Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion E-mail trends in 2010: How do spammers get your address? Using distributed poisoned addresses to track harvesting behavior Robert Marmorstein Damian Bailey and Daniel Oppecker Longwood University January 25, 2010 Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Introduction What is Spam? Unsolicited bulk email (UBE) Unsolicited commercial email (UCE) The cost of spam According to estimates, spam cost business as much as $130 billion in 2009[1]. Both the volume and cost are increasing. Spam is an industry – even if only one in forty-two million messages result in a sale, the incredible volume of spam means millions of dollars in sales. David Ferris. The e-mail security market: Industry Statistics. Ferris Research 2009 Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Combatting Spam Filtering Graylisting Sender “Protection” Framework Going after the hackers themselves Costs These techniques reduce the number of spam messages received, but not the number sent. The huge volume of spam slows down normal Internet traffic, requires companies to invest heavily in infrastructure, and poses many security risks. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion How does e-mail work? Mail Delivery Mail User Agent Mail Transport Agent Mail Relay Agent Mail Delivery Agent Protocols SMTP POP3 and IMAP Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion How does e-mail work? MAIL FROM:adolf@germany.net RCPT TO:unsuspecting@example.com RCPT TO:victim@example.com DATA FROM: LittleBoPeep@innocent.org TO: Tom@example.com Subject: Please buy pills They’re really good. Just click on this link. . QUIT Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Conventional Wisdom Where does spam come from? The Russian mafia hires spammers Spammers use botnets to send billions of messages Bots are created using viruses, malware, or system-cracking Each message has a small probability of being clicked Each click has a small probability of resulting in a sale Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Conventional Wisdom How do spammers get your address? Giant lists of addresses Harvesting bots that scrape web pages and Usenet postings By guessing: Dictionary (Rainbow) attacks Why not block the bots? Some bots are “good bots” such as Google’s indexing bot. Spam harvesting bots usually pretend to be indexing bots. It is difficult to tell good bots apart from bad ones. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Solution Can we make harvesting more difficult? Captchas Accessibility Complexity Circumventable Address obfuscation Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Previous Work Center for Democracy and Technology Study[1] Distributed addresses across the web and tracked them for six months to see whether they got spam. Also tried obfuscating addresses to see if that affected harvesting success. It did! Why am I getting all this spam? Unsolicited Commercial E-mail Research Six Month Report Ari Schwartz Center for Democracy and Technology, March 2003 Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Previous Work Project Honeypot[1] Project Honeypot tracks thousands of addresses to see if they have been scraped. Easy to download and install on any web server. It takes 2 weeks, 5 days, 11 hours, and 49 minutes (on average) for an address to receive spam once it has been harvested. The most harvesters come from China (15%) closely followed by the U.S. (13.2%) and Spain (12.5%). The 46+ million addresses they monitor receive about 10 million spam messages each week. Understanding How Spammers Steal Your E-Mail Address: An Analysis of the First Six Months of Data from Project Honey Pot Matthew Prince, Lee Holloway, Arthur M. Keller, et. al Second Conference on E-mail and Anti-Spam, July 2005 Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Implementation Obfuscation We generate addresses obfuscated in five ways: Clear text (No obfuscation) DOT/AT obfuscation Reversed text Extraneous character insertion Text-to-Image obfuscation Poisoned Addresses A poisoned address is an e-mail address which does not belong to a real user, but to an analysis engine which can track harvesting behavior. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Implementation Architecture Postfix mail server running on Linux which has only six accounts set up: one to act as a control group and detect dictionary attacks and an account for each obfuscation method. Addresses are generated, obfuscated, and embedded in a web page. We use aliasing to link poisoned addresses to each account. Address Distribution Each of the web pages we created was distributed to a different web hosting server. We distributed 845 addresses to about 170 web sites, most of which were free-hosting sites. These pages typically don’t show up in a google search. The control group consisted of 100 unadvertized addresses. We have also distributed just under 50 addresses to web sites which have been indexed on Google. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Result We received six spam messages. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Results How do spammers get your address? Four of the six were posted on my narnia home page. The other two were posted on free hosting sites. All six were to “undisguised” addresses. None of our unadvertized (i.e. control) addresses received spam. Server logs show plenty of attempts to use us as a relay. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Results Research Implications Address obfuscation works Popular, indexed, web sites get more harvesters than free hosting sites. Dictionary attacks are not a significant means of sending spam. (Unless the three letter, four digit combo is particularly effective). Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Future Work Google Page Rank Duplicate web pages don’t score well. Sites with few links to each other don’t score well. Do free web hosting sites hurt our page rank? Server-side tracking Maybe looking at the log files would help us understand what’s happening. An alternative to e-mail E-mail is a very insecure medium anyway. Maybe it’s time for something new like RSS-based feedsharing with approval feeds. Robert Marmorstein Longwood University How do spammers get your address?
Motivation How E-mail works Conventional Wisdom Previous Work Implementation Results Conclusion Questions Questions? Robert Marmorstein Longwood University How do spammers get your address?
Recommend
More recommend