E-mail accounts in the world - 3 375 000 000
Corporate E-mail accounts - 25% .
Consumer E-mail accounts - 75%.
Territorial division of Email users:
Asia Pacific region - 49%
Europe - 22%
North America - 14%
Rest of World - 15%
Top E-mail senders, e-mails/day:
Google.com - 435 200 000
Yahoo.com - 398 800 000
Hotmail.com - 160 300 000
Microsoft.com - 63 900 000
Linkedin.com - 58 800 000
Who play major role in world SPAM traffic?
A botnet is a collection of internet-connected
computers whose security defenses have been
breached and control ceded to a malicious party.
Spam by Spambot Type
Spheres of usage
Phishing - redirecting users to fake copies of popular sites with
identical interface by links in e-mails for stealing5 their credentials or
Advertisement - sending unwanted advertisment for numerous amount
Virus and malware - sending viruses and malware in e-mail, usually in
attachment, with goal to infect user PC with virus or troyan.
Examples: Viruses, Troyans, Keyloggers.
Social engineering - sending fake e-mails from authoritative persons or
organizations who can influence on victim further actions and
Example: Mail from your bank, from police or your boss.
Anything you can imagine
10.0.0.2 → 10.0.0.3:25
mail from: [email protected]
rctp to: [email protected]
Received: by 10.0.0.2 with HTTP Sun, 01 Oct
Common injection techniques
SPAM injection based on spam lists from compromised hosts and open-relays.
Spoofing of SMTP session headers and e-mail headers, sending from
unprotected or unvalidated SMTP servers.
Spam via message bounce mechanism
Sending of SPAM via changing sender headers for victim address and recipient headers are changed to unexistent mailbox of some popular mail server.
Sending of SPAM via sending empty «mail from» and set victim as recipient.
Common counteractions methods
- verification based on sender host information: IP address,
- verification based on SMTP and E-mail headers:
Sender level - verification of message sender headers.
Recipient level - verification of message recipient headers.
- verification based on the whole message and
Transport layer mechanisms
- Realtime Blocking List - e.g. Senderbase.org
Black lists - list of IP addresses of hosts which send spam stored on DNS servers.
Grey lists - delaying of mail receiving on mail server for interval from 30minutes to several hour
by bouncing mail from IPs without reverse DNS zones or who sends mail for first time.
Nolists - specifying several MX records with different priority, where MX with highest priority will
- Host Acces Tables - creation of rules on mail server which IP addresses are permitted and
Filtering senders by IP sddresses, country based filtering - creating listf of IP addresses from
which receiving of mail is allowed or forbidden.
Rate limiting - control of amount of messages per connection, amount of connections from certain SMTP servers.
Headers level mechanisms
LDAP - LDAP based methods are methods in which e-mail recipient address is validated through LDAP accept queries, if query is fail - mail is rejected, if query is passed - mail is accepted.
SMTP-Callahead - using verification of validity of recipient through other SMTP servers. While e-mail appears on server first he asks another SMTP - static or that who is responsible for
recipient domain if such recipient exists, and only after positive answer proceed with mail delivery.
If answer was negative message is rejected.
RAT - Recipient Access Table - mean of validation of recipients, where SMTP server can be
configured to accept or reject certain domains, users, partial domains.
Message level mechanisms
Antispam Engines - using on SMTP server message scanning engines like IronPort Anti Spam,
Rules - every engine uses rules for defining spam, rules are frequently refreshed from rule
updater server. Rule may contain sender, subject, size of message, type and size of
Fingerprints - addition to the rules - used for attachment scanning, helps to define what really
Antivirus engines - engines from Sophos or McAfee for csanning messages for viruses and
malware, can block, quarantine, deliver viral messages dependent on policy options.
Content scanning - as usual engines which helps to scan attachments of various types and
SPF/SIDF - Sender Policy Framework is an email validation system designed to
prevent email spam by detecting email spoofing by verifying sender IP addresses
against DNS SPF record.
SPF - performs check of domain from «HELO» and «Mail from» provided
during SMPT session against DNS SPF record.
DNS record: a.com IN TXT "v=spf1 +ip4:10.0.0.4 -all"
SIDF - performs check of domain from headers «Sender» or «From» from e-mail headers and check of «Mail from» domain from SMTP conversation.
DNS record: a.com IN TXT "spf2.0/pra,mfrom +ip4:10.0.0.4 -all"
Adding SPF headers
+a +mx +ip4:10.0.0.1 -all
Mail from: [email protected]
Rcpt to: [email protected]
b.com A IN 10.0.0.2
b.com MX IN 10.0.0.3
a.com A IN 10.0.0.1
a.com MX IN 10.0.0.1
22.214.171.124.in-addr.arpa. PTR IN b.com
126.96.36.199.in-addr.arpa. PTR IN a.com
a.com IN TXT "v=spf1 +a +mx +ip4:10.0.0.1 -all"
- DomainKeys Identified Mail is a method for associating a domain name to an email
message, the association is set up by means of a digital signature which can be validated by
recipients. Maint means for DKIM are private and public keys, e-mail is signed with private key
on mail server, and recipient can verify this subscription by public key which is stored on DNS
DKIM-Signature: v=1; a=rsa-sha256; d=a.com; s=ironport;
c=simple/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938;
b.com A IN 10.0.0.2
b.com MX IN 10.0.0.3
188.8.131.52.in-addr.arpa. PTR IN b.com|
ironport._domainkey.a.com. IN TXT "v=DKIM1;p=hnYvDFjxQIsdsYd.AQDSDdsSSDdAB;"
Original & Golden Crust : WHEAT FLOUR, MALTED BARLEY FLOUR, NIACIN, IRON, POTASSIUM BROMATE, THIAMIN MONONITRATE, RIBOFLAVIN, FOLIC ACID, SUGAR, YEAST FOR MIX* (YEAST, SORBITAN MONOSTEARATE), SALT, SPRAY DRIED SHORTENING (PARTIALLY HYDROGENATED SOYBEAN OIL, CORN SYRUP SOLIDS, SODIUM CASEINATE) Buttery Oil (used in Golden crust): PARTIALLY HYDROGENATED SOYBEAN OIL, SALT, LECITHIN, ARTIF
2010-11 NCAA Banned Drugs The NCAA bans the following classes of drugs: a. Stimulants b. Anabolic Agents c. Alcohol and Beta Blockers (banned for rifle only) d. Diuretics and Other Masking Agents e. Street Drugs f. Peptide Hormones and Analogues g. Anti-estrogens h. Beta-2 Agonists Note: Any substance chemically related to these classes is also banned. The institution and the studen