Spamming techniques and control
1 / 40

Spamming Techniques and Control - PowerPoint PPT Presentation

  • Uploaded on

Spamming Techniques and Control. By Neha Gupta Research Assistant, MINDLAB University of Maryland-College Park. Contents. What is Spamming? Cost, history and types of spam Spam Statistics Insight into Spammers minds Spamming tricks and techniques Spam Control Methods and Feasibility.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Spamming Techniques and Control' - roden

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Spamming techniques and control

Spamming Techniques and Control

By Neha Gupta

Research Assistant, MINDLAB

University of Maryland-College Park


  • What is Spamming?

  • Cost, history and types of spam

  • Spam Statistics

  • Insight into Spammers minds

  • Spamming tricks and techniques

  • Spam Control Methods and Feasibility

What is spamming
What is Spamming?

  • Spamming is the abuse of electronic messaging systems send unsolicited bulk messages or to promote products or services.

  • Most widely recognized abuse is email spam.

  • instant messaging spam

  • usenet newsgroup spam

  • web search engine spam-’Spamdexing’

  • spam in blogs

  • mobile phone messaging spams.

Costs of spams
Costs of Spams

  • Consumption of computer and network resources.

  • Race between spammers and those who try to control them.

  • Lost mail and lost time.

  • Cost United States organizations alone more than $10 billion in 2004.

History of spam
History of Spam

  • Internet was first established as for educational and military purpose.

  • Probably the first spam was sent by an employee of Digital Equipment Corporation on the APRANET- March 1978.

  • Cantor and Siegel posted an advertisement for "Green Card Lottery“ to 6000 newsgroups -1994.

Global spam categories
Global Spam Categories

  • Product Email Attacks

  • Financial Email Attacks

  • Adult Email Attacks

  • Scams Email Attacks

  • Health Email Attacks

  • Leisure Email Attacks

  • Internet Email Attacks

About spammers
About Spammers

  • Refer themselves as ‘bulk marketers’, ’online e-mail marketers’ ,’mail bombers’.

  • One of the main reasons people started spamming was it had an extremely low start-up cost ~ 1500 K.

Spam activities
Spam activities

  • Sending spam to sell their products

    • Examples : pirated software-easily distributable products

  • Harvesting email addresses

    • Builds lists of spams and sells to other spammers.

  • Affiliate Programs: ‘Most common types’

    • Click through rate

    • Commissions

    • Can make -150-2000$ per campaign

  • Spam tricks
    Spam Tricks

    • Top-to-bottom HTML encoding

      • Code words as individual letters

    Zero font size
    Zero Font Size

    • Embedded Image

      • Text messages are embedded in images

  • Adding spaces or characters

    • B*U*Y or B-U-Y

  • Misspelling

    • Replace ‘l’ by 1 ,’O’ by ‘0’

  • Hashing

    • Legitimate message attached with short spam message.

  • Ways to send spams bulk mails
    Ways to Send spams/bulk mails

    • Multiple ISPs

    • Spoofing Email addresses

    • Hacking/Viruses

    Using multiple isps
    Using Multiple ISPs

    • Example: spammers send short bursts of messages every 20 seconds from 6 different computers using different ISPs and in 12 hour time span can average over 1.3 million messages.

    Spoofing email addresses
    Spoofing email addresses

    • Emails use SMTP – simple mail transfer protocol, documented in RFC 821.

      • Was designed to be simple and easily usable.

  • Open Relay SMTP servers

    • No need to verify your identity

    • Operates on port 25

  • Spoofing

    >telnet 25

    220 ESMTP Sendmail 8.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -0800


    250 Hello [], pleased to meet you

    mail from:

    250 OK

    receipt to


    Blah blah blah ..


    250 OK



    • Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

    • Ebay and Paypal are two of the most targeted companies, and online banks are also common targets


    • More than 80 percent of all spam worldwide comes from zombie PCs owned by businesses, universities, and average computer owners, says MessageLabs, an e-mail security service provider.

    • Zombie PCs are computers that have been infected by malicious code that allows spammers to use them to send e-mail.

    Spam control ideas

    Content or Point Based Spam Filtering

    Postage/Stamp Based Spam Filtering

    Spam Control Ideas

    Content point based spam filtering
    Content/Point Based Spam Filtering

    • Rule Based Approach

    • Whitelist/Verification filters

    • Distributed adaptive blacklists

    • Bayesian filters

    Rule based approach
    Rule Based Approach

    • Email is compared with a set of rules to determine if it’s a spam or not with various weights given to each rule. E.g. Spam Assassin

    Spamming techniques and control

    • Disadvantages

      • No self-learning facility available for the filter.

      • Spammers with knowledge of rules can design spam to deceive the method.

    • Advantages

      • Very effective with a given set of rules/conditions

      • Accuracy 90-95%

      • No need of training

      • Rules can be updated

    Blacklist approach
    Blacklist Approach

    • Detected spammers/open relays that are found to be sources of spam are black listed

    • Blacklist can be maintained both at personal and server level.

    Spamming techniques and control


    Useful in the scenario when servers are compromised and used for sending spam to hundreds of thousands of users.

    Can be a better option when used at ISP level.

    Tools like Razor and Pyzor can be used for this purpose.


    As soon as the spammer learns that the computer is being detected he can use a different computer.

    Whitelist approach
    Whitelist Approach

    • Aggressive technique for spam filtering .

      • Used in mailing lists.example users subscribed to the mailing list can only send message to the list.

      • Any mail from an unknown email address will will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to the whitelist.

    Bayesian spam filters statistical models
    Bayesian Spam Filters(Statistical Models)

    • Use probabilistic approach

    • Have to be trained, not self learning.

    Spamming techniques and control

    • Advantages

      • Very popular

      • Can customize according to users

      • No need of a centralized mechanism

      • Everyone relies on them 

    • Disadvantages

      • False Positives

      • Based on words.

    Postage stamp method
    Postage/Stamp Method

    • Pro-active measures against spams.

    • Based on economics.

      “When sending an email to someone, the sender attaches a stamp to his message ,a token that is costly to the sender but demonstrates his good faith”

    Types of postage payment methods
    Types of Postage Payment Methods

    • Monetary Payment Method

      • First time a sender sends a message he sends some cheque redeemable as money from recipient’s stamp processing software.

      • Postage can be returned in reply.

      • After that both are in each others whitelist.

    • Obstacle

      • Security problems related to e-cash.

    Postage computing resources
    Postage ~ computing resources

    • The sender’s software makes some kind of computationally expensive computation which is relatively easy for the receiver to check.

    • E.g calculation of a hash message digest used in CAMRAM project.

    Payment human time
    Payment ~Human Time

    • Automated reply from a recipients software.

    • Sender would connect to a webpage and answer itself as a human spending time answering a simple test which till date only humans can pass.

    Implementation of stamp payment protocols
    Implementation of Stamp Payment Protocols and Humans Apart

    • Standardize an Email Postage Payment Protocol .

    • MUA (Mail User Agent) modification is necessary.

    • Stamps will be attached with emails in envelopes and headers ,care should be taken to pick the encoding convention .

    Business models for spreading postage
    Business Models for Spreading Postage and Humans Apart

    • Sale of services to IT departments.

    • Sale of ready-to-use software.

    • Investment of deposits on postage accounts.

    • Sale of marketing services

    Conclusion and Humans Apart

    • Spams costs time and resources 

    • The design of any information centric system should be such that it can prevent the misuse of resources by malicious users.

    References and Humans Apart



    • An Essay on Spam-Paul Graham

    • Norman Report-Why spammers spam.

    Acknowledgements and Humans Apart

    • Prof. Ashok Agrawala

    • Mudit Agrawal- proof reading

    Video clip
    VIDEO CLIP and Humans Apart

    Thanks questions
    THANKS & QUESTIONS and Humans Apart