What is SPAM?
DEFINITION:
Spam is unsolicited, unwanted e-mail sent by someone with whom the recipient has no personal or business relationship.
WHAT DAMAGE DOES IT CAUSE ?
Surveys of businesses and other organizations that rely on the Internet for their communications show that around 70 per cent of inbound email traffic is either spam, or other types of illegitimate messages. Most conventional spam, is purely commercial in its intent, setting out to encourage Internet users to buy goods or services. Others are so-called
“blended threats”, messages that use social engineering techniques to persuade recipients to open the message and, typically, activate a Trojan, virus or other malware.
But a growing percentage of spam aims to cause damage or disruption to a company or to its IT assets.Denial of service attacks delivered over email, for example, could take down a company’s mail servers, rendering it unable to do business on line. More sinister still, cyber criminals can use a combination of hacking and spam techniques to “harvest” email addresses and user identities, opening the door to further attacks. Email-based denial of service attacks could also be directed at network providers, with the knock-on effect of damaging the communications of dozens of businesses that outsource their email hosting.
The threat to corporate IT systems is by no means static. As the quantity of spam grows, legitimate email traffic on the Internet is being drowned out by it. Industry estimates suggest that just 30 per cent of email traffic is technically valid. Of that valid traffic, two thirds consists of spam or other unsolicited mails. Just one in 10 emails is both legitimate and genuine.
The vast majority of email security systems in production today scan only for the content of the messages, relying on techniques such as keyword scanning. This means they will accept the vast majority of malformed messages as legitimate.
The vast majority of email security systems in production today scan only for the content of the messages, relying on techniques such as keyword scanning. This means they will accept the vast majority of malformed messages as legitimate.
These messages move through a company’s perimeter defenses unchecked and pass on intact to email systems and often, the desktop. This places an enormous and unnecessary burden on networks and server resources, as well as wasting staff time.
Spam is forcing businesses to invest in additional bandwidth, storage space and CPU capacity just to collect, store and forward enormous quantities of unwanted email traffic.
Spam is forcing businesses to invest in additional bandwidth, storage space and CPU capacity just to collect, store and forward enormous quantities of unwanted email traffic.
The very high ratio of illegitimate messages to legitimate mail forces companies to invest more and more resources in building spam detection and filtering systems. For some businesses, the need to scan the content of a vast amount of email, just to find the relatively small proportion of real messages, creates serious bottlenecks within the IT infrastructure.
There are no authentication standards built in to the SMTP email protocol. And as there is no real cost involved in sending email, there are few economic incentives to prevent spammers from continuing to ply their trade. Legal restrictions on spammers have been increased, in particular in the USA. But these measures will do little to deter the authors of other illegal traffic types. Their actions are already unlawful in much of the world, but enforcement remains extremely difficult. The responsibility remains on businesses to protect themselves.
CURRENT MICROSOFT SPAM FILTERING TECHNOLOGY:
Innovative spam-filtering technology, called SmartScreen, developed at Microsoft Research is being deployed across all Microsoft e-mail platforms as part of the company's multi-pronged effort to chase unsolicited e-mail and practitioners of illegal spamming out of consumers' inboxes.
SmartScreen Technology is a machine-learning-based filtering technology. It uses a probability-based algorithm to essentially "learn" what is and what isn't spam based on characteristics of both types of mail. The source material for educating SmartScreen Technology has come from hundreds of thousands of e-mail users who contribute to Microsoft's feedback loop program. Gates called SmartScreen Technology a major advance in the battle to help secure consumers' inboxes and return greater productivity to people's e-mail experience.
SmartScreen Technology is a machine-learning-based filtering technology. It uses a probability-based algorithm to essentially "learn" what is and what isn't spam based on characteristics of both types of mail. The source material for educating SmartScreen Technology has come from hundreds of thousands of e-mail users who contribute to Microsoft's feedback loop program. Gates called SmartScreen Technology a major advance in the battle to help secure consumers' inboxes and return greater productivity to people's e-mail experience.
HOW DOES THE SmartScreen TECHNOLOGY WORK?
The spam-filtering SmartScreen Technology is built on machine learning, meaning that your computer uses a series of probability-based algorithms to distinguish between legitimate e-mail and spam. It basically "learns" what is and what isn't spam. The SmartScreen Technology filter has to be trained to recognize the different characteristics of both legitimate e-mail and spam. To get enough training data, Microsoft has instituted a feedback program in which customers voluntarily review messages to make a determination as to whether they believe a given message is spam. Based on that information, those messages get placed in a training database for SmartScreen Technology. The machine learning algorithm extracts specific words or characteristics from each e-mail message and weights them, based on their likelihood to indicate that a message is spam or legitimate mail.
As new e-mail messages arrive at a Microsoft e-mail server or client machine running SmartScreen Technology, the filter analyzes it for the weighted characteristics and generates an overall probability that the message could be spam. If the message hits a specific threshold of probability, it gets marked either for deletion or placement in the user's junk e-mail folder. The key advantage of SmartScreen Technology is that it is always adapting and learning more about what is and isn't spam. It learns the latest characteristics that distinguish spam from good mail based on data that the filtering technology collects over time, both from the e-mails that individual users deem as spam and the data collected centrally through Microsoft's feedback loop program. SmartScreen Technology already searches for more than 500,000 characteristics of spam that are based on feedback from e-mail users, which enables the filter to be highly effective. And Microsoft will also issue periodic updates to the filtering technology to augment the machine learning process.
As new e-mail messages arrive at a Microsoft e-mail server or client machine running SmartScreen Technology, the filter analyzes it for the weighted characteristics and generates an overall probability that the message could be spam. If the message hits a specific threshold of probability, it gets marked either for deletion or placement in the user's junk e-mail folder. The key advantage of SmartScreen Technology is that it is always adapting and learning more about what is and isn't spam. It learns the latest characteristics that distinguish spam from good mail based on data that the filtering technology collects over time, both from the e-mails that individual users deem as spam and the data collected centrally through Microsoft's feedback loop program. SmartScreen Technology already searches for more than 500,000 characteristics of spam that are based on feedback from e-mail users, which enables the filter to be highly effective. And Microsoft will also issue periodic updates to the filtering technology to augment the machine learning process.
Microsoft is currently heavily investing in research and development to bring more effective anti-spam innovations to light. They have announced that they we'll continue to dedicate resources toward fighting spam from all angles of technology, enforcement, education, legislation and industry self-regulation.
SOURCES: Microsoft , Computer Crime Research Center
No comments:
Post a Comment