My Comments on Malware and Spams in Email when I was a young student

Note

1. Email Overview

Figure 1. Illustration of email exchange [1]

Another technology is the mailing list where the clients subscribes so they’re included into the mailing list. Materials will be send to the subscriber within the mailing list. Security issues on email other than malware mostly dealt with spams.

2. Spam

2.1 Open Relay

Figure 2. Illustration of open relay abused [2]

2.2 Impact of Spam

  • Very heavy unnecessary network since spams fills the traffic.
  • As a user it’s a heavy burden in sorting the emails.
  • Mis-classify an email (a clean email may be treated as spam or vice versa).
  • Domain spoofed, your email domain might get registered as spam (blacklist).
  • Worst case could be hijacked or denial of service.

2.3 POP before SMTP / SMTP after POP

Figure 3. Using authentication for smtp [4]

Back then the POP before SMTP was implemented to cope with the open relay issue, still it’s a method to allow email exchange from outside, spammers just need to find another way. (1) First they could gain control (spam bot) the user’s PC that had authorization to the SMTP server through service attack worms (SAW) and mass mailing worms (MMS). (2) Second is a method called email error back scattering where on the envelop insert “reply-to: targeted-email@domain.com” (if error will go to that email). This two are illustrated on Figure 4. How is it possible? It is because of direct SMTP.

Figure 4. Other round-ways for POP before SMTP [2]

3. Anti Spam

  1. Install email anti virus (AV) which could prevent hijacking and bot controlled.
  2. Use outbound port 25 blocking (OP25B) which rejects direct SMTP to port 25, instead allowing through authorized email server only (only the email server may use direct SMTP). On the other hand there is inbound port 25 blocking (IP25B) which means that it doesn’t receive spam emails.
  3. Authentication which strengthens point 2. Use the SMTP authentication and over the SSL.
  4. There exist the sender policy framework (SPF) which registers the authorized email servers into the DNS server. When an email is received the server performs SPF which compares the sender’s IP address, email server’s IP address and domain. If it doesn’t satisfy it will not receive.
  5. Another is domain key identified mail (DKIM) where a signature is added on the message header based on the secret key.
  6. Then there is Sender ID which uses SFP and caller ID advocated by Microsoft.

Reference

  1. http://md.kumamoto-u.ac.jp/mod/book/view.php?id=98629&chapterid=4984
  2. https://en.wikipedia.org/wiki/Spamming
  3. http://www.isaserver.org/articles-tutorials/articles/smtprelayinboundoutbound.html

Mirrors

this blog contains all my articles licensed under creative commons attribution customized sharealike (cc-by-sa) where you can sell but mention the open one here

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store