- Don't mail bomb. Don't assume address on spam is where it's from. - Don't buy from spammers.

Things you can do: - Complain effectively. - Find an ISP that uses MAPS. I get 3 a spams per week from Nilenet vs 10 a day from RMI. - Protect your email address. Don't give a valid address. Don't use a made up address, it may exist. Use me@privacy.net when giving an address. Use a throwaway address on Usenet newsgroups. - Always uncheck the consent to spam boxes on signup forms.

How to complain effectively: - Spam cop generates complaint emails with expanded headers. It's gotten a lot better. - Sam Spade is his favorite (Windows based). - Combat is an online version of Sam Spade. - Abuse.net (Internet for dummies guy runs this). He maintains list of correct addresses to complain. If you send complaint to aol.com@abuse.net , it is forwarded to the right address.

Download the PowerPoint slides for this presentation at: http://oriez.org/spam.ppt --

The next speaker was Geoff Mulligan geoff@mulligan.com, CEO of Interosa. He is an experienced leader in developing new technologies. Before joining Interosa, Geoff was a founder and senior engineer for Geocast Network Systems where he was focused on system software and network design. Prior to that, while at Sun Microsystems as a Senior Staff Engineer he was the principal architect for Sun's premiere firewall product - SunScreen and a founding member of the Internet Commerce Group. While on a sabbatical from Sun, Geoff helped start USA.NET, a global eMessaging Service Provider. Prior to joining Sun, Geoff worked at Digital's Network Systems Laboratory developing the DEC SEAL firewall, developing Networking courseware and researching email issues. Before working at Digital, he spent 11 years in the Air Force working at the Pentagon on computer and network security, building local and wide area networks and teaching computer science at the Air Force Academy. Geoff received a master of science degree in Computer Information Systems from the University of Denver and a bachelor of science degree in Computer Science from the United States Air Force Academy. He authored the book "Removing the Spam" and holds patents in network security and electronic mail.

Spam is like junk mail that you have to pay for (with postage due). It doesn't cost a spammer much, just pennies to send to millions of messages. They use dictionary attacks, like name in the book at aol.com and sun.com just to get two hits. So they don't care if they waste bandwidth.

Definitions: UCE - unsolicited commercial mail. UBE - unsolicited bulk mail. There's nothing for sale, but they may be trying to get you to do something.

Spam used to mean crossposting to different Usenet newsgroups where it shouldn't be, like posting a UNIX question in a Windows group. The first case of spam was a DEC sales person who decided to send it to ARPAnet. If you're interested in DEC computers give him a call. He sent 3000 messages in 1975. The green card lawyers in Arizona crossposted to 5900 newsgroups. They were roundly chastised, then they went on the book tour. Now they are disbarred for another reason; they didn't do what they advertised.

Usenet software started blocking crossposting, so spammers came up with using email instead with open relay servers. They can send one 2K message with 1000 addresses, and the ISP has to send out 2 MB worth of messages. Half the messages are not valid, so they bounce back to the server, slowing it to a crawl. It happened to me when I was working for an ISP in Maryland, but I was in Colorado. I researched what to do to prevent it, and wrote the book.

Q. How will it affect companies like MessageMedia that send lots of permission based e-mail? A. Send messages round robin to several mail servers at one company so you don't hit the timer limit. Sendmail can limit number of addresses in each message.

Stopping spam starts with you. Don't have open relays. The original version with Solaris was an open relay. Linux - Red Hat current versions have newer sendmail so it blocks open relays by default.

As soon as an anti-spam book comes out, spammers come up with a way around it. Get the latest version of whatever you're using, like sendmail 8.11.0.

Turn on anti-spam options like RBL (Realtime Blackhole List. RBL is supported by sendmail 8.10 and 8.11. The original Blackhole list used routing tables that routed packets to a black hole. This was an effective way to stop access to their web site, mail, ftp, everything. An easier way is to block it in sendmail, and the spammer gets a bounce saying we don't accept mail from you. You used to have to maintain your own list, but now that it's maintained, it's easier to get the good ones off the list, get the new ones on the list.

Q. How big is the RBL? A. Thousands. The open relay list is 50,000.

Filtering on the server (like procmail) better than filtering on your end.

Educate users. Teach what it means to be a spammer. The e-mail about the little boy who needs get well cards was a hoax. This type of mail, and chain letters are spam. You've got to pass it on to see the flying horse on the screen. Bill Gates will not donate money if you forward spam.

Q. What is the response rate? A. Since it only costs a spammer $10 to send spam, a one out of a million response is enough for them to make money.

Spammers should have to find those who want to see spam. Some people do buy from spam.

What you should do when receiving spam: - Don't respond. - Don't attack them back. Could mail bomb the wrong person. - Do report them to MAPS or Abuse@isp.address. See also http://www.abuse.net.

After this section of the talk, Dan gave away a copy of Geoff's book, courtesy of SoftPro ( http://www.softpro.com ). --

The third speaker was Steve Senator sts@senator.org. He has over 25 years experience in computing, having served as a programmer (scientific, systems, and network programming), analyst/programmer, systems and scientific systems analyst, systems and network architect, fault tolerant system designer, project leader, independent consultant, teacher and engineering manager. Steve's professional passion is problems of fault tolerant system design, the inception of which was his work on whole operating system checkpoint-restart mechanisms at Tandem Computers. Recently, Steve has applied lessons learned there to file system hardening at Sun Microsystems, on virtual private networking at the Granite Canyon Group, and as a consultant on numerous Internet-enabled projects. Steve holds six patents, chiefly in the area of file systems and device drivers. Steve holds a bachelor of arts degree in geological sciences from the University of Pennsylvania.

E- mail is the most widely used application on Internet. In 1969 people were sending files. SMTP grew out of this. Protocols at that time were trusting. The community was different then than now.

E-mail protocols lacked: - Integrity to detect modification of data. - Identification to label originators and recipients. - Authentication to verify identity. - Privacy to recode content for authorized parties only. (Note: this is not the same as confidentiality.) - Non-repudiation to certify message composition, transport, and receipt.

Efforts to add these features to e-mail include: - Privacy Enhanced Mail (PEM). - Multipurpose Internet Mail Extensions (MIME). - MIME Object Security Services (MOSS). - Pretty Good Privacy (PGP, OpenPGP). - Secure MIME (S/MIME).

Security features are not necessarily convenient. PGP only had a 50% adoption rate at a university where it was mandated. Secure MIME is gaining some ground.

Convenience and Security Bruce Schiner quote: "Given a choice between dancing elephants and security, most people will choose dancing elephants." People will choose features and convenience over security. However, Ben Franklin said: "Those who prefer security to freedom are destined to achieve neither."

Sever-based protocols exist to build in trust. - DNS SEC (RFC 2535, March 1999) - to construct the "web of trust" of SMTP servers - Secure SMTP (RFC 2487, Jan. 1999) - to implement transport security These aren't widely used. They are brought down by Least Common Denominators. People want to communicate with untrusted sources.

Products: The only one is Wietse Vanema's PostFix (open source).

The Zen of combating spam: It's not products or technology, the community needs to be educated.

Social protocols - MTA filtering MAPS ORBS - Mail storage mailbox filtering. Implement at server level - MUA filtering - Mail User Agent like in Outlook.

Public DNS Spam Anecdotes - Public DNS servers have to adhere to AUP (Acceptable Use Policy). No money collected is collected, but it's not acceptable to send spam. - These servers redirect all web traffic to anti-spam resource pages such as the Coalition Against Unsolicited Commercial E-mail ( http://www.cauce.org ) and the Federal Trade Commission ( http://www.ftc.gov ). - There are approximately two spam incidents per week.

Spammers are trying to establish a brand with a domain name. Public DNS sends a message to any domain name referred to in spam.

If a domain moves to another provider, TTL (time to live) is set to 6 months.

Create anti-spam communities by talking to upstream providers, talk to friends, other fighters, post anti-spam web pages.

References: - Crocker: "Internet Data Object Security" ( http://www.brandenburg.com/articles/datasecurity/ ) - IBM AlphaWorks, "SecureMail". - David Brin, "The Transparent Society". This book details how society must change in a networked world. Basically he says to let everyone see his stuff, but charge them for it or at least notify him. - Lawrence Lessig, "Code and Other Laws of Cyberspace". Source code can regulate our cyberspace activities more thoroughly than any law. - Amitai Etzioni, "The Limits of Privacy". He says that the FBI should be able to override privacy if reading encrypted messages would prevent a terrorist attack like the Oklahoma City bombing.

Read Woody's Office Watch to see what Microsoft is doing with your Passport ID in the Save My Setting wizard. ( http://www.woodyswatch.com/office/archtemplate.asp?5-n17 ) ---

Trivia question What is the origin of the word spam? It's from the Monty Python skit about a restaurant where everything is spam and it drowns out everything else.

Q. Any good filtering clients? A. - Eudora has good filtering. - Outlook Express has a learning feature. But you can't be sure what it's focusing on. - Spam Buster is a good tool. You should have a way so you can check to see what it's doing. - Spam Blocker (Windows). Procmail under Linux, Unix. Not easy, but a good tool.

Q. Jeff Finkelstein jf@persona.com announced that his company is coming out with a server tool for filtering spam. Sign up for a throw away account that will keep all your e-mail and send you just the headers. A. Geoff - The problem with client side software is that it has to come all the way across the Internet. Charlie - There was an IP address that was used by an old spammer. A new company came in that used that IP address. Local lists aren't cleaned up as often, so if an IP is reused, it could be a valid non-spammer. POP or IMAP read the headers first and use that to filter so it uses less bandwidth. Steve - A filter should look at the header and content on the server side so you don't have to download them all. You'll want to check for rules that are used for the filter. If you filter for "!!!!!", and your a friend uses lots of exclamation points, his mail won't get through, so you may need to modify the rules. People in newsgroups use xxxNOSPAM@xxx.com for their return address, with the instruction to delete the "NOSPAM" to respond.

You could get a free geographic domain like yourname.boulder.co.us, and use different addresses in different newsgroups and mailing lists to track where the address is harvested.

Q. Does the anti-fax law apply to spam? A. Probably not according to the legals.

- Fighting spam is not about content. However a lot of the content is illegal. If you get spam selling pirated copies of Microsoft programs, send it to Microsoft so they'll go after the spammer. If you get a spam with a "pump-and-dump" stock scheme, complain to the SEC. Chain letters that have you send a buck are violations of US Postal Service law. They have a web form to report this. (http://www.framed.usps.com/websites/depart/inspect/fraud/MailFraudComplaint .htm)

Dan adjourned the meeting at 9:00 pm.

Respectfully submitted by Tom Bresnahan.
Select a Year

2009 Minutes
2008 Minutes
2007 Minutes
2006 Minutes
2005 Minutes
2004 Minutes
2003 Minutes
2002 Minutes
2001 Minutes
2000 Minutes
1999 Minutes
1998 Minutes
1997 Minutes
1996 Minutes
1995 Minutes
1994 Minutes

Copyright 2004 RMIUG.org, All Rights Reserved