • Americans faced a fatality of $703,000 to this • Most originated from Russia (21,27%) type of fraud. • Kaspersky solutions detected • 56,51% of emails were spam 184,435,643 malicious attachments.

• Most originated from China (21,26%) • The Kaspersky Anti-Phishing component • The Anti-Phishing system triggered blocked 434,898,635 attempts at 467,188,119 times. accessing scam websites.

7 MOST COMMON SPAM CONTENT WORLDWIDE

JobsOther Finance 2% 2% 3% Scams 5%

Stocks Dating 0% Malware 8% 0% Health 39%

Phishing 9%

Extortion 10%

Adult Products 10% 12% 8 WHAT KINDS OF SPAM ARE THERE?

• UCE: • “Unsolicited Commercial Emails” • Commercial intention • Used as a direct marketing tool by companies to reach potential customers • Usually sent by spammers • 66% of email traffic

9 WHAT KINDS OF SPAM ARE THERE?

• Non-commercial advertising • Spam can also be used for political, cultural and even religious purposes • Not commercial-oriented • Cyberthreats • Propagating prohibited content such as pornography

10 MEDIUMS OF SPAM

• Email Spam • Spam forwarded through email to thousands of recipients • Could follow commercial and non-commercial intent • Examples: • 419 scam • Phising emails: • Victims are tricked into giving up personal and sensitive information • Email spoofing 11 MEDIUMS OF SPAM

• Malspam • Depends on social engineering • Essentially email spam that delivers malware • May contain files with malware attachments, malicious URL or phishing messages

12 MEDIUMS OF SPAM

• Negative SEO Attack • Carried out by both hackers and spammers • Sabotage search rankings of competitor sites • Spam delivered with link pointing to competitor’s site • Causes a drop in search engine rankings

13 MEDIUMS OF SPAM

• Comment Spam • A form of SEO technique • Spammers or post unsolicited content on forums, social networks, blogs, etc. • Suspicious , username or links

14 MEDIUMS OF SPAM

• Trackback Spam • WordPress’ definition of trackback: • “Trackbacks are a way to notify legacy blog systems that you’ve linked to them.” • Great way to reach a wider audience • Once trackback is linked anyone (both spammers and legitimate people) can link to one’s website on their own site • Mostly done through comments on blogposts

15 SPAM PREVENTION

• How Users can combat Spam Mail

• How Admins can combat Spam Mail

• Spam Filters

• Other Ideas

16 HOW USERS CAN COMBAT SPAM MAIL

• Keep Email Address secret • Recipients in BCC • Do not sign up to newsletters • Do not show them publicly • Address Munging • Address in picture • [email protected] to test(at)mail.com • Don’t click on links/open attachments – Report Spam Mail! 17 HOW USERS CAN COMBAT SPAM MAIL

• Use Email Filters

• Antivirus Software with Mail-Antivirus

• Deactivate HTML Emails • Does not avoid spam

• Use disposable Email Addresses 18 HOW ADMINS CAN COMBAT SPAM MAIL

• Black- and Whitelisting

• Greylisting • First email from a new sender is rejected • Accepted at the next try

• Authentication • Identify if a user is legitimate • SPF, DKIM, DMARC – make spoofing addresses harder 19 HOW ADMINS CAN COMBAT SPAM MAIL

• Challenge-Response Authentication • CAPTCHA, Mutual Authentication, … • Simple to do once – harder in large numbers • If the action was performed the user is whitelisted

• Spam Trapping • Email Address in source HTML (not displayed on web page) • If Email is sent it’s most likely a spammer 20 SPAM FILTERS

• Checksum-based Filtering • Spam sent out in large numbers is almost identical • Varying parts are removed • Message is reduced to a checksum • Checksum is looked up in database • Spammers use Hash Busters • Randomly adds characters • Changes hashsum 21 SPAM FILTERS

• Country-based Filtering • Blocks Emails from certain countries • Determined by the sender’s IP Address

• URL Filtering • Spam/Phishing mails generally contain links • URLs are extracted and looked up in databases

22 SPAM FILTERS

• Rule-based Filtering • List of words or expressions • Checking the Header • RFC 5322 Standard has to be met (how the header has to be formed)

23 SPAM FILTERS

• Statistical / Bayes Filtering • Probability of message being spam is calculated (Bayes’ Theorem) • If a certain threshold is exceeded, it’s marked as spam • Users mark spam mails – Software learns from decisions

24 SPAM FILTERS

• Egress Spam Filtering • Incoming and outgoing mails are checked • Protects the reputation

• Hybrid Filtering • Several filters are used • Numerical score for each test and scores are added up • If the total exceeds a fixed value, it’s marked as spam 25 OTHER IDEAS

• Cost-based System • Electronic stamps • Sending a large number of Emails is expensive

• Stricter legal measures • Criminalized in many countries • Rules for legitimate bulk email

26 PROJECT

• Testing Spam Filters under equal conditions • Creating several email addresses • Signing up to newsletters • Creating spam mail • Spam words • Attachment (.exe) • Compare the providers and rank them

27 PROVIDERS

• Gmail • Gmail with MailWasher Most popular email • Outlook providers in the world • Yahoo

• Protonmail Encrypted email • Yandex Russian provider

28 CREATING SPAM EMAILS

• Main idea: use as many spam words as possible to trigger the spam filters

• For example: • Kostenlos, 100% unentgeltlich, gratis testen, spezialangebot, bankkarte, sie würden augewählt, diät, Xanax, streamen…

29 30 CREATING SPAM EMAILS

• Check for: 1. Does the filter even work? 2. Subject vs content 3. Does language play a role?

31 CREATING SPAM EMAILS

• To test this our spam emails consisted of: 1. Create email with just spam words 2. Subject vs content • Subject→ Create email with spam word as subject with normal email content • Content→ Create email with spam words in the content and not in the subject 3. Create the same spam email but in different languages

32 RESULTS

• Our ranking: 1. Yandex Mail 2. Protonmail 3. Outlook 4. Gmail (with and without MailWasher) 5. Yahoo

33 RESULTS

• Yandex Mail • Marked all the mails we created as spam • Sender address blacklisted • Account suspended

• Protonmail • Second best in marking mail as spam • Removes potentially dangerous attachments 34 RESULTS

• Outlook • Marked German mail as spam (but not the English and Korean versions) • Dangerous attachments can‘t be downloaded/opened

• Gmail • MailWasher (Free Version) didn‘t make a difference • Does not receive emails with dangerous attachments

35 RESULTS

• Yahoo • No mails marked as spam • Only provider that lets us download a potentially dangerous attachment • Marked newsletter mails as spam

36 SOURCES

• https://securelist.com/spam-and-phishing-in-2020/100512/ • https://blog.hubspot.de/marketing/e-mail-spam-woerter • https://de.wikipedia.org/wiki/Bayesscher_Spamfilter

37