150 likes | 479 Vues
The Costs of Spam The costs involved in processing and storing spam for WiscMail and WiscMail Plus Outline Spam volumes Spam storage costs Solutions – spam volumes Solutions – spam storage More solutions Anti-Spam Working Group Spam Volumes 6 million messages/day
E N D
The Costs of Spam The costs involved in processing and storing spam for WiscMail and WiscMail Plus
Outline • Spam volumes • Spam storage costs • Solutions – spam volumes • Solutions – spam storage • More solutions • Anti-Spam Working Group
Spam Volumes • 6 million messages/day • Spam volumes are up 300% since early 2006 • Non-Spam volumes are up 50% in the same period
Spam Volumes • Why have the spam volumes increased? • Botnets • Millions of ‘zombie’ computers are able to keep ahead of DNS blacklists • Successful spammers • Image Spam is hard to detect • Spam profits lead to innovation • Reaction to Anti-Spam • Greylisting is rumored to have doubled spam volumes
Spam Storage Costs • Spam storage costs are small • About 250 GB (4% of total) • Users tend to empty Junk Mail often • Spam in Junk Mail folders is deleted after 15 days of age • New feature! – users can specify a lower threshold • Aggressively blocking or deleting spam may end up costing more in support costs than it will save in storage costs
Spam Storage Costs • Legitimate Email is fueling storage costs • 96% of storage costs • Steady 40% yearly increase • Larger attachment sizes • Email is increasingly relied on for long term storage of knowledge • Abandoned accounts are a small factor • 450 accounts * 100 MB = 45 GB • Needs to be addressed before more quota is given
Solutions – Spam Volumes It is impossible to reduce the spam volumes. Potential solutions only really optimize our resources by changing the way we process spam. • Blocking – Reputation Services • Refuse to communicate with sources that are on public blacklists • High false positive rate – increases support costs • Greylisting • Don’t accept any mail on the first attempt • Leads to large mail delays – many hours
Solutions – Spam Volumes • GROSS • GReylisting Of Suspicious Sources • Compromise of greylisting and blocking • Caveats • Still have to dedicate server resources to determine if the source is “suspicious” • Spammers will adapt – so we need to be flexible enough to adapt too • Does not save us much on storage costs
Solutions – Spam Volumes • Don’t send spam through WiscList • Prevents 30,000 messages from turning into 500,000 messages • Don’t forward spam to other domains • Keeps our servers off blacklists which prevents our legitimate mail from being blocked or deleted • Optimize internal email flow • Recent server upgrades have enabled us to limit impact of spam attacks from affecting internal email
Solutions – Spam Storage • Junk Mail retention • Let users choose a lower retention • Popular feature, but may only save us 1% in storage • Delete incoming highly rated spam • Not recommended – it would cost us more in support costs involved with tracking down “lost messages” than it will save us in storage costs
More Solutions • “Submit Spam” button in webmail • Gives us better detection • Decoy MX • Mislead the misbehaving spammers • Identify Internal Abuse • Find ways to detect compromised accounts used for spamming • Determine what action to take • Be flexible and open minded to new ways to thwart Spam • There is no FUSSP (Final Ultimate Solution to the Spam Problem)
Anti-Spam Working Group • Anti-Spam Best Practices • Group of campus email administrators have met a few times to talk about anti-spam issues • Plan to meet semi-regularly • http://www.doit.wisc.edu/wiscmail/antispam_best_practices/
Jesse Thompson • jesse.thompson@doit.wisc.edu • Pat Brennan • pat.brennan@doit.wisc.edu