anti spam 101 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Anti-Spam 101 PowerPoint Presentation
Download Presentation
Anti-Spam 101

Loading in 2 Seconds...

play fullscreen
1 / 59

Anti-Spam 101 - PowerPoint PPT Presentation


  • 330 Views
  • Uploaded on

Anti-Spam 101 Overview What is spam? Who are the spammers? How do you get ON spam lists? How can you avoid getting on the lists? Helping others (and yourself) avoid spam How to get OFF spam lists Extra efforts: things worth knowing Extended session for those needing extra help

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Anti-Spam 101' - PamelaLan


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
overview
Overview
  • What is spam? Who are the spammers?
  • How do you get ON spam lists?
  • How can you avoid getting on the lists?
  • Helping others (and yourself) avoid spam
  • How to get OFF spam lists
  • Extra efforts: things worth knowing
  • Extended session for those needing extra help
constraints
Constraints
  • We have a lot to cover in a limited time
  • We won’t go deep (unless in Q&A)
  • We will provide starting points and practical “do it now” suggestions
warning this is a very difficult delicate subject
WarningThis is a very difficult/delicate subject
  • I may insult somebody in this presentation
    • You
    • Your friends
    • Your family
    • Your co-workers
    • Me
  • Spam is largely a result of doing Stupid uneducated things
let s get educated
Let’s get educated
  • Do I owe anyone an apology? Yet?
a bit of history
A bit of history
  • I did a talk on spam in 2000
  • At that time, Perimeter was receiving under 100 TOTAL spam messages per day
  • We started looking for a solution to what seemed a “big” problem
fast forward january 2003
Fast forward - January 2003
  • Of 2000-3000 messages per day, 500-800 were spam
  • 20-25% of all received
july 2003
July 2003
  • Typical day, we received about 3000-5000 messages
  • 30-40% were spam!
  • Weekends, with legitimate mail volume down, spam was about 60-70%
  • Some users received over 200 per day!
june 2005
June 2005
  • Typical day, we received about 5000-7000 messages
  • 65+% were spam!
  • Weekends were about 85-90%
  • Staff aren’t seeing much of the junk – thanks Barracuda
may 2006 typical
May, 2006 (typical)
  • 6000-8000 incoming messages per day
  • 4000-5500 instantly rejected as spam (70-85%)
  • 150-300 “suspicious”
  • 1800-2500 actually delivered
  • Weekends have less legitimate mail; not much change in the junk! (90+% spam)
  • We know we’re not catching everything
some simple loose definitions
Some simple (loose) definitions
  • SPAM: Junk mail you don’t want
    • Trying to sell you something
    • Or trying to get you to take some action
  • UCE: Unsolicited Commercial Email
    • The official name; minor technical variance
  • Viruses (including Trojans, time bombs, worms, etc.): programs that intend harm. These are NOT spam!
commercial email
Commercial Email
  • Is there such a thing as legitimate (Solicited) Commercial Email?
  • Probably
    • Subscriptions you ask for:
      • CNN, Fox, WSB
      • Christianity Today
      • Family Life Today
      • American Airlines, Delta, Church newsletters
      • Etc.
commercial email cont
Commercial email (cont)
  • If you quit wanting email you asked for, that does NOT make it spam!
  • You need to unsubscribe
  • Please don’t treat as spam – you might mess up other people who still want these mailings
more definitions
More definitions
  • Urban Legends: Stories that are fascinating and sound true
    • But usually aren’t
  • Hoaxes: Somewhere between spam and Urban Legend; especially virus hoaxes
  • Chain Mail: "forward this to everyone you know.” Often an Urban Legend or Hoax
  • Phishing: specific intent to gather [steal] personal data
aside
Aside
  • Possible urban legends, etc. Check out on snopes before distributing
  • http://www.snopes.com
some facts about spammers
Some “facts” about spammers
  • They lie!
  • They sell your email address to others
  • They don’t care [much] about dead addresses (NDRs)
  • They use many “harvesting” tools
  • Most have little morality
  • A few are unfortunates who have been duped by “you too can get rich using the Internet”
lie is a strong word
“Lie” is a strong word
  • I believe it’s the right word
  • We (users) often fall for these lies. In particular:
    • A spam message often starts with “you are receiving this because you asked for it.”
    • It often ends with “click here to remove yourself.”
  • Is #1 a lie? Then why do you believe #2?
anti spam 101 specifics
Anti-spam 101 specifics
  • Handout 10 parallels this presentation
how do you get on a spammer s list
How do you get on a spammer’s list?
  • Often, voluntarily!
    • Well, sometimes people do silly things
    • Especially when the word “free” is used
  • By registering on questionable sites
  • By not reading carefully
  • By exposing your email address on ANY web site
how do you get on cont
How do you get on? (cont.)
  • By falling for hoaxes
    • If you forward this … you’ll receive $$$ ...
    • Responding to scams/probes
    • Responding to spam!
  • Watch out for joke lists
    • And “fun” lists
  • Choosing your family and friends unwisely
    • This may take some explaining
how spammers harvest emails
How spammers harvest emails
  • Spammers have plenty of tools for finding new addresses
  • They scan many document sources extracting email addresses
  • They add those addresses to their lists
  • And sell them to other spammers
harvesting cont
Harvesting (cont.)
  • Where do they get the sources for harvesting?
  • From you. (certainly not)
  • What about your friends? And family?
  • Anyone who “exposes” a lot of addresses is a problem
    • Mass forwarders
harvesting cont27
Harvesting (cont.)
  • Exposed addresses
    • How about hoaxes of the “forward this to your friends” type?
    • Those emails that ask you to add your friends’ emails for pyramid schemes
  • EXPECT that a spammer ultimately will see these messages
  • AND extract the emails
virus spam overlap
Virus/spam overlap
  • Some recent viruses seem to have been written specifically to help expose email addresses
  • Spammers picked up those addresses
practical avoidances
Practical avoidances
  • Do a web search for your own email address
    • At Perimeter, you have several. Check them all
    • If you find your email address on the web, you can expect spammers will too, eventually
  • Avoid “forward this to everyone you know” messages
    • Don’t send them
    • Look out when you receive them
avoidances cont
Avoidances (cont.)
  • Hide addresses when emailing
  • Use disposable email addresses for potentially risky needs
  • Use reply-to-all sparingly, or better, not at all
  • Beware using your email address on behalf of your children or others; especially having them use your email address
home avoidances obvious
Home Avoidances(obvious?)
  • Use Anti-virus software and keep it up-to-date. (daily updates to pattern files!)
  • Use an anti-spyware tool
  • Use multiple login accounts – avoid “administrator” settings
  • SpamAware, AVG – good, cheap (free!)
so what s the point
So what’s the point?
  • Choose your friends well
  • Teach the benefits of BCC
  • AND hoax/Urban Legend research
  • AND cleaning up addresses in forwards
  • Or better yet…
    • Teach your friends not to forward
  • Easy, right?
can you be part of the solution
Can you be part of the solution?
  • Teach other about hiding addresses
  • Teach others about phishing
  • Teach others NOT to reply to spam
  • Teach other NOT to mass forward
  • Avoid trivial email messages, including attachment only email. Teach others the same
  • Avoid “killer” subjects and phrases
one more consideration
One more consideration
  • What about Plaxo and Jigsaw and similar services for keeping up with email addresses?
  • My opinion: Risky! Some disagree. Caveat Emptor. Oh, wait, it’s free! Hmmm…
how do you get off spam lists
How do you get off spam lists?
  • I have bad news:

You don’t!

  • You especially don’t get off by trying to unsubscribe
    • That can often make things worse
    • Remember – they are liars
what can you do
What can you do?
  • Switch to a new email address (alias)
  • Carefully inform others of the new address
  • Wean yourself from the old address
    • How quickly can you afford to do this?
  • Don’t expect it to be painless
good email messages
Good email messages
  • Non-trivial subjects
  • Subject doesn’t start with hi, hello, or hey
    • Worse if that’s the entire subject!
  • Non-trivial message text
  • NOT just an attachment (including pictures)
  • If replying, include the original, or extracts
    • But, of course, suppressing email addresses
email headers
Email Headers
  • Handout 11 is stuff most people don’t want to know
  • Sometimes you need to know it
  • What about non-Outlook users?
learn all your email aliases does this apply to your church
Learn all your email aliases(does this apply to your church?)
  • See handout 12
  • As a Perimeter staff member, you have a lot of email addresses, all coming to a single mailbox
  • You can have more (why!?)
    • You can use “disposable” addresses
looking at your addresses one of many ways exchange assumed
Looking at your addresses(one of many ways – Exchange assumed)

Click the Address Book Icon

Find Your Name

tom can receive email as
Tom can receive email as:

tomm@perimeter.org

tommullis@perimeter.org

tom.mullis@perimeter.org

tmullis@perimeter.org

The upper case SMTP indicates the outbound address to be used: TomM

Note: email addresses are case-insensitive

summary
Summary
  • We’ve talked about spam, and spammers
  • How you get ON spam lists
  • How can you avoid getting on the lists
    • For yourself and others
  • Getting OFF spam lists – it doesn’t happen
  • Extra efforts: things worth knowing
extended session
Extended Session
  • Special invitation to our own “dirty dozen”
  • Others are welcomed to stay
  • Taking the hard steps to get away from “lost cause” email addresses
other dangers
Other dangers?
  • Can you think of any other ways you ended up on spam lists?
steps for abandoning a heavily spammed email address
Steps for abandoning a heavily spammed email address
  • IT will work with you to establish a ‘new’ email alias. Suggestion: Firstname.Lastname@perimeter.org
    • Example: Tom.Mullis@perimeter.org
    • We’re OK with something else
  • IT will switch this to become your primary email address
    • Note: This has very little effect, only OUT-going email will have any changed appearance, only for those really paying attention
abandonment steps cont
Abandonment steps (cont.)
  • Carefully start giving this email address to your
    • Avoid the things that caused the original problems
  • Change items on the web and printed materials that have your old address
    • Be sure to encrypt addresses on the web
abandonment steps cont51
Abandonment steps (cont.)
  • When you’re ready…part 1…
    • IT will create an Outlook Public folder and give it your old email address
    • You need to review that folder occasionally for the good email remaining
    • Cautiously notify the senders of your new, preferred, address
abandonment steps cont52
Abandonment steps (cont.)
  • When you’re ready…part 2…
  • Once the Public Folder quits having value:
    • IT will disconnect the old email address
    • Any future mail to the old (bad) address will be bounced
additionally
Additionally
  • If you absolutely must give your email address in risky situations:
    • IT can create an alternate, “disposable,” alias
    • Use it whenever you don’t care about responses received
    • When/if that address is spammed, we can drop it and provide another
      • Or, alternatively, use the Public Folder concept, again
    • We can give you more than one “disposable”
while transitioning
While transitioning…
  • Please keep reporting spam and not spam
  • You, collectively, are our best source
handouts 13 14
Handouts 13 & 14
  • Possible friendly responses to your friends and family
what s the next action
What’s the next action?
  • Any “take-aways?”
  • Please record on your My Actions sheet
how are we doing

How are we doing?

Time?

Content?

Depth?

Value?