This is the first book of its kind to document the detailed application of forensic analysis techniques to the field of e-mail security. Both investigative and preventative techniques are described but the focus is on prevention.
The world has been subjected to an increasing wave of spam and more recently, scamming and phishing attacks in the last twenty years. Such attacks now include industrial espionage and government-sponsored spying. The volume and sophistication of such attacks has rendered existing technologies only partially effective leaving the end-user vulnerable and the number of successful attacks is increasing.
The seeds of this book were sown three years ago when the author, a Professor of Forensic Software Engineering, was trying to recover his 20 year-old e-mail address from the clutches of spammers who had rendered it almost unusable with more than 140,000 junk messages a day. It got to the point where he was invited by his ISP to either change it or take it elsewhere. Instead he decided to find out how to prevent the deluge, acquired his own servers and began researching.
The book is a mixture of analysis, experiment and implementation in almost equal proportions with detailed description of the defence in depth necessary to turn the tidal wave of junk aside leaving only what the end user wants to see - no more and no less. It covers: - 1. The rise of e-mail 2. How it all works 3. Scams, spam and other abuse 4. Protection: the principles of filtering 5. Going deeper: setting up a mail server 6. Advanced content filtering 7. The bottom line - how well can we do ? 8. Where is all this going ?
There is something here for everyone. Chapters 1-4 are suitable for the general reader who just wants to understand how spammers and scammers work and find out a little more about the many forms of attack. Chapters 5 and 6 are highly technical and suitable for both e-mail administrators and theoreticians and include a discussion of the latest computational and mathematical techniques for detecting textual patterns. Chapter 7 presents the results of applying the techniques in this book on the several million junk messages the author's servers received over a 10 month period. Chapter 8 tries to see into the future a little to predict how the arms race between the attackers and defenders might go. Finally, those interested in governance will find discussions of the dangers of release of e-mail addresses under Freedom of Information Requests. The book contains many illustrations of attacks and is supported by numerous code examples in Perl and C.
Perfection is impossible, but if you follow the advice in this book, you can build mail systems which provably make no more than 5 mistakes per million messages received, very close to the definitive manufacturing standard of six sigma. The threat from viruses effectively disappears and the e-mail user is secured from toxic content.