html5-img
1 / 59

Anti-Spam 101

Anti-Spam 101. Overview. What is spam? Who are the spammers? How do you get ON spam lists? How can you avoid getting on the lists? Helping others (and yourself) avoid spam How to get OFF spam lists Extra efforts: things worth knowing Extended session for those needing extra help.

bevis-acevedo
Télécharger la présentation

Anti-Spam 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anti-Spam 101

  2. Overview • What is spam? Who are the spammers? • How do you get ON spam lists? • How can you avoid getting on the lists? • Helping others (and yourself) avoid spam • How to get OFF spam lists • Extra efforts: things worth knowing • Extended session for those needing extra help

  3. Constraints • We have a lot to cover in a limited time • We won’t go deep (unless in Q&A) • We will provide starting points and practical “do it now” suggestions

  4. WarningThis is a very difficult/delicate subject • I may insult somebody in this presentation • You • Your friends • Your family • Your co-workers • Me • Spam is largely a result of doing Stupid uneducated things

  5. Let’s get educated • Do I owe anyone an apology? Yet?

  6. A bit of history • I did a talk on spam in 2000 • At that time, Perimeter was receiving under 100 TOTAL spam messages per day • We started looking for a solution to what seemed a “big” problem

  7. Fast forward - January 2003 • Of 2000-3000 messages per day, 500-800 were spam • 20-25% of all received

  8. July 2003 • Typical day, we received about 3000-5000 messages • 30-40% were spam! • Weekends, with legitimate mail volume down, spam was about 60-70% • Some users received over 200 per day!

  9. June 2005 • Typical day, we received about 5000-7000 messages • 65+% were spam! • Weekends were about 85-90% • Staff aren’t seeing much of the junk – thanks Barracuda

  10. May, 2006 (typical) • 6000-8000 incoming messages per day • 4000-5500 instantly rejected as spam (70-85%) • 150-300 “suspicious” • 1800-2500 actually delivered • Weekends have less legitimate mail; not much change in the junk! (90+% spam) • We know we’re not catching everything

  11. Some quick Perimeter Spam Statistics

  12. ~10:55 AM 5/15/2006

  13. What is spam? Who sends it?

  14. Some simple (loose) definitions • SPAM: Junk mail you don’t want • Trying to sell you something • Or trying to get you to take some action • UCE: Unsolicited Commercial Email • The official name; minor technical variance • Viruses (including Trojans, time bombs, worms, etc.): programs that intend harm. These are NOT spam!

  15. Commercial Email • Is there such a thing as legitimate (Solicited) Commercial Email? • Probably • Subscriptions you ask for: • CNN, Fox, WSB • Christianity Today • Family Life Today • American Airlines, Delta, Church newsletters • Etc.

  16. Commercial email (cont) • If you quit wanting email you asked for, that does NOT make it spam! • You need to unsubscribe • Please don’t treat as spam – you might mess up other people who still want these mailings

  17. More definitions • Urban Legends: Stories that are fascinating and sound true • But usually aren’t • Hoaxes: Somewhere between spam and Urban Legend; especially virus hoaxes • Chain Mail: "forward this to everyone you know.” Often an Urban Legend or Hoax • Phishing: specific intent to gather [steal] personal data

  18. Aside • Possible urban legends, etc. Check out on snopes before distributing • http://www.snopes.com

  19. Some “facts” about spammers • They lie! • They sell your email address to others • They don’t care [much] about dead addresses (NDRs) • They use many “harvesting” tools • Most have little morality • A few are unfortunates who have been duped by “you too can get rich using the Internet”

  20. “Lie” is a strong word • I believe it’s the right word • We (users) often fall for these lies. In particular: • A spam message often starts with “you are receiving this because you asked for it.” • It often ends with “click here to remove yourself.” • Is #1 a lie? Then why do you believe #2?

  21. Anti-spam 101 specifics • Handout 10 parallels this presentation

  22. How do you get on a spammer’s list? • Often, voluntarily! • Well, sometimes people do silly things • Especially when the word “free” is used • By registering on questionable sites • By not reading carefully • By exposing your email address on ANY web site

  23. How do you get on? (cont.) • By falling for hoaxes • If you forward this … you’ll receive $$$ ... • Responding to scams/probes • Responding to spam! • Watch out for joke lists • And “fun” lists • Choosing your family and friends unwisely • This may take some explaining

  24. How spammers harvest emails • Spammers have plenty of tools for finding new addresses • They scan many document sources extracting email addresses • They add those addresses to their lists • And sell them to other spammers

  25. Harvesting (cont.) • Where do they get the sources for harvesting? • From you. (certainly not) • What about your friends? And family? • Anyone who “exposes” a lot of addresses is a problem • Mass forwarders

  26. Harvesting (cont.) • Exposed addresses • How about hoaxes of the “forward this to your friends” type? • Those emails that ask you to add your friends’ emails for pyramid schemes • EXPECT that a spammer ultimately will see these messages • AND extract the emails

  27. Virus/spam overlap • Some recent viruses seem to have been written specifically to help expose email addresses • Spammers picked up those addresses

  28. Practical avoidances • Do a web search for your own email address • At Perimeter, you have several. Check them all • If you find your email address on the web, you can expect spammers will too, eventually • Avoid “forward this to everyone you know” messages • Don’t send them • Look out when you receive them

  29. Avoidances (cont.) • Hide addresses when emailing • Use disposable email addresses for potentially risky needs • Use reply-to-all sparingly, or better, not at all • Beware using your email address on behalf of your children or others; especially having them use your email address

  30. Home Avoidances(obvious?) • Use Anti-virus software and keep it up-to-date. (daily updates to pattern files!) • Use an anti-spyware tool • Use multiple login accounts – avoid “administrator” settings • SpamAware, AVG – good, cheap (free!)

  31. So what’s the point? • Choose your friends well • Teach the benefits of BCC • AND hoax/Urban Legend research • AND cleaning up addresses in forwards • Or better yet… • Teach your friends not to forward • Easy, right?

  32. Can you be part of the solution? • Teach other about hiding addresses • Teach others about phishing • Teach others NOT to reply to spam • Teach other NOT to mass forward • Avoid trivial email messages, including attachment only email. Teach others the same • Avoid “killer” subjects and phrases

  33. One more consideration • What about Plaxo and Jigsaw and similar services for keeping up with email addresses? • My opinion: Risky! Some disagree. Caveat Emptor. Oh, wait, it’s free! Hmmm…

  34. How do you get off spam lists? • I have bad news: You don’t! • You especially don’t get off by trying to unsubscribe • That can often make things worse • Remember – they are liars

  35. What can you do? • Switch to a new email address (alias) • Carefully inform others of the new address • Wean yourself from the old address • How quickly can you afford to do this? • Don’t expect it to be painless

  36. Good email messages • Non-trivial subjects • Subject doesn’t start with hi, hello, or hey • Worse if that’s the entire subject! • Non-trivial message text • NOT just an attachment (including pictures) • If replying, include the original, or extracts • But, of course, suppressing email addresses

  37. Email Headers • Handout 11 is stuff most people don’t want to know • Sometimes you need to know it • What about non-Outlook users?

  38. Learn all your email aliases(does this apply to your church?) • See handout 12 • As a Perimeter staff member, you have a lot of email addresses, all coming to a single mailbox • You can have more (why!?) • You can use “disposable” addresses

  39. Looking at your addresses(one of many ways – Exchange assumed) Click the Address Book Icon Find Your Name

  40. Double-Click to open

  41. Click the email tab

  42. Tom can receive email as: tomm@perimeter.org tommullis@perimeter.org tom.mullis@perimeter.org tmullis@perimeter.org The upper case SMTP indicates the outbound address to be used: TomM Note: email addresses are case-insensitive

  43. Summary • We’ve talked about spam, and spammers • How you get ON spam lists • How can you avoid getting on the lists • For yourself and others • Getting OFF spam lists – it doesn’t happen • Extra efforts: things worth knowing

  44. Questions?

  45. Extended Session • Special invitation to our own “dirty dozen” • Others are welcomed to stay • Taking the hard steps to get away from “lost cause” email addresses

  46. Other dangers? • Can you think of any other ways you ended up on spam lists?

  47. Steps for abandoning a heavily spammed email address • IT will work with you to establish a ‘new’ email alias. Suggestion: Firstname.Lastname@perimeter.org • Example: Tom.Mullis@perimeter.org • We’re OK with something else • IT will switch this to become your primary email address • Note: This has very little effect, only OUT-going email will have any changed appearance, only for those really paying attention

  48. Abandonment steps (cont.) • Carefully start giving this email address to your • Avoid the things that caused the original problems • Change items on the web and printed materials that have your old address • Be sure to encrypt addresses on the web

More Related