Email Security

1
Email Security

• Using What You Already Have

2
How to make email safer? Using the resources you
already have

• Critical Path Project Internet Services McAfee
  Secure Content Management Appliance (SCM 3300)
• Spam Scoring
• Using Spam Scoring for
• Web-Based Email Filtering
• Microsoft Outlook Rules
• Your Brains!

3
SCM 3300 Spam Scoring

• SCM 3300 is a device created by McAfee, a company
  that also makes Anti-Virus software.
• SCM 3300 looks at every email and applies a
  series of rules to the email.
• These rules give each email a score.

4
SCM 3300 Spam Scoring

• From American Life Direct com
• Subject possible spam World's Fastest Life
  Insurance Policy - No Medical Exams
• To pierce_at_CritPath.Org
• Date Wed, 29 Sep 2004 123512 EST
• X-NAI-Spam-Score 17.9
• X-NAI-Spam-Level
• X-NAI-Spam-Report 12 Rules triggered
• 4.8 -- NAI_BAD_URI -- URI NAI_BAD_URI
• 4.1 -- BAYES_99 -- BODY Bayesian spam
  probability is 99 to 100 scor
• 3.7 -- SUBJ_LIFE_INSURANCE -- Subject
  includes life insurance
• 2.7 -- HTML_40_50 -- BODY Message is 40
  to 50 HTML
• 2.6 -- HTTP_WITH_EMAIL_IN_URL -- URI
  remove' URL contains an email ad
• -1.5 -- CLICK_BELOW -- Asks you to click
  below
• 1.1 -- HTML_MIME_NO_HTML_TAG -- "HTML-only
  message, but there is no HT
• 1.1 -- MIME_HTML_ONLY -- BODY Message only
  has text/html MIME parts
• -1.0 -- HTML_LINK_CLICK_HERE -- BODY HTML
  link text says click here
• 0.3 -- HTML_FONT_INVISIBLE -- BODY HTML
  font color is same as backgro
• 0.1 -- HTML_MESSAGE -- BODY HTML included
  in message
• -0.0 -- HTML_WEB_BUGS -- BODY Image tag
  intended to identify you

Rules
5
SCM3300 Spam Scoring

• From American Life Direct com
• Subject possible spam World's Fastest Life
  Insurance Policy - No Medical Exams
• To pierce_at_CritPath.Org
• Date Wed, 29 Sep 2004 123512 EST
• X-NAI-Spam-Score 17.9
• X-NAI-Spam-Level
• X-NAI-Spam-Report 12 Rules triggered
• 4.8 -- NAI_BAD_URI -- URI NAI_BAD_URI
• 4.1 -- BAYES_99 -- BODY Bayesian spam
  probability is 99 to 100 scor
• 3.7 -- SUBJ_LIFE_INSURANCE -- Subject
  includes life insurance
• 2.7 -- HTML_40_50 -- BODY Message is 40
  to 50 HTML
• 2.6 -- HTTP_WITH_EMAIL_IN_URL -- URI
  remove' URL contains an email ad
• -1.5 -- CLICK_BELOW -- Asks you to click
  below
• 1.1 -- HTML_MIME_NO_HTML_TAG -- "HTML-only
  message, but there is no HT
• 1.1 -- MIME_HTML_ONLY -- BODY Message only
  has text/html MIME parts
• -1.0 -- HTML_LINK_CLICK_HERE -- BODY HTML
  link text says click here
• 0.3 -- HTML_FONT_INVISIBLE -- BODY HTML
  font color is same as backgro
• 0.1 -- HTML_MESSAGE -- BODY HTML included
  in message
• -0.0 -- HTML_WEB_BUGS -- BODY Image tag
  intended to identify you

Spam Score
6
SCM 3300 Spam Scoring

• If enough rules are broken the email gets the
  phrase possible spam added to the Subject line

7
SCM 3300 Spam Scoring

• From American Life Direct com
• Subject possible spam World's Fastest Life
  Insurance Policy - No Medical Exams
• To pierce_at_CritPath.Org
• Date Wed, 29 Sep 2004 123512 EST
• X-NAI-Spam-Score 17.9
• X-NAI-Spam-Level
• X-NAI-Spam-Report 12 Rules triggered
• 4.8 -- NAI_BAD_URI -- URI NAI_BAD_URI
• 4.1 -- BAYES_99 -- BODY Bayesian spam
  probability is 99 to 100 scor
• 3.7 -- SUBJ_LIFE_INSURANCE -- Subject
  includes life insurance
• 2.7 -- HTML_40_50 -- BODY Message is 40
  to 50 HTML
• 2.6 -- HTTP_WITH_EMAIL_IN_URL -- URI
  remove' URL contains an email ad
• -1.5 -- CLICK_BELOW -- Asks you to click
  below
• 1.1 -- HTML_MIME_NO_HTML_TAG -- "HTML-only
  message, but there is no HT
• 1.1 -- MIME_HTML_ONLY -- BODY Message only
  has text/html MIME parts
• -1.0 -- HTML_LINK_CLICK_HERE -- BODY HTML
  link text says click here
• 0.3 -- HTML_FONT_INVISIBLE -- BODY HTML
  font color is same as backgro
• 0.1 -- HTML_MESSAGE -- BODY HTML included
  in message
• -0.0 -- HTML_WEB_BUGS -- BODY Image tag
  intended to identify you

8
Critical Path Project Internet Services
Web-Based Email

• Filtering on Spam Score

9
Select Options from the Menu
10
Select Filters from Mail Management
11
You have to choose Edit your filter rules to
create a new rule.
12
This is the finished filter.
This is how you set up a filtering rule. In this
example we use the phrase possible spam to
delete email you dont want. You can also move
mail to a specific folder.
Once you have entered the new rule click the
Create button.
13
After you set up all your filters you decide when
you want them to run.
14
Microsoft Outlook

• Creating a Rule based on
• Spam Score

15
Under Tools on the menu select Rules Wizard.
16
You can create a new rule that runs when you open
your mail and filters on specific words in the
subject line.
In this example we use the phrase possible
spam to filter out email you dont want.
Once you have entered the new rule click the Add
button.
17
You can choose which folder you want the email to
end up in, here we chose the Deleted Items folder.
18
Using Your Brain

• Other ways you can reduce Spam

19

• Avoid replying to the SPAM sender
• Make use of laws against Spam
• Review Web sites' privacy policies
• Don't list yourself in Internet directories
• Do not forward chain e-mail
• For Personal email addresses
• Alter your e-mail address when you post it
• Don't give out your primary e-mail address
• Don't post your address on your Web page

20
SPAM is more than annoying

• Spam email can carry destructive programs, like
  viruses and worms, that can damage your computer
• Not every spam is caught by the SCM 3300, so
  check your mailbox regularly
• Delete spam every day! Dont let it sit in your
  Deleted Items folder.

21
For More Information

• Microsoft
• http//www.microsoft.com/athome/security/protect/d
  efault.mspx
• Critical Path Project Internet Services
• www.critpath.org/isp
• Critical Path Help Desk
• critpath_at_critpath.org
• 215-985-4851