Roskapostin Torjuntakeinot Suomalaisissa IT-Alan Yrityksissä

Total Page:16

File Type:pdf, Size:1020Kb

Roskapostin Torjuntakeinot Suomalaisissa IT-Alan Yrityksissä Roskapostin torjuntakeinot suomalaisissa IT-alan yrityksissä Markus Pyhäranta Opinnäytetyö Tietojenkäsittelyn koulutusohjelma 2019 Tiivistelmä Tekijä(t) Markus Pyhäranta Koulutusohjelma Tietojenkäsittelyn koulutusohjelma Raportin/Opinnäytetyön nimi Sivu- ja liitesi- Roskapostin torjuntakeinot suomalaisissa IT-alan yrityksissä vumäärä 135 + 82 Tutkimus toteutettiin huhti-elokuussa 2019 ja siinä tutkittiin suomalaisten IT-alan yritysten käyttämiä roskapostin torjuntakeinoja. Päämääränä oli ymmärtää paremmin roskaposti- tusta ilmiönä sekä siihen vastauksena kehitettyjä teknologioita. Yksi tavoitteista oli kerätä kyselylomakkeen avulla laaja näyte yritysten käyttämistä roskapostin torjuntakeinoista. Tu- losten pohjalta kehitettiin vertailuarvo kullekin yrityskoolle, jota voidaan käyttää organisaa- tioiden sähköpostipalveluiden kehittämiseen. Opinnäytetyön tietoperustassa käsitellään sähköpostin toimintaa tutkimusosion aihepiirin ymmärtämiseen vaadittavalla tarkkuudella. Tietoperustassa kerrotaan sähköpostiviestin ra- kenteesta, sähköposti-infrastruktuurin komponenteista, roskapostista ja sen aiheuttamista turvallisuusuhista. Lopuksi esitetään yleisesti käytettyjä roskapostin torjuntakeinoja. Tietoperustan jälkeen esitellään tutkimuksessa käytetyt aineistot ja tutkimusmenetelmät. Roskapostin torjuntaa käsiteltiin yritysten sähköpostipalvelimien ylläpitäjien näkökulmasta. 310 yritykselle lähetettiin tutkimuksessa kyselylomake, jolla kartoitettiin käytettyjä sähkö- postipalveluratkaisuja, tyytyväisyyttä palvelujen roskapostin torjuntaan ja yritysten käyttä- miä torjuntaratkaisuja. Lopulta tutkimukseen vastasi 74 suomalaista IT-alan yritystä, mikä vastasi lähes 25 % lomakkeen kaikista vastaanottajista. Hypoteesina oli, että yritykset ovat siirtäneet sähköpostipalvelunsa laajalti pilvipalvelupoh- jaisiksi, mitä tutkimustulokset tukivat. Noin 75 % kaikista vastaajista käytti pilvipalvelupoh- jaista sähköpostipalvelua. Enemmistö käytti Office 365 -palvelua yrityssähköpostiinsa ja kuvasi palvelutyytyväisyyttään keskiarvolla 4,1 asteikolla 1-5. Tyytyväisyys oli tunnetuista sähköpostipalveluista suurinta G Suite -palvelua käyttäneillä, jotka kuvasivat palvelutyyty- väisyyttään keskiarvolla 4,3. Tyypillinen vastaaja torjui roskapostia sen lähteen ja sisällön perusteella kolmella eri tekniikalla sähköpostipalveluunsa kuuluvien oletustekniikoiden ohella. Lisäksi vastaaja varmisti sähköpostin ja lähettäjän todennuksen sekä palvelun ole- tustekniikoilla että kahdella muulla menetelmällä. Tulokset jaettiin omiin kappaleisiinsa yri- tyskokojen perusteella, jotta tietojen vertailu samankokoisten yritysten välillä olisi helpom- paa. Opinnäytetyö päättyy pohdintaosioon, jossa käsitellään tutkimustulosten merkitystä, tulos- ten luotettavuutta ja tutkimuksen onnistumista. Yrityksille esitetään myös suosituksia tutki- mustulosten pohjalta. Lopuksi tarkastellaan opinnäytetyön tekijän oppimista ja kehitystä opinnäytetyöprojektin aikana. Asiasanat roskaposti, torjuntakeinot, suodatus, todennus, sähköposti, kyselytutkimus Sisällys 1 Johdanto ....................................................................................................................... 1 1.1 Tutkimuksen tavoite .............................................................................................. 1 1.2 Tutkimuksen rajaus ............................................................................................... 2 1.3 Tutkimuskysymykset ja hypoteesit ........................................................................ 2 2 Käsitteet ja käännökset ................................................................................................. 4 3 Sähköpostin toiminta ..................................................................................................... 5 3.1 Sähköpostiviestin rakenne .................................................................................... 5 3.1.1 Kirjekuori .................................................................................................... 6 3.1.2 Otsaketiedot ............................................................................................... 6 3.1.3 Sisältöosa .................................................................................................. 9 3.2 Sähköpostin käyttäjäohjelma ................................................................................. 9 3.3 Sähköpostin siirto-ohjelma ja SMTP-protokolla ..................................................... 9 3.4 Sähköpostin toimitusohjelma ............................................................................... 12 3.4.1 POP3 ....................................................................................................... 12 3.4.2 IMAP ........................................................................................................ 13 3.4.3 MAPI ja EAS ............................................................................................ 13 4 Roskaposti .................................................................................................................. 14 4.1 Sisäänpäin suuntautuva roskaposti ..................................................................... 15 4.2 Ulospäin suuntautuva roskaposti ........................................................................ 15 4.3 Roskapostityypit ja roskapostitusmenetelmät ...................................................... 15 5 Roskapostintorjunta sisällön tai lähteen perusteella .................................................... 18 5.1 SMTP-liikenteen suodatus .................................................................................. 18 5.1.1 Sisäänpäin suuntautuvassa liikenteessä .................................................. 18 5.1.2 Ulospäin suuntautuvassa liikenteessä ...................................................... 19 5.2 DNS-pohjainen mustalistaus (DNSBL) ................................................................ 20 5.3 Harmaalistaus ..................................................................................................... 22 5.4 Nolisting .............................................................................................................. 23 5.5 Sähköpostin sisällönsuodatus ............................................................................. 25 5.6 Bayesilainen suodatus ........................................................................................ 26 5.7 Fyysiset roskapostisuodattimet ........................................................................... 28 5.8 Pilvipalvelupohjainen roskapostisuodatus ........................................................... 28 5.8.1 Office 365 ................................................................................................ 29 5.8.2 G Suite ..................................................................................................... 31 5.8.3 D-Fence ................................................................................................... 32 6 Lähettäjän ja viestin todentaminen sähköpostiliikenteessä .......................................... 34 6.1 Sender Policy Framework (SPF) ......................................................................... 34 6.1.1 SPF-tietueen tunnisteet ............................................................................ 35 6.1.2 SPF-tarkistus ........................................................................................... 36 6.2 Sender ID ............................................................................................................ 38 6.3 DomainKeys Identified Mail (DKIM) ..................................................................... 39 6.3.1 DKIM-tietueen tunnisteet .......................................................................... 40 6.3.2 DKIM-allekirjoituksen tunnisteet ............................................................... 41 6.3.3 DKIM-tarkistus ......................................................................................... 42 6.4 Domain-based Message Authentication, Reporting & Conformance (DMARC) ... 44 6.4.1 DMARC-tietueen tunnisteet ...................................................................... 45 6.4.2 DMARC-tarkistus ..................................................................................... 46 6.4.3 DMARC-tekniikan käyttöönoton hyvät käytänteet ..................................... 48 6.5 Authenticated Received Chain (ARC) ................................................................. 49 6.5.1 ARC-sarjojen otsakekentät ....................................................................... 49 6.5.2 ARC-tarkistus ........................................................................................... 50 7 Aiemmat tutkimukset ................................................................................................... 53 8 Aineisto ja tutkimusmenetelmät ................................................................................... 55 8.1 Aineiston keruu ................................................................................................... 55 8.2 Aineiston käsittely ............................................................................................... 57 9 Tulokset ...................................................................................................................... 59 9.1 Mikroyritykset (1-9 henkilöä) ............................................................................... 59 9.1.1 Sähköpostipalveluiden käyttöosuudet mikroyrityksissä ............................ 60 9.1.2 Palvelukohtainen tyytyväisyys
Recommended publications
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Glossary of Spam Terms
    white paper Glossary of Spam terms The jargon of The spam indusTry table of Contents A Acceptable Use Policy (AUP) . 5 Alias . 5 Autoresponder . 5 B Ban on Spam . 5 Bayesian Filtering . 5 C CAN-SPAM . 5 Catch Rate . 5 CAUSe . 5 Challenge Response Authentication . 6 Checksum Database . 6 Click-through . 6 Content Filtering . 6 Crawler . 6 D Denial of Service (DoS) . 6 Dictionary Attack . 6 DNSBL . 6 e eC Directive . 7 e-mail Bomb . 7 exploits Block List (XBL) (from Spamhaus org). 7 F False Negative . 7 False Positive . 7 Filter Scripting . 7 Fingerprinting . 7 Flood . 7 h hacker . 8 header . 8 heuristic Filtering . 8 honeypot . 8 horizontal Spam . 8 i internet Death Penalty . 8 internet Service Provider (iSP) . 8 J Joe Job . 8 K Keyword Filtering . 9 Landing Page . 9 LDAP . 9 Listwashing . 9 M Machine-learning . 9 Mailing List . 9 Mainsleaze . 9 Malware . 9 Mung . 9 N Nigerian 419 Scam . 10 Nuke . 10 O Open Proxy . 10 Open Relay . 10 Opt-in . 10 Opt-out . 10 P Pagejacking . 10 Phishing . 10 POP3 . 11 Pump and Dump . 11 Q Quarantine . 11 R RBLs . 11 Reverse DNS . 11 ROKSO . 11 S SBL . 11 Scam . 11 Segmentation . 11 SMtP . 12 Spam . 12 Spambot . 12 Spamhaus . 12 Spamming . 12 Spamware . 12 SPewS . 12 Spider . 12 Spim . 12 Spoof . 12 Spyware . 12 t training Set . 13 trojan horse . 13 trusted Senders List . 13 U UCe . 13 w whack-A-Mole . 13 worm . 13 V Vertical Spam . 13 Z Zombie . 13 Glossary of Spam terms A acceptable use policy (AUP) A policy statement, made by an iSP, whereby the company outlines its rules and guidelines for use of the account .
    [Show full text]
  • 00079-141173.Pdf (5.08
    CHRIS JAY HOOFNAGLE Adjunct Full Professor School of Information School of Law Faculty Director Berkeley Center for Law & Technology August 22, 2017 University of California, Berkeley VIA THE WEB Berkeley, CA Tel: 5 Federal Trade Commission https://hoofnagle.berkeley.edu Office of the Secretary 600 Pennsylvania Avenue NW. Suite CC–5610 (Annex B) Washington, DC 20580 Re: Comment of Chris Hoofnagle on Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN–SPAM Rule, 16 CFR part 316, Project No. R711010) Dear Mr. Brown, Thank you for soliciting public comment on the CAN–SPAM Rule. My comments below focus on the need for the CAN–SPAM Rule, the costs that spam imposes on consumers and the economy, the prospect that technical interventions on intermediaries can be effective, that spam senders strategically use transaction costs to deter recipients from opting out, that senders impose privacy penalties on those who opt out, for the FTC to consider third-party lookups for email addresses to be an aggravated violation of CAN–SPAM, to revisit that the idea of a Do-Not-Email Registry, and finally, to keep the computer science literature on spam in focus. There is a Continuing Need for the CAN–SPAM Rule Because the Injuries Caused by Spam Are Economic and Social and Are on Par with Serious Crimes In a 2001 speech, FTC Chairman Timothy Muris identified spam messages as injurious under the Commission’s “harm-based” approach.1 Today, the majority of e-mail is spam. Senders of marketing e- mails can leverage the technical and economic properties of the internet to send tens of billions of messages a day.
    [Show full text]
  • A Changing Picture
    Glossary of Email Marketing Terms Expert knowledge means success Contents 1. Introduction 1. Email Marketing Glossary 12. Further Information Glossary of Email Marketing Terms Note: This publication has not been updated • Alert - Email message that notifies since it was last published. Some of the subscribers of an event or special price. hyperlinks may have changed and may need • Alexa Ranking - A ranking by Alexa updating. In addition, some of the information Internet, Inc., a California-based in this publication may be out of date. subsidiary company of Amazon.com that is known for its toolbar and website. Once installed, the toolbar Introduction collects data on browsing behaviour In this publication, we provide an which is transmitted to the website explanation of Email Marketing terms. where it is stored and analysed and is the basis for the company's web traffic reporting. Ranking is from 1 to 20,000,000. 1 is best. Email Marketing • Alias - A unique and usually shorter URL (link) that can be distinguished from other links even if they ultimately Glossary go to the same Web page. This makes • A/B Split - Refers to a test situation in it possible to track which message led which a list is split into two pieces with viewers to click on the link. every other name being sent one • Application Program Interface specific creative, and vice versa. (API) - How a program (application) • Above the Fold - The top part of an accesses another to transmit data. A email message that is visible to the client may have an API connection to recipient without the need for scrolling.
    [Show full text]
  • the Spam-Ish Inquisition
    :: The Spam-ish Inquisition Tired of spam with everything? Don’t fritter away your time and energy on junk mail1 David Harley Andrew Lee Table of Contents Introduction 2 Defi ning Spam 2 Professional versus Amateur Spam 3 Deceptive Elements 3 Amateur Hour 5 Why “Spam”? 6 Spam and Pornography 6 Spam Attacks 7 Bombs Away 7 Address Harvesting 8 Spam Through the Ages 8 First Sightings 8 Newsgroup Spam 9 Spreading Spam 10 Spam Economics 11 Other Spam Channels 11 SPIM 12 Text Messaging Spam 12 Blog Spam 13 Index Hijacking 14 Junk Faxes 14 Spam and Scams 14 Make Money Fast 14 Advance Fee Fraud 15 Phishing Scams 16 Mule Train 18 Pump and Dump Scams 19 Chain Letters and Hoaxes 20 Spam and the Law 21 CAN-SPAM 21 European Directive 22 Spam Countermeasures 23 Blocklists 23 Reputation Services 23 Greylisting 23 Whitelisting 24 Text Filtering 24 Heuristics 24 Commercial Anti-Spam 25 Conclusion: Living Spam-Free 26 References 27 Glossary 29 White Paper: Who Will Test the Testers? 1 Introduction Spam looks like a simple enough issue until you have to try to defi ne it: after all, we all think we know it when we see it. Most people have a working defi nition along the lines of “email I don’t want.” While that’s perfectly understandable, it is diffi cult to implement technical solutions based on such a subjective defi nition. (Actually, not all spam is email based, but we’ll get back to that in a little while.) A fractionally less subjective defi nition is “email I didn’t ask for.” However, this doesn’t really meet the case either.
    [Show full text]
  • Analysis of Massive Backscatter of Email Spam
    Analysis of massive backscatter of email spam Christopher. P. Fuhrman École de technologie supérieure (ETS), Department of Software and IT Engineering, Montreal, Canada, e-mail: [email protected] Abstract—Email backscatter is a side effect of email spam, Because ISPs do not always isolate or disable the zombies viruses or worms. When a spam or virus-laden email is sent, it on their networks quickly enough, several Domain Name nearly always has a forged sender address. If this email fails to Service (DNS) Block Lists (DNSBL) have been created that reach its recipient, e.g., because the recipient’s mailbox is full keep track of the Internet Protocol (IP) addresses of known or the recipient has set up an out-of-the-office auto-responder, zombie machines. DNSBLs are updated dynamically, the recipient’s mail system may attempt to send an automated drawing their information from various sources including reply to the forged sender. This creates an unsolicited message, spam-trap addresses (bl.spamcop.net), email server logs or more generally an email backscatter, which will be sent to (backscatterer.org), and user input (njabl.org). DNSBLs can the forged sender. On massive email spam runs where the same be queried in real time, using the DNS protocol, to determine address is forged as the sender, there can be significant if a suspected IP address is that of a zombie. This is useful, backscatter to the forged address. This may sometimes result for example, when an email server receives a connection in a denial of service, because the victim’s inbox or mail system from a computer and it wants to determine if the sending is flooded with backscatter.
    [Show full text]
  • Spam Filtering for Mail Exchangers
    Spam Filtering for Mail Exchangers How to reject junk mail in incoming SMTP transactions. Tor Slettnes <[email protected]> Edited by Joost De Cock Devdas Bhagat Tom Wright Version 1.0 −− Release Edition Spam Filtering for Mail Exchangers Table of Contents Introduction.........................................................................................................................................................1 1. Purpose of this Document....................................................................................................................1 2. Audience..............................................................................................................................................1 3. New versions of this document............................................................................................................1 4. Revision History..................................................................................................................................1 5. Credits..................................................................................................................................................2 6. Feedback..............................................................................................................................................3 7. Translations..........................................................................................................................................3 8. Copyright information.........................................................................................................................3
    [Show full text]
  • Manager's Guide To
    Manager’s Guide to Coping with Spam From The Open Group Messaging Forum Prepared by Leslie Ogonowski of Johnson Consulting Copyright © 2004, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the copyright owners. The views expressed in this Guide are not necessarily those of any particular member of The Open Group. Manager’s Guide to Coping with Spam ISBN: 1-931624-37-2 Document No.: G034 Published by The Open Group, March 2004. Any comments relating to the material contained in this document may be submitted to: [email protected] ii Introduction............................................................................ 1 What is spam? ....................................................................... 3 Why should we be concerned with spam? ....................... 12 What can we do to minimize spam? .................................. 18 Best Practices...................................................................... 32 Summary .............................................................................. 35 Glossary ............................................................................... 37 iii About The Open Group The Open Group is a vendor-neutral and technology-neutral consortium, whose vision of Boundaryless Information Flow will enable access to integrated information within and between enterprises based on open
    [Show full text]
  • An Economic Map of Cybercrime (Working Paper)
    An Economic Map of Cybercrime (Working Paper) Alvaro A. C´ardenas,1 Svetlana Radosavac,2 Jens Grossklags,1 John Chuang,1 Chris Hoofnagle1 1 University of California, Berkeley 2 DOCOMO Communications Laboratories USA, Inc. 1 Introduction The rise of cybercrime in the last decade is an economic case of individuals responding to monetary and psychological incentives. Two main drivers for cybercrime can be identified: (1) the potential gains from cyberattacks are increasing with the growth of importance of the Internet, and (2) malefactors' expected costs (e.g., the penalties and the likelihood of being apprehended and prosecuted) are frequently lower compared with traditional crimes. In short, computer-mediated crimes are more convenient, and profitable, and less expensive and risky than crimes not mediated by the Internet. The increase in cybercriminal activities, coupled with ineffective legislation and ineffective law enforcement pose critical challenges for maintaining the trust and security of our computer infrastructures. Modern computer attacks encompass a broad spectrum of economic activity, where various malfeasants specialize in developing specific goods (exploits, botnets, mailers) and services (distributing malware, monetizing stolen credentials, providing web host- ing, etc.). A typical Internet fraud involves the actions of many of these individuals, such as malware writers, botnet herders, spammers, data brokers, and money launderers. Assessing the relationships among various malfeasants is an essential piece of infor- mation for discussing economic, technical, and legal proposals to address cybercrime. This paper presents a framework for understanding the interactions between these in- dividuals and how they operate. We follow three steps. First, we present the general architecture of common computer attacks, and discuss the flow of goods and services that supports the underground economy.
    [Show full text]