*BEGIN GRAPHICS VERSION=442/420 ENCODING=7BIT ** "Creator" brian ** "Creation Date" Sat May 4 18:52:16 2002 ** "Creation Version" 4.42 (1021.500) ** "Revisor" brian ** "Last Modified" Wed May 19 20:17:19 2004 ** "Last Modified Version" 4.42 (1021.500) COLORMAP <"Transparent" 0 0 0 0 0 1> <"Black" 0 0 0 0 255 0> <"White" 0 0 0 0 0 0> <"Grey 95" 0 0 0 0 13 0> <"Grey 87" 0 0 0 0 33 0> <"Grey 75" 0 0 0 0 64 0> <"Grey 50" 0 0 0 0 128 0> <"Red" 0 0 255 255 0 0> <"Red 95" 0 13 255 255 0 0> <"Red 87" 0 33 255 255 0 0> <"Red 75" 0 64 255 255 0 0> <"Red 50" 0 128 255 255 0 0> <"Green" 0 255 0 255 0 0> <"Green 95" 0 255 13 255 0 0> <"Green 87" 0 255 33 255 0 0> <"Green 75" 0 255 64 255 0 0> <"Green 50" 0 255 128 255 0 0> <"Blue" 0 255 255 0 0 0> <"Blue 95" 0 255 255 13 0 0> <"Blue 87" 0 255 255 33 0 0> <"Blue 75" 0 255 255 64 0 0> <"Blue 50" 0 255 255 128 0 0> <"Yellow" 0 0 0 255 0 0> <"Yellow 95" 0 0 0 255 13 0> <"Yellow 87" 0 0 0 255 33 0> <"Yellow 75" 0 0 0 255 64 0> <"Yellow 50" 0 0 0 255 128 0> <"Magenta" 0 0 255 0 0 0> <"Magenta 95" 0 0 255 0 13 0> <"Magenta 87" 0 0 255 0 33 0> <"Magenta 75" 0 0 255 0 64 0> <"Magenta 50" 0 0 255 0 128 0> <"Cyan" 0 255 0 0 0 0> <"Cyan 95" 0 255 0 0 13 0> <"Cyan 87" 0 255 0 0 33 0> <"Cyan 75" 0 255 0 0 64 0> <"Cyan 50" 0 255 0 0 128 0> <"Tan" 0 0 57 131 0 0> <"Clay" 0 0 74 74 57 0> <"Brown" 0 30 100 220 30 0> <"Dark Brown" 0 60 135 190 65 0> <"Olive" 0 90 65 190 65 0> <"Light Orange" 0 0 33 255 0 0> <"Orange" 0 0 90 255 0 0> <"Dark Orange" 0 0 132 255 0 0> <"Light Purple" 0 31 153 0 0 0> <"Purple" 0 80 208 0 15 0> <"Dark Purple" 0 25 126 0 44 0> <"Color0" 0 0 51 102 0 0> <"Color1" 0 0 0 0 71 0> <"Color2" 0 0 0 0 51 0> <"Color3" 0 0 0 0 73 0> <"Color4" 0 181 0 181 61 0> <"Color5" 0 255 17 0 0 0> END COLORMAP FONT "Times" "Zapf Dingbats" "Swiss" "Morewingbats" "Dutch" "Courier" END FONT SESSION WIN_SIZE <11974 5134> AUTOGRID ON PAGEWID 11000 PAGEHYT 8500 PRINTWID 11000 PRINTHYT 8500 PRINTLAND ON SLIDE_STYLE <0 -1 1> BACKFILL <34 2 5 1000 0 0 0> LINEFILL <21 21 5 1000 0 0 0> SHADOW <11 0 15 15> FONT 2 REZ <1 603 603 -4929 -508> END SESSION SLIDE_MASTER S_EXT1 <105 85 9892 1504> S_EXT2 <105 1562 9892 7370> T_ATTR0 BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> END T_ATTR0 T_ATTR1 END T_ATTR1 S_ATTR0 BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 END S_ATTR0 S_ATTR1 END S_ATTR1 S_ATTR2 PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 END S_ATTR2 S_ATTR3 PARA <-500 1500 -500 1 1000 0 3 108> V_SPACE <28 333 0> SIZE 240000 END S_ATTR3 S_ATTR4 PARA <-500 2000 -500 1 1000 0 3 108> V_SPACE <28 306 0> SIZE 220000 END S_ATTR4 S_ATTR5 PARA <-500 2500 -500 1 1000 0 3 108> ITALICS ON END S_ATTR5 SLIDE_INFO SLIDE_STYLE <0 0 1> PAGE_BACKGD <0 0 1 17> C_SCHEME <7 7 20 20 21 21 34 2 23 27 44 12 1 0 0 0 0 0 0 0 0 0 0 11> END SLIDE_INFO .GRP BACKFILL <1 0 0 0 0 0 0> LINEFILL <1 2 5 1000 0 0 0> SHADOW <6 0 15 15> PARA <0 0 0 0 1000 1 0 111> V_SPACE <250 250 0> FONT 0 SIZE 180000 ITALICS OFF L_SPACE 250 MARGINS <125 125 250 62> END .GRP END SLIDE_MASTER HANDOUT_MASTER SLIDE_INFO SLIDE_STYLE <0 -1 1> END SLIDE_INFO .GRP END .GRP END HANDOUT_MASTER OUTLINE_MASTER SLIDE_INFO SLIDE_STYLE <0 -1 1> END SLIDE_INFO .GRP END .GRP END OUTLINE_MASTER NOTES_MASTER N_EXT1 <250 250 7249 4875> N_EXT2 <250 5125 7249 9749> N_ATTR0 BACKFILL <1 1 0 0 0 0 0> V_SPACE <28 250 0> FONT 4 MARGINS <0 0 0 0> END N_ATTR0 N_ATTR1 END N_ATTR1 N_ATTR2 PARA <0 500 0 0 1000 1 0 111> END N_ATTR2 N_ATTR3 PARA <0 1000 0 0 1000 1 0 111> END N_ATTR3 N_ATTR4 PARA <0 1500 0 0 1000 1 0 111> END N_ATTR4 N_ATTR5 PARA <0 2000 0 0 1000 1 0 111> END N_ATTR5 SLIDE_INFO SLIDE_STYLE <0 -1 1> END SLIDE_INFO .GRP BACKFILL <1 0 0 0 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <250 250 0> FONT 0 MARGINS <125 125 250 62> END .GRP END NOTES_MASTER SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <0 1 2 3 3> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 1 0 0> T_POS <105 85 9892 1504> .TXT AT (1161,240) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> LINEFILL <21 21 5 1000 0 0 0> SHADOW <11 0 15 15> V_SPACE <0 611 0> FONT 2 SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 437> T_PNTS (0,437)(0,0)(7675,0)(7675,569)(0,569)(0,437)(7675,437) H_SPACE 9788 .STR "Filtering unwanted E-mails" .TXT AT (4239,4989) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 333 0> SIZE 240000 BOLD OFF L_SPACE 333 TXTXYOFF <-26 245> T_PNTS (0,245)(0,0)(1998,0)(1998,252)(0,252)(0,245)(1998,245) H_SPACE 0 .STR L_SPACE 250 "Brian Candler" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> THICKNESS 1 PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 HOR_JUST LEFT MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (738,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-87 439> T_PNTS (0,439)(0,0)(8651,0)(8651,1182)(0,1182)(0,439)(8651,439) H_SPACE 9788 .STR "What are the main sources of junk E-mail?" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(8882,0)(8882,5635)(0,5635)(0,326)(8882,326) .STR "Spam" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tUnsolicited, bulk E-mail" .STR "\n\tUsually fraudulent - e.g. penis enlargement, lottery scams, close relatives of African presidents etc." .STR "\n\tLow response rate -> high volume sent" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nViruses, Trojan Horses" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tInfected machine sends out mails without the owner's knowle dge" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nMalicious bounces (\"Joe-jobs\")" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tSpam or viruses sent with forged MAIL FROM" .STR "\n\tAny bounces go to innocent third party" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (2090,232) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-1 449> T_PNTS (0,449)(0,0)(5737,0)(5737,459)(0,459)(0,449)(5737,449) .STR "What are the costs?" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1658) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9204,0)(9204,5665)(0,5665)(0,318)(9204,318) .STR "Important E-mail messages can be accidentally discarded in a se a of junk" .STR "\nWasted time" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tDeleting junk" .STR "\n\tSetting up and maintaining filters" .STR "\n\tScanning discarded messages looking for false positives" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nWasted bandwidth and disk space" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tEspecially for users on modems" .STR "\n\tViruses and spam attachments can be large" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nAnnoyance, offence, or even fraud" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1891,232) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-1 449> T_PNTS (0,449)(0,0)(6144,0)(6144,581)(0,581)(0,449)(6144,449) .STR "Where can you filter?" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1664) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9267,0)(9267,5627)(0,5627)(0,318)(9267,318) .STR "At the end-user machines" .STR PARA <-500 1000 -500 1 1000 0 1 52> V_SPACE <28 389 0> SIZE 280000 "\n\teach client has full control and customisation" .STR PARA <-500 1500 -500 1 1000 0 3 108> V_SPACE <28 333 0> SIZE 240000 "\n\t\tEspecially good for " .STR "Bayesian" .STR " filtering" .STR PARA <-500 1000 -500 1 1000 0 1 52> V_SPACE <28 389 0> SIZE 280000 "\n\tdistributes the processing cost" .STR PARA <-500 1000 -500 1 1000 0 1 56> "\n\tclient must still download each message even if it's junk" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nOn the ISP's mail server" .STR PARA <-500 1000 -500 1 1000 0 1 52> V_SPACE <28 389 0> SIZE 280000 "\n\teasier for users" .STR "\n\tin some cases mail can be rejected before transmission of t he body" .STR "\n\tsaves disk space on the server" .STR PARA <-500 1000 -500 1 1000 0 1 56> "\n\thard to make flexible for users to configure or for them to browse rejected mail" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (893,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-46 439> T_PNTS (0,439)(0,0)(8193,0)(8193,571)(0,571)(0,439)(8193,439) .STR "Legal problems with filtering" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (66,1653) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <13 326> T_PNTS (0,326)(0,0)(9236,0)(9236,5419)(0,5419)(0,326)(9236,326) .STR "Some customers may be upset that you are making value judgement s on their mail, or looking in the contents" .STR "\nSo make sure your contract with the customer allows you to do this" .STR "\nOr allow individual customers to opt-in or opt-out of filteri ng" .STR "\nFiltering is never 100% correct so make sure you're not liabl e for cases where filters make the wrong decision" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1549,235) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <1 439> T_PNTS (0,439)(0,0)(6846,0)(6846,1182)(0,1182)(0,439)(6846,439) .STR "Ways to identify spam:\n1. By source IP address" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (61,1654) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9247,0)(9247,5629)(0,5629)(0,318)(9247,318) .STR "As soon as the sender connects, you know their IP address, whic h can't be forged" .STR "\nYou can check their IP address against 'blacklists' in real t ime" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tBlacklists of IP ranges assigned to known spammers" .STR "\n\tBlacklists of IP addresses of open relays / open proxies" .STR "\n\tBlacklists of IP addresses which have been seen sending spa m recently" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nRealtime Blocking Lists (RBLs) are queried via the DNS" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (2008,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <1 439> T_PNTS (0,439)(0,0)(5929,0)(5929,571)(0,571)(0,439)(5929,439) .STR "Advantages of RBLs" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1659) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9060,0)(9060,3197)(0,3197)(0,323)(9060,323) .STR "Easy to configure" .STR "\nDNS lookups are relatively quick and cheap" .STR "\nIt's somebody else's job to maintain the lists" .STR "\nMail is rejected before the body has been sent, saving bandwi dth" .TXT AT (250,4998) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 292 0> SIZE 210000 L_SPACE 292 MARGINS <146 146 292 73> TXTXYOFF <0 0> PNTS (0,0)(9250,0)(9250,2000)(0,2000)(0,0) H_SPACE 0 .STR L_SPACE 250 MARGINS <125 125 250 62> "EHLO whitehouse.gov\n250 OK Hello whitehouse.gov [192.0.2.1]\nM AIL FROM:\n250 OK\nRCPT TO:\n550 rejected because 192.0.2.1 is in a black list at sbl.spamhaus.org" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> THICKNESS 1 PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1629,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 439> T_PNTS (0,439)(0,0)(6729,0)(6729,571)(0,571)(0,439)(6729,439) H_SPACE 9788 .STR "Disadvantages of RBLs" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1659) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(8738,0)(8738,2420)(0,2420)(0,323)(8738,323) .STR "RBLs are always under legal threats from spammers; they come an d go" .STR "\nWon't catch all spam" .STR "\nNot effective against viruses or joe-jobs" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (206,232) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-24 449> T_PNTS (0,449)(0,0)(9554,0)(9554,581)(0,581)(0,449)(9554,449) .STR "Choosing which blacklists to use" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (66,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <13 323> T_PNTS (0,323)(0,0)(9244,0)(9244,5632)(0,5632)(0,323)(9244,323) .STR "Many are free, some are not" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\te.g. mail-abuse.org" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nSome are not good" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tPolicies are too draconian; you end up losing connectivity to people you want" .STR "\n\tSomeone else's policy may not be good for you (e.g. a list which blocks all Nigerian address space is not useful for an Afr ican ISP)" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nTry these:" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\nsbl.spamhaus.org (known spammers)" .STR "\n\trelays.ordb.org (open relays)" .STR "\n\tbl.spamcop.net (dynamic spam sources)" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (640,228) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-26 449> T_PNTS (0,449)(0,0)(8659,0)(8659,581)(0,581)(0,449)(8659,449) .STR "Configuring blacklists in Exim" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1659) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9154,0)(9154,866)(0,866)(0,323)(9154,323) .STR "Easy: uncomment two lines in the configure file and customise t o your chosen lists" .TXT AT (250,3250) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> TXTXYOFF <0 0> PNTS (0,0)(9500,0)(9500,999)(0,999)(0,0) H_SPACE 0 .STR "deny message = rejected because $sender_host_address is i n a black list \\\n at $dnsli st_domain\\n$dnslist_text \n dnslists = sbl.spam haus.org : relays.ordb.org : bl.spamcop.net \n" .TXT AT (94,4898) RECOLOR ON BACKFILL <20 20 0 0 0 0 0> THICKNESS 1 PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 L_SPACE 444 MARGINS <0 0 0 0> TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9244,0)(9244,1748)(0,1748)(0,323)(9244,323) H_SPACE 9788 .STR "If your users are in a database, it's possible with some config uration work to use different dnslists for each user (opt-in, op t-out, choice of policies)" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (406,244) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-4 437> T_PNTS (0,437)(0,0)(9114,0)(9114,569)(0,569)(0,437)(9114,437) .STR "Testing blacklists with exim -bh" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (76,1663) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <13 326> T_PNTS (0,326)(0,0)(9201,0)(9201,2089)(0,2089)(0,326)(9201,326) .STR "exim -bh x.x.x.x sets up a pretend SMTP session as if it were f rom address x.x.x.x" .STR "\nMany lists have test IP addresses which will definitely rejec t - e.g. 127.0.0.2" .TXT AT (0,4001) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 292 0> SIZE 210000 L_SPACE 292 MARGINS <146 146 292 73> TXTXYOFF <0 0> PNTS (0,0)(10000,0)(10000,3750)(0,3750)(0,0) H_SPACE 0 .STR L_SPACE 250 MARGINS <125 125 250 62> "#" .STR BOLD ON L_SPACE 292 MARGINS <146 146 292 73> " /usr/exim/bin/exim -bh 127.0.0.2 \n " .STR BOLD OFF "\n**** SMTP testing session as if from host 127.0.0.2 \n**** Th is is not for real! \n220 noc.t1.ws.afnog.org ESMTP Exim 4.34 We d, 19 May 2004 10:26:40\n" .STR BOLD ON "mail from" .STR ":<> " .STR BOLD OFF "\n250 OK \n" .STR BOLD ON "rcpt to: " .STR BOLD OFF "\n550-rejected because 127.0.0.2 is in a black list at sbl.spam haus.org \n550 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL23 3 \n" .STR BOLD ON "quit" .STR BOLD OFF "\n221 noc.t1.ws.afnog.org closing connection" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> THICKNESS 1 PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1669,238) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-1 439> T_PNTS (0,439)(0,0)(6567,0)(6567,1182)(0,1182)(0,439)(6567,439) H_SPACE 9788 .STR "Ways to identify spam:\n2. By content" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (74,1663) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9161,0)(9161,3746)(0,3746)(0,323)(9161,323) .STR "Look for phrases which typically occur in spam" .STR "\nGood systems also look for phrases which typically " .STR ITALICS ON "don't" .STR ITALICS OFF " occur in spam to reduce false positives" .STR "\nThe balance between these two indicates whether it's spam (an d how sure we are)" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (500,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <0 439> T_PNTS (0,439)(0,0)(8916,0)(8916,571)(0,571)(0,439)(8916,439) .STR "Advantages of content filtering" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (66,1653) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <13 326> T_PNTS (0,326)(0,0)(9146,0)(9146,2862)(0,2862)(0,326)(9146,326) .STR "Spammers are sad and predictable" .STR "\nIf you paid a human to delete spam, they could recognise it e asily" .STR "\nDoesn't matter where it came from: spam is spam" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1329,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-129 439> T_PNTS (0,439)(0,0)(7525,0)(7525,1182)(0,1182)(0,439)(7525,439) .STR "Disadvantages of content filtering" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (58,1643) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9287,0)(9287,5552)(0,5552)(0,326)(9287,326) .STR "\nSpammers use every trick in the book to disguise their wares" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tMIME base64 encoding, " .STR "HTML mails, breaking up words with invisible tags in between .. . etc" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nIt's an arms race: as filters match particular patterns, spam mers change their behaviour" .STR "\nComputationally expensive" .STR "\nLiable to false positives" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tUnless rules are customised for each user, but then it's mo re difficult to build a good server-side solution" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1491,232) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-26 449> T_PNTS (0,449)(0,0)(6968,0)(6968,581)(0,581)(0,449)(6968,449) .STR "Content filtering in Exim" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1659) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9252,0)(9252,5247)(0,5247)(0,323)(9252,323) .STR "Apply the exiscan-acl patch " .STR ITALICS ON "before" .STR ITALICS OFF " building exim" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\thttp://duncanthrax.net/exiscan-acl/" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nInstall spamassassin and run spamd" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\thttp://www.spamassassin.org/" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nSet up an ACL to check the " .STR ITALICS ON "body" .STR ITALICS OFF " of the mail and either reject or add a warning header" .STR "\nU" .STR "pdate spamassassin rules regularly" .STR "\nNot trivial to implement" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (2488,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 439> T_PNTS (0,439)(0,0)(4986,0)(4986,571)(0,571)(0,439)(4986,439) .STR "Bayesian" .STR " filtering" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1650) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9166,0)(9166,5060)(0,5060)(0,326)(9166,326) .STR "Given a sample of messages which are known to be \"spam\" or \" not spam\", builds a map of which words occur more often in one than the other" .STR "\nThe \"not spam\" profile is different for everyone, and there fore much harder for spammers to guess" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tIt's why many spams contain random words" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nFilter is very effective, but needs ongoing \"training\" for mails which slip through" .TXT AT (1487,6988) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 333 0> SIZE 240000 L_SPACE 333 TXTXYOFF <-14 245> T_PNTS (0,245)(0,0)(6841,0)(6841,317)(0,317)(0,245)(6841,245) H_SPACE 0 .STR L_SPACE 250 "See " .STR BOLD ON L_SPACE 333 "http://www.paulgraham.com/spam.html" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> THICKNESS 1 PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 BOLD OFF L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1669,238) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-1 439> T_PNTS (0,439)(0,0)(6567,0)(6567,1065)(0,1065)(0,439)(6567,439) H_SPACE 9788 .STR "Ways to identify spam:\n3. Whitelists" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9287,0)(9287,3219)(0,3219)(0,326)(9287,326) .STR "Only accept mail from people we already know " .STR "\nActually, spammers could forge messages which appear to be fr om people we know" .STR "\nBut for now, they don't seem to be collecting information on who we associate with" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (512,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-131 439> T_PNTS (0,439)(0,0)(9148,0)(9148,1061)(0,1061)(0,439)(9148,439) .STR "Receiving mail from people not on our whitelist" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1653) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9272,0)(9272,4901)(0,4901)(0,323)(9272,323) .STR "By password: e.g. if they include a magic word in the Subject: header" .STR "\nBy content filtering: e.g. if they pass spamassassin with a v ery low spam score" .STR "\nChallenge-response systems put the mail in a hold queue and s end back a message" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tIf the person responds, they are assumed to be OK and are w hitelisted." .STR "\n\tOne day soon, spammers will build robots to do this :-(" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1416,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <1 439> T_PNTS (0,439)(0,0)(7111,0)(7111,571)(0,571)(0,439)(7111,439) .STR "Advantages of whitelists" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(8907,0)(8907,2534)(0,2534)(0,326)(8907,326) .STR "Currently very effective at blocking spam and viruses" .STR "\nOnce we have established communication with someone, the prob ability of a future false positive is very low" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1042,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 439> T_PNTS (0,439)(0,0)(7912,0)(7912,571)(0,571)(0,439)(7912,439) .STR "Disadvantages of whitelists" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1653) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9078,0)(9078,5348)(0,5348)(0,323)(9078,323) .STR "Makes it difficult or annoying for people we don't know to cont act us for the first time" .STR "\nOn a server-side solution, each user needs a separate whiteli st and a way to edit it" .STR "\nAutomatically w" .STR "hitelisting people we sent mail TO is tricky if done server-sid e" .STR "\nChallenge-response systems are difficult to deploy in a scala ble way" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\thttp://www.tmda.net/" .STR "\n\thttp://www.paganini.net/ask/" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1042,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-129 439> T_PNTS (0,439)(0,0)(8100,0)(8100,1177)(0,1177)(0,439)(8100,439) .STR "Disadvantages of whitelists (cont.)" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1650) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9302,0)(9302,5663)(0,5663)(0,326)(9302,326) .STR "If filtering at the MAIL FROM stage, beware that for many peopl e the envelope sender is different to the From: address they put in their headers" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tMAIL FROM could even be different for every message they se nd (VERP: Variable Envelope Return Path)" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nChallenge-response systems can interact badly with mailing li sts" .STR "\nBig risk of losing legitimate bounces" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tBounces are an important part of the integrity of E-mail" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1115,235) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 439> T_PNTS (0,439)(0,0)(7726,0)(7726,571)(0,571)(0,439)(7726,439) .STR "BAD ways to identify spam" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1650) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9254,0)(9254,5864)(0,5864)(0,326)(9254,326) .STR "Checking the domain of MAIL FROM:<...> or doing a callback to c heck the whole address" .STR "\nComparing the domain in MAIL FROM to the IP address the messa ge came from (SPF)" .STR "\nChecking whether the message is correctly formatted according to RFC rules, etc" .STR "\nThese rules might catch some spam, today (until the spammers adapt). But there are also plenty of badly-configured systems be longing to non-spammers. You WILL lose mail that you wanted to r eceive." END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (2330,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-39 439> T_PNTS (0,439)(0,0)(5316,0)(5316,571)(0,571)(0,439)(5316,439) .STR "Identifying viruses" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (64,1658) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(8610,0)(8610,4481)(0,4481)(0,318)(8610,318) .STR "Recent volume has increased massively" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tUsers happily open and run attachments on mails from strang ers!" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nLike spam, current viruses have forged envelope sender and he aders" .STR "\nNaive implementation might block all attachments with executa ble extensions" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tBlocks too many legitimate uses of E-mail" .STR "\n\tSome viruses come in .zip files now" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1874,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-39 439> T_PNTS (0,439)(0,0)(6209,0)(6209,571)(0,571)(0,439)(6209,439) .STR "Identifying viruses (2)" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (74,1663) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9079,0)(9079,5362)(0,5362)(0,323)(9079,323) .STR "The only sure-fire way is content filtering: matching attachmen ts against \"signatures\" (patterns) of known viruses" .STR "\nMany solutions are commercial, expensive, cost increases with number of users" .STR "\nSome are free, e.g. clamav" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\thttp://clamav.sourceforge.net/" .STR "\n\tCall it from exim using exiscan-acl (see before)" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nNew viruses are written all the time, signatures need updatin g very frequently" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (3513,244) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-64 437> T_PNTS (0,437)(0,0)(2943,0)(2943,569)(0,569)(0,437)(2943,437) .STR "\"Joe-jobs\"" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1664) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(8346,0)(8346,861)(0,861)(0,318)(8346,318) .STR "A spammer or virus sends out mail with forged envelope sender" .TXT AT (46,4001) RECOLOR ON T_PNTS (0,318)(0,0)(9184,0)(9184,2970)(0,2970)(0,318)(9184,318) .STR "The message is accepted by some intermediate mailer, and later bounces (e.g. non-existent recipient, user over quota, virus det ected)\nThe bounce goes to who had nothing to do with it" .TXT AT (32,2748) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 333 0> SIZE 240000 L_SPACE 333 MARGINS <166 166 333 83> TXTXYOFF <0 0> PNTS (0,0)(10000,0)(10000,1001)(0,1001)(0,0) H_SPACE 0 .STR L_SPACE 250 MARGINS <125 125 250 62> "MAIL FROM:\nRCPT TO:" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> THICKNESS 1 PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (364,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-129 439> T_PNTS (0,439)(0,0)(9450,0)(9450,1061)(0,1061)(0,439)(9450,439) H_SPACE 9788 .STR "Difficulties with blocking joe-job bounces" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1664) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9275,0)(9275,5763)(0,5763)(0,318)(9275,318) .STR "All bounces have empty envelope sender, MAIL FROM:<>" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tNot any use for filtering" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nJoe-job bounces are genuine MTA bounces - just not to message s that " .STR ITALICS ON "we" .STR ITALICS OFF " sent" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tcontent filtering to identify a bounce doesn't help" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nDiscarding all bounces is definitely not an option" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tMany users mistype E-mail address" .STR "\n\tOften mailboxes are down or over-quota" .STR "\n\tThe bounce is the only way the user knows that something ba d happened" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (553,244) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-86 437> T_PNTS (0,437)(0,0)(9022,0)(9022,1180)(0,1180)(0,437)(9022,437) .STR "We need to associate bounces with messages " .STR ITALICS ON "we" .STR ITALICS OFF " sent" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (74,1663) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 323> T_PNTS (0,323)(0,0)(9161,0)(9161,4191)(0,4191)(0,323)(9161,323) .STR "Unfortunately, bounce messages are not standardised in a way wh ich allows this" .STR "\nThe only thing we can rely on is that the bounce goes to the MAIL FROM address" .STR "\nSo, one solution is to rewrite the MAIL FROM address to a sec ret value which changes every day or so: known as Variable Envel ope Return Path (VERP)" .TXT AT (1,6248) RECOLOR ON BACKFILL <20 20 5 1000 0 0 0> THICKNESS 0 PARA <0 0 0 0 1000 34 0 111> V_SPACE <0 333 0> SIZE 240000 L_SPACE 333 MARGINS <166 166 333 83> TXTXYOFF <0 0> PNTS (0,0)(10000,0)(10000,1001)(0,1001)(0,0) H_SPACE 0 .STR L_SPACE 250 MARGINS <125 125 250 62> "MAIL FROM: "=ac7933dc" .STR BOLD OFF "@example.com>" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> THICKNESS 1 PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1971,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <0 439> T_PNTS (0,439)(0,0)(5992,0)(5992,571)(0,571)(0,439)(5992,439) H_SPACE 9788 .STR "Advantages of VERP" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9259,0)(9259,5715)(0,5715)(0,326)(9259,326) .STR "Good bounces are kept, bad bounces discarded" .STR "\nA cryptographic \"cookie\" is very difficult for spammers to guess" .STR "\nHard for spammers to collect envelope senders" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tThey might appear in Return-Path: headers on mailing list a rchives" .STR "\n\tIf widely adopted, mailing lists will strip this header" .STR "\n\tEven if they do collect them, valid for a few days only" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1599,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 439> T_PNTS (0,439)(0,0)(6792,0)(6792,571)(0,571)(0,439)(6792,439) .STR "Disadvantages of VERP" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9252,0)(9252,5718)(0,5718)(0,326)(9252,326) .STR "Could interact badly with mailing lists and other people's whit elists (if they look at MAIL FROM rather than the From: header)" .STR "\nInteroperability problems could be minimised if there was an agreed standard for the address format, but there isn't" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tOne is called \"SRS\" (Sender Rewriting Scheme) but there a re others" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nMust force your users to send outgoing mail through " .STR ITALICS ON "your" .STR ITALICS OFF " mailserver" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tOtherwise the cookie won't be added and they will lose boun ces" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1143,242) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 439> T_PNTS (0,439)(0,0)(7691,0)(7691,571)(0,571)(0,439)(7691,439) .STR "Disadvantages of VERP (2)" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1656) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 326> T_PNTS (0,326)(0,0)(9058,0)(9058,2529)(0,2529)(0,326)(9058,326) .STR "\nGenerates long left-hand sides on E-mail addresses; RFC2821 o nly requires mail servers to accept up to 64 characters" .STR "\nDoesn't stop any spam, except spam sent with a null envelope sender MAIL FROM:<>" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (891,232) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-44 449> T_PNTS (0,449)(0,0)(8212,0)(8212,579)(0,579)(0,449)(8212,449) .STR "Exim implementation of SRS" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (76,1663) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <13 326> T_PNTS (0,326)(0,0)(9287,0)(9287,4388)(0,4388)(0,326)(9287,326) .STR "http://www.infradead.org/rpr.html \n" .STR "Requires a \"shared secret\" on all your mail servers" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tOn the outgoing servers: to add a valid cookie" .STR "\n\tOn the incoming servers: to check the cookie for bounces, a nd discard bounces which do not have a valid cookie" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nStay out of heated discussions on related issues like SPF!" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (352,240) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-43 437> T_PNTS (0,437)(0,0)(9286,0)(9286,569)(0,569)(0,437)(9286,437) .STR "Minimising the joe-jobs we relay" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1664) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9272,0)(9272,5491)(0,5491)(0,318)(9272,318) .STR "We don't want to accept a mail and then bounce it later; that m eans we're sending the joe-job to some unfortunate victim" .STR "\nWe prefer to reject messages at the RCPT TO or DATA stage of the SMTP session - it is then the sender's job to bounce, not ou rs" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tExim: reject in the ACL" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nFor content filtering we have to reject at DATA, but if the m ail has multiple recipients, that bounces it for " .STR ITALICS ON "all" .STR ITALICS OFF " of them (makes separate opt-in/opt-out difficult)" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (515,237) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <61 437> T_PNTS (0,437)(0,0)(8952,0)(8952,1180)(0,1180)(0,437)(8952,437) .STR "We could just accept the message and discard it silently" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (43,1633) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <13 323> T_PNTS (0,323)(0,0)(8944,0)(8944,5378)(0,5378)(0,323)(8944,323) .STR "If a message is rejected because it's spam or a virus, don't se nd a bounce" .STR "\nRisky strategy for false positives: if a rejected mail is act ually good, then neither the sender nor the recipient will have any notification that delivery did not occur" .STR "\nWhich is worse: lots of joe-job bounces or occasional false p ositives?" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tjoe-jobs annoy random third-parties, but false positives af fect our own customers and the people they communicate with" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (554,244) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-82 437> T_PNTS (0,437)(0,0)(9023,0)(9023,1180)(0,1180)(0,437)(9023,437) .STR "All those options: what should you do?" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (74,1668) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9201,0)(9201,5348)(0,5348)(0,318)(9201,318) .STR "Implement RBLs" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tsurprisingly effective" .STR "\n\tvery easy to do" .STR "\n\tlow maintenance" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nConsider implementing content filtering or virus scanning for a small proportion of your userbase" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\t\"Premium\" users - pay extra?" .STR "\n\tThese services are expensive to scale and to manage" .STR "\n\tFor low spam scores, consider \"tagging\" the mail as spam instead of discarding it" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1440,232) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-1 449> T_PNTS (0,449)(0,0)(7053,0)(7053,581)(0,581)(0,449)(7053,449) .STR "What should you do? (2)" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (74,1668) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(8953,0)(8953,2459)(0,2459)(0,318)(8953,318) .STR "Advise your customers to install client-side spam filters too" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\t" .STR "Bayesian" .STR " filtering and whitelists are best handled here" .STR "\n\tFind ones which best suit the software which your customers tend to use" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES SLIDE_INFO SLIDE_STYLE <0 -1 1> LAYOUT_ID <1 2 12 12 12> END SLIDE_INFO PICTURE .TMP AT (105,85) RECOLOR ON TEMPLATE_FLAGS <1 0 0 0> T_POS <105 85 9892 1504> .TXT AT (1844,228) RECOLOR ON TEMPLATED ON BACKFILL <7 7 0 0 0 0 0> V_SPACE <0 611 0> SIZE 440000 BOLD ON HOR_JUST CENTER L_SPACE 611 MARGINS <0 0 0 0> TXTXYOFF <-26 449> T_PNTS (0,449)(0,0)(6255,0)(6255,581)(0,581)(0,449)(6255,449) .STR "Consider outsourcing" .TMP AT (105,1562) RECOLOR ON TEMPLATE_FLAGS <2 3 0 0> T_POS <105 1562 9892 7370> .TXT AT (71,1664) RECOLOR ON TEMPLATED ON BACKFILL <20 20 0 0 0 0 0> PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 BOLD OFF HOR_JUST LEFT L_SPACE 444 TXTXYOFF <11 318> T_PNTS (0,318)(0,0)(9129,0)(9129,5385)(0,5385)(0,318)(9129,318) .STR "There are companies which will handle the whole thing for you" .STR PARA <-500 1000 -500 1 1000 0 3 108> V_SPACE <28 389 0> SIZE 280000 "\n\tExample: www.messagelabs.co.uk" .STR PARA <-500 500 -500 1 1000 0 3 108> V_SPACE <333 444 0> SIZE 320000 "\nPoint your MX records at their servers; they filter for spam and viruses, and forward the cleaned mail to your servers" .STR "\nNo investment in hardware, software, ongoing management and m aintenance" .STR "\nMaybe more cost-effective for smaller organisations" END PICTURE NOTES .GRP BACKFILL <34 2 5 1000 0 0 0> PARA <0 0 0 0 1000 1 0 111> V_SPACE <0 250 0> SIZE 180000 L_SPACE 250 MARGINS <125 125 250 62> .TMP AT (250,250) RECOLOR ON TEMPLATE_FLAGS <5 14 0 0> T_POS <250 250 7249 4875> .VOID .TMP AT (250,5125) RECOLOR ON TEMPLATE_FLAGS <6 15 0 0> T_POS <250 5125 7249 9749> .VOID END .GRP END NOTES *END GRAPHICS