SPAM AND SPAM PREVENTION
1 WHAT IS SPAM?
• Classic definition: • Any kind of unsolicited bulk messages, unwanted by the receiver
• Cambridge dictionary: • Email that is sent to a lot of people, esp. email that is not wanted • To send someone an advertisement that they do not want by email
2 WHAT IS SPAM?
• According to Finn Brunton: “Spamming the project of leveraging information technology to exploit existing gatherings of attention”
• Other definitions: • Breakfast meat sold in tin cans • Abbreviation for Special Processed American Meat
3 MEANINGS OF SPAM
• Is spam a noun, adjective or a verb?
• It refers to exploitation, malfeasance, and bad behavior.
• Spam terminology has branched out into specific subdomains like: “Phishing spam”, “419 spam”, splogs, linkfarms, floodbots, content farms.
4 HISTORY OF SPAM
• The three epochs of spam: 1. The first from 1970s – 1995 • During this time spam in this context was loud annoying messages 2. The second phase from 1995 – 2003 • Privatization of network • Passage of CAN-SPAM Act in the United States 3. The most recent phase from 2003 – present day • Algorithms and human attention • Adoption of powerful spam filters 5 SPAM STATISTICS
• Out of the emails that people receive daily, about 85% are spam That is about 122.3 billion email spam messages
• The most common source: • 10.85% come from IPs based in the United States • 23.52% originated from Russia (largest source of spam unsolicited emails sent)
6 SPAM STATISTICS 2019 VS 2020
2019: 2020: • 50,37% of emails were spam (6,14 • Most common spam: Nigerian Prince spam decrease) • Americans faced a fatality of $703,000 to this • Most originated from Russia (21,27%) type of fraud. • Kaspersky solutions detected • 56,51% of emails were spam 184,435,643 malicious attachments.
• Most originated from China (21,26%) • The Kaspersky Anti-Phishing component • The Anti-Phishing system triggered blocked 434,898,635 attempts at 467,188,119 times. accessing scam websites.
7 MOST COMMON SPAM CONTENT WORLDWIDE
JobsOther Finance 2% 2% 3% Scams 5%
Stocks Dating 0% Malware 8% 0% Health 39%
Phishing 9%
Extortion 10%
Adult Products 10% 12% 8 WHAT KINDS OF SPAM ARE THERE?
• UCE: • “Unsolicited Commercial Emails” • Commercial intention • Used as a direct marketing tool by companies to reach potential customers • Usually sent by spammers • 66% of email traffic
9 WHAT KINDS OF SPAM ARE THERE?
• Non-commercial advertising • Spam can also be used for political, cultural and even religious purposes • Not commercial-oriented • Cyberthreats • Propagating prohibited content such as pornography
10 MEDIUMS OF SPAM
• Email Spam • Spam forwarded through email to thousands of recipients • Could follow commercial and non-commercial intent • Examples: • 419 scam • Phising emails: • Victims are tricked into giving up personal and sensitive information • Email spoofing 11 MEDIUMS OF SPAM
• Malspam • Depends on social engineering • Essentially email spam that delivers malware • May contain files with malware attachments, malicious URL or phishing messages
12 MEDIUMS OF SPAM
• Negative SEO Attack • Carried out by both hackers and spammers • Sabotage search rankings of competitor sites • Spam delivered with link pointing to competitor’s site • Causes a drop in search engine rankings
13 MEDIUMS OF SPAM
• Comment Spam • A form of SEO technique • Spammers or spambots post unsolicited content on forums, social networks, blogs, etc. • Suspicious email address, username or links
14 MEDIUMS OF SPAM
• Trackback Spam • WordPress’ definition of trackback: • “Trackbacks are a way to notify legacy blog systems that you’ve linked to them.” • Great way to reach a wider audience • Once trackback is linked anyone (both spammers and legitimate people) can link to one’s website on their own site • Mostly done through comments on blogposts
15 SPAM PREVENTION
• How Users can combat Spam Mail
• How Admins can combat Spam Mail
• Spam Filters
• Other Ideas
16 HOW USERS CAN COMBAT SPAM MAIL
• Keep Email Address secret • Recipients in BCC • Do not sign up to newsletters • Do not show them publicly • Address Munging • Address in picture • [email protected] to test(at)mail.com • Don’t click on links/open attachments – Report Spam Mail! 17 HOW USERS CAN COMBAT SPAM MAIL
• Use Email Filters
• Antivirus Software with Mail-Antivirus
• Deactivate HTML Emails • Does not avoid spam
• Use disposable Email Addresses 18 HOW ADMINS CAN COMBAT SPAM MAIL
• Black- and Whitelisting
• Greylisting • First email from a new sender is rejected • Accepted at the next try
• Authentication • Identify if a user is legitimate • SPF, DKIM, DMARC – make spoofing addresses harder 19 HOW ADMINS CAN COMBAT SPAM MAIL
• Challenge-Response Authentication • CAPTCHA, Mutual Authentication, … • Simple to do once – harder in large numbers • If the action was performed the user is whitelisted
• Spam Trapping • Email Address in source HTML (not displayed on web page) • If Email is sent it’s most likely a spammer 20 SPAM FILTERS
• Checksum-based Filtering • Spam sent out in large numbers is almost identical • Varying parts are removed • Message is reduced to a checksum • Checksum is looked up in database • Spammers use Hash Busters • Randomly adds characters • Changes hashsum 21 SPAM FILTERS
• Country-based Filtering • Blocks Emails from certain countries • Determined by the sender’s IP Address
• URL Filtering • Spam/Phishing mails generally contain links • URLs are extracted and looked up in databases
22 SPAM FILTERS
• Rule-based Filtering • List of words or expressions • Checking the Header • RFC 5322 Standard has to be met (how the header has to be formed)
23 SPAM FILTERS
• Statistical / Bayes Filtering • Probability of message being spam is calculated (Bayes’ Theorem) • If a certain threshold is exceeded, it’s marked as spam • Users mark spam mails – Software learns from decisions
24 SPAM FILTERS
• Egress Spam Filtering • Incoming and outgoing mails are checked • Protects the reputation
• Hybrid Filtering • Several filters are used • Numerical score for each test and scores are added up • If the total exceeds a fixed value, it’s marked as spam 25 OTHER IDEAS
• Cost-based System • Electronic stamps • Sending a large number of Emails is expensive
• Stricter legal measures • Criminalized in many countries • Rules for legitimate bulk email
26 PROJECT
• Testing Spam Filters under equal conditions • Creating several email addresses • Signing up to newsletters • Creating spam mail • Spam words • Attachment (.exe) • Compare the providers and rank them
27 PROVIDERS
• Gmail • Gmail with MailWasher Most popular email • Outlook providers in the world • Yahoo
• Protonmail Encrypted email • Yandex Russian provider
28 CREATING SPAM EMAILS
• Main idea: use as many spam words as possible to trigger the spam filters
• For example: • Kostenlos, 100% unentgeltlich, gratis testen, spezialangebot, bankkarte, sie würden augewählt, diät, Xanax, streamen…
29 30 CREATING SPAM EMAILS
• Check for: 1. Does the filter even work? 2. Subject vs content 3. Does language play a role?
31 CREATING SPAM EMAILS
• To test this our spam emails consisted of: 1. Create email with just spam words 2. Subject vs content • Subject→ Create email with spam word as subject with normal email content • Content→ Create email with spam words in the content and not in the subject 3. Create the same spam email but in different languages
32 RESULTS
• Our ranking: 1. Yandex Mail 2. Protonmail 3. Outlook 4. Gmail (with and without MailWasher) 5. Yahoo
33 RESULTS
• Yandex Mail • Marked all the mails we created as spam • Sender address blacklisted • Account suspended
• Protonmail • Second best in marking mail as spam • Removes potentially dangerous attachments 34 RESULTS
• Outlook • Marked German mail as spam (but not the English and Korean versions) • Dangerous attachments can‘t be downloaded/opened
• Gmail • MailWasher (Free Version) didn‘t make a difference • Does not receive emails with dangerous attachments
35 RESULTS
• Yahoo • No mails marked as spam • Only provider that lets us download a potentially dangerous attachment • Marked newsletter mails as spam
36 SOURCES
• https://securelist.com/spam-and-phishing-in-2020/100512/ • https://blog.hubspot.de/marketing/e-mail-spam-woerter • https://de.wikipedia.org/wiki/Bayesscher_Spamfilter
37