Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

Improving Trust, Confidence & Safety

working together to fight the e-mail beast

Craig Spiezle

director strategy & industry relations

Windows Live Platform

Tues Sept 5, 2006 2

Overview – An Evolution

Holistic strategy

Prescriptive guidance and user education, collaboration & technology Evolution of spam and online threats

Technical Solutions

Business & technical value of email authentication via Sender ID Microsoft Phishing Filter - IE 7 (RC1)

Beta Solutions – Windows Live Unsubscribe & Outlook 2007 Postmark Postmaster Services – tools for ISPs & mailers

Resources

3

Microsoft's online safety strategy

Secure platforms, products and services strengthened by safety innovations, user guidance and industry cooperation efforts to help

keep customers safe

Excellence in fundamentals across platforms, products and services Other security-enabling innovation Educational content and tools Authoritative incident response Safety in user experience Ecosystem Awareness and education Collaboration and partnership Public policy and enforcement

4

Evolution Of Email

Compromising Trust, Identity, & Privacy

1978 - First spam from DEC 1982 - First email chain letter 1995 - First “spam ware” Email becoming important Focus is on email only Plain text email Viruses are annoyance Very little Spam Little impact to commerce

70% - 90% of all email is spam More important than phone Integrated email and calendar Rich email and large attachments Viruses disruptive to business Spam peaking as a major concern Phishing a growing concern Increasing dependence

Spam – zero day threats Cornerstone of collaboration Integrated communications Integrated shared workspaces Viruses spreading to devices Spam under control New social engineering exploits Message layer security, addressing regulatory, integrity and privacy requirements

5

Scoping the problem

Email (1)

75% of corporate IP is stored in email 95% of all phishing originated from email 1.1 billions email users worldwide

1.4 billion active email accounts – 2.5 billion by 2010 183 billion emails sent daily

Average corporate user sends/receives about 16.4 MB of data per day. This will rise to over 21.4 MB per day in 2010 Instant Messaging

944 million in 2006 to over 1.4 billion in 2010 Trends

Image based spam up 200% since June, now in 30% of all spam (2)

Malicious threats increased 20% last 30 days (2)

28,571 phishing email campaigns reported in June (3) Source: -- The Radicati Group, Inc., 8/30/06, (2) CipherTrust, (3) APWG

6 E-mail protection Sender ID Framework SmartScreen™ Anti-spam/phishing Browser protection

Microsoft Phishing Filter

Me/my PC

A multi-front battlefield:

7 Outlook Inbox Outlook Junk E-mail Incoming Internet E-mail

Challenge

Hotmail - 4 Billion+ emails per day / 90% spam Complete solution blocks over 95% of all spam Microsoft IT Department over 12 million inbound mails per day

MSIT deployed every anti-spam feature of Exchange Server 2007 (beta)

Connection Filtering

SMTP Filtering

Content Filtering

Impact of Spam at Microsoft

8 Establish

score

Trash

Windows Live Mail

Connections

Inbox

Junk

Inbound

email

Connection filter Partner block and safe-lists

Internal block lists

SmartScreen™ User filters Safe-lists/Sender Score Sender ID User lists

Sender ID Framework

providing senders a drivers license

Improve reliability and confidence of electronic messaging

Detect spoofing and forged mail, prevalent in 95% of phishing e-mails Protect credibility and reputation of corporate brands and domains Help detect “zero” day security threats

10
Inventory completed of sending domains

Publish Sender Policy Framework (SPF) record

in Domain Name System (DNS)

User sends e-mail as normal

Look up sender's SPF record in DNS

Determine "PRA" or "Mail From" check

Compare to legitimate IPs in SPF record

Match  neutral or positive score

No match  neutral or negative score

Reputation added to score

Optional user interface to users

Message transits one to many e-mail servers en route to receiver

Sender ID - How does it work?

11

SIDF Adoption

Highlights

Adoption over 39% of legitimate email SIDF with positive reputation reducing False Positives to 0 & false-negatives by over 85%

3.5MM .com/net/org compliant domains (2)

~4.5MM TLD worldwide

Over a dozen 3rd party solutions

Sources: Microsoft research 9/1/06 / (2) MarkMonitor Report 8/30/06

12

Business value of SIDF

with reputation



Authenticated e-mail via SIDF is providing business value

at no cost or impact to performance

SIDF with reputation improves filtering

Legitimate, SIDF-compliant mail realizes a substantial reduction in false positives

Improves deliverability and resulting open rates

High-volume "good" senders who publish, their false positives rates have effectively dropped to zero!

False negatives on fail (implying spoofing) is ~85% lower than a random sampling of non-SIDF mail

13

Protecting Users

Suspicious Message Unknown Failed Sender ID Lookup 14 Browser protection

Microsoft Phishing Filter IE 7 / Windows Live Tool Bar

Me/my PC

Microsoft Phishing Filter:

Second line of defense

Internet Explorer 7 - Now in RC1 Beta! Windows Live Tool Bar / Vista Customer Benefits & Safeguards Privacy

15

Microsoft Phishing filter

Dynamic protection against fraudulent Web sites

3 "checks" to protect users from phishing

To date blocking nearly 1 million instances of users trying to

access confirmed phishing sites

Compares Web site with local list of known legitimate sites

Scans the site for characteristics common to phishing sites

Double-checks site with online Microsoft service of reported phishing sites dynamically updated

Level 1: Warn

Suspicious Web site signaled

Level 2: Block

Confirmed phishing site signaled and blocked

Two levels of warning and protection in Internet Explorer 7 & Windows Live

16 Does not transmit any identifiable information without user consent. URL information transmitted automatically by the Phishing Filter client cannot be traced back to the user’s personal information.

HTTP and HTTPS URLs automatically transmitted by the Phishing Filter client are limited to the domain and path only. All other data is stripped.

Transmission of any and all URL information is over SSL on the Internet. Third party privacy audit

Jefferson-Wells Audit Firm confirmed these claims.

http://www.jeffersonwells.com/client_audit_reports/main.htm

Link to Privacy Statement

www.microsoft.com/windowsvista/privacy/ieprivacy_pr7.mspx.

Microsoft Phishing Filter in IE7

Ensuring Privacy A Key Goal

17

Microsoft Phishing Filter in IE7

Privacy Opt-In: Internet Explorer 7

First Run Experience

On Demand

18

Microsoft Phishing Filter

Dynamic Protection Against Fraudulent Sites

Two Levels of Warning and Protection

19

Microsoft Phishing Filter

Dynamic Protection Against Fraudulent Sites

Two Levels of Warning and Protection

Level 2: Block Confirmed Phishing Site

Signaled and Blocked

20 Built-in online notification for individuals and Web site owners

Microsoft Phishing Filter:

Prevention of "false positives" a key goal

21

Postmaster Services

http://postmaster.live.com

Unsubscribe beta program

Services to help ISPs and Mailers improve email deliverability and reduce outbound spam

Junk Email Reporting Program (JMR)

Instant feedback on user complaints for list maintenance & daily reporting Smart Network Data Services

At a glance deliverability reports

Measures of outbound traffic and complaints from your IP space Isolate compromised hosts / servers

Sender ID Escalations

22

Windows Live Unsubscribe

Goal to help users & legitimate email marketers Best Practice developed with input from users & marketers How does it work?

List Unsubscribe header (non-URL)

Requires users to previously identified the sender as legitimate, (allow list). Standardized approach as specified in RFC 2369

Does this apply to all mail sent?

Applies to mail previously allowed or in the user’s address book.

23

Junk Mail Reporting

Tailored to large senders remove recipients from their lists. Clean-up distribution lists so that users receive wanted e-mail and senders aren’t negatively affected by complaints.

Senders receive any mail that is reported as junk mail. Info [email protected]

24

Smart Network Data Services (SNDS)

Monitor deliverability and traffic quality of outbound servers

Free reports on your entire IP space

Mail, spam, complaint, virus, and malware data Easy instant access, signup by IP or ASN

Identify compromised hosts / users

25 #1 Authenticate Inbound & Outbound email

Support the Trust Ecosystem

#3 Develop innovative products and services using standards

and best practices

#4 Provide prescriptive advice Business and Consumers

#2 Business, Industry, Governmental, and Collaboration

Call To Action

Maximize trust and confidence

26

Summary

Insure your outbound email is Sender ID compliant

www.microsoft.com/senderid or email [email protected]

Deploy IE 7 RC1 - Today – test your site and pages

More Information