As email is becoming more and more an important element in business, email servers are now suffering from more and more risks and threats such as mail bomb attacks and virus attacks.
To prevent your organization’s server from becoming the next victim, it is necessary to implement a good email-filtering tool.
There are several researches and products of anti-virus and anti-spam as described in related works. As shown in the previous chapters, we’ve designed an EMF system integrated with anti-virus engine and anti-spam techniques, and used the PERL language to implement the EMF system. In this chapter, we summarize the contribution of this thesis, and present some ideas that can be used for future research.
6.1 Conclusion and discussion
EMF is an enterprise level email security solution that provides Virus Protection, Spam Filtering and Email Security in one complete package. Because EMF performs the filtering task before the mail enters your network, you do not need to worry about high volumes of spam from threatening your network or overloading your bandwidth.
Blocking spam at the gateway, or Message Transfer Agent (MTA), reduces network resource wastage. These resources include Internet bandwidth, mail server processing cycles, and storage capacity. As shown in the following figure, more than 80% of the emails are useless.
Figure 26 An EMF report in a medium company
As shown in the figure 26, using the SpamAssassin anti-spam techniques along with checking white/black lists, the EMF system protects multilingual message streams, safely removing up to 76.21% of spam at the gateway. Thus, users can eliminate a lot of time reading garbage mail.
Either known or unknown viruses could both be scanned by the anti-virus engine used in our EMF system; this protects the network against wreckful codes. In addition, with the web-based friendly user interface, corporate communications policies can be easily managed using EMF system’s flexible policy manager to gain complete and precise control over mail filtering.
Figure 27 An EMF report in a large company
No single technology can consistently eliminate spam over the long term. Providing multiple defenses is the best way to approach complete spam protection. Besides integrating Sophos’ Anti-Virus Engine and SpamAssassin anti-spam techniques, we have designed some additional functions on our EMF system such as checking black/white lists.
The figure 27 shows a report generated by an EMF installed in a large enterprise. From the report, we can observe noticeable effects that the EMF system’s additional functions have brought.
These additional features include:
(1) Local mailbox existence check (M.5 in the figure 28) (2) checking blank email (M.7 in the figure 28)
(3) checking black/white lists (A.3.1 and A.6 in the figure 28) (4) checking fake routing (A.12 in the figure 28)
(5) Defuse DHA (D.2 in the figure 28)
Figure 28 Some detail reports in figure 27
6.2 Future Work
In the near future, we may focus on helping Email Service Providers (ESPs) prevent their users from sending spam. The ESPs here include most commercial ISPs (e.g., Hinet and Seednet), free email account providers (e.g., Hotmail and Yahoo), universities, and so on.
In March 2004, Allister Cournane and Ray Hunt presented a paper entitled “An analysis of the tools used for the generation and prevention of spam.” [11] In the paper, it examines some of the current (2003) spam obfuscation techniques such as HTML comments or messages that are composed entirely of URLs, etc. Further strategies should be investigated and operated in order to stop new malicious mail.
Our EMF system utilizing the Sophos Anti-Virus Engine to detect virus attached to the email. However, there are many other virus scanners. Each virus scanner has its own strength.
We believe that no single anti-virus engine can fully protect against all possible threats.
Therefore, to integrate multiple anti-virus engines into our EMF system should be taken in consideration when the server is power enough to do so.
Spam and viruses are now flooding through the entire network. Although the constantly improving technology has enabled us to come up with a great deal of solutions to fight them, spammers are also rapidly inventing more and more new tricks to get by the filters and anti-spam systems. Therefore, we need to improve the EMF by aiming at spammers, breaking any trick whenever they come up with one.
Reference
[1] Jonathan B. Postel, “RFC 821 - Simple Mail Transfer Protocol”, August 1982.
http://www.ietf.org/rfc/rfc0821.txt
[2] David H. Crocke, “RFC 822 – Standard for the FORMAT of ARPA Internet Text messages,” August 1982, http://www.ietf.org/rfc/rfc0822.txt
[3] J. Klensin, N. Freed, M. Rose, E. Stefferud, D. Crocker, “RFC 1869 - SMTP Service Extensions”, November 1995. http://www.ietf.org/rfc/rfc1869.txt
[4] J. Klensin, Editor AT&T Laboratories, “RFC 2821 - Simple Mail Transfer Protocol”, April 2001. http://www.ietf.org/rfc/rfc2821.txt
[5] P. Resnick, Editor QUALCOMM Incorporated, “RFC 2822-Internet Message Format”, April 2001. http://www.ietf.org/rfc/rfc2822.txt
[6] N. Borenstein, N. Freed, “RFC 1521 - MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for Specifying and Describing the Format of Internet Message Bodies”, September 1993. http://www.ietf.org/rfc/rfc1521.txt
[7] K. Moore,” MIME (Multipurpose Internet Mail Extensions) Part Two:
Message Header Extensions for Non-ASCII Text”, September 1993.
http://www.ietf.org/rfc/rfc1522.txt
[8] S. Hambridge, A. Lunde, “RFC 2635 - DON'T SPEW A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*)”, June 1999.
http://www.ietf.org/rfc/rfc2635.txt
[9] G. Lindberg , “RFC 2505 - Anti-Spam Recommendations for SMTP MTAs”, February 1999. http://www.ietf.org/rfc/rfc2505.txt
[10] Paul Schmehl, “Barbarians at the Gateway: Defeating Viruses in EDU”, in Proceedings of the 29th annual ACM SIGUCCS conference on User services, Pages 177 - 180 , Portland, Oregon, USA, 2001.
[11] Allister Cournane, Ray Hunt, “ An analysis of the tools used for the generation and prevention of spam”, Computers & Security, Volume 23, Issue 2, Pages 154-166, March 2004.
[12] Geoff Mulligan, “Removing the Spam: Email Processing and Filtering”,
Addison-Wesley, March 16, 1999, ISBN: 0201379570.
[13] Kevin Johnson, “Internet Email Protocols: A Developer's Guide”, Addison-Wesley, January 15, 2000.
[14] Mail Abuse Prevention System (MAPS), http://www.mail-abuse.org [15] The Apache SpamAssassin Project, http://spamassassin.apache.org/
[16] Anti-Spam Research Group (ASRG) of the Internet Research Task Force (IRTF), http://asrg.sp.am/
[17] The Sophos Anti-Virus engine, http://www.sophos.com/products/
[18] Sophos virus analysis: W32/Mimail-L,
http://www.sophos.com/virusinfo/analyses/w32mimaill.html [19] Cert Advisory CA-2001-26 Nimda Worm,
http://www.cert.org/advisories/CA-2001-26.html [20] The W32.Klez.H@mm worm ,
http://securityresponse.symantec.com/avcenter/venc/data/[email protected] [21] Virus information: W32/Sobig-F,
http://www.sophos.com/virusinfo/analyses/w32sobigf.html
[22] Gillmor, D., “Data Privacy Protection Must Start with IT”, Computerworld, Vol. 32, No.
45, November 9, 1998.
[23] Hartman L.P., “The Rights and Wrongs of Workplace Snooping”, Journal of Business Strategy, Vol. 19, No. 3, May/June 1998, 16-19.
[24] Miller-Seumas and John Weckert, “Privacy, the workplace and the Internet”, Journal of Business Ethics, Dec 2000, Vol.8, No.3, pp.255-265.
[25] MessageLabs, http://www.messagelabs.com.
[26] MessageLabs Intelligence June 2003 Monthly report, http://www.messagelabs.com/intelligence.
[27] Email Bombing and Spamming,
http://www.cert.org/tech_tips/email_bombing_spamming.html [28] Tom Merritt, ”What is Email Spoofing?”, May 09, 2000.
http://www.techtv.com/screensavers/answerstips/story/0,24330,2566233,00.html