A spammer’s lot may get tougher in 2010 if one pundit’s email predictions for this year bear fruit.

One prognostication by anti-spam expert Laura Atkins at her “Word to the Wise” blog is that DKIM–Domain Keys Identified Mail–will begin to supplant SPF–Sender Policy Framework–as a method for authenticating the senders of email.

Both methods were developed to counter “source address spoofing,” where spammers make their payloads look like they originated from a legitimate email source. SPF allows an email administrator to designate the Internet hosts that can claim emails originated at a certain domain. DKIM takes a tougher approach. It adds a cryptographic signature to outbound mail that can be verified at the message’s destination.

“I think we’re on the cusp of critical mass and signing will become less of a bonus and more of a given,” Atkins writes. “Right now, it seems that senders who are signing with DKIM are seeing a bit of a reputation bump just because they’re signing. I expect this positive effect will wane, but for now anyone who is signing seems to be seeing improved delivery.”

The use of domain-based reputation as a means of verifying email veracity will also be on the rise in the coming year, according to the spamfighter. Despite its rising popularity, though, it won’t totally replace IP-based reputation as a verification vehicle. “A few people have predicted that domain reputation will replace IP reputation, and they’re wrong,” Atkins declares. “Domain-based reputation will augment but not replace IP-based reputation.”

She added that a fertile clientele for domain-based reputation technology will be smaller email marketers who share IP addresses with others. “Small senders often have to share IP addresses with other senders and domain-based reputation will allow them to establish their own reputation separately from the reputation of other senders using the same IP,” she explains.

Another augury that could spank spammers is the increased use of engagement filtering by ISPs. Two mainstays of spamfighting used by ISPs have been complaints and email bounce rates. Online Web mail providers have long included a spam button in their interfaces to allow users to quickly complain when they receive a message that they believe to be spam. By the same token, if a message is sent to a suspicious number of invalid email addresses and is bounced, an email provider will leverage that information to block future messages with similar characteristics. However, measures like complaints and bounce rates can be “gamed”–manipulated by spammers to fool ISPs into thinking that junk mail is actually desired mail. Continue reading Email predictions could be bad news for spammers»

I came across an article today written last week that proclaimed “We won the war on spam”.  The general thrust of the article is that “despite continued hysteria, unwanted e-mail is largely a thing of the past”.

This is an interesting point of view which I happen to disagree with, but in thinking further I realize that this is mostly a matter of perspective – business vs personal, or big vs small.

The writer, Mark Gimein, approaches the matter from his own personal experience.  Mark has a slightly more complex email setup than the average person – a series of email addresses for various purposes all forwarding into a Gmail account.  In Mark’s experience spam has all but vanished from his inbox, although a few false negatives remain.

I’m not disputing Mark’s account, I don’t see very much spam slip through the filters into my inbox either, but the war on spam is most definitely not won.  Mark hints at what I’m about to say with this paragraph in his article:

Stopping spam does take effort—without a doubt Yahoo and Google devote resources to it. But that’s just part of their business, no different from all the other things they need to do to keep their e-mail systems running. What matters is that from the point of view of users like me, what’s going on under the hood to keep junk out and legitimate messages in needn’t concern us.

For an email user in a business what goes on under the hood shouldn’t concern them, but it most certainly concerns the business.  Businesses spend thousands of dollars each year on protecting their email systems from spam and malware.  This is not a trivial expense and in itself stands as solid proof that the war on spam is far from over. Continue reading We Have Not Won The War On Spam»

Every day, millions of people receive dozens of unsolicited commercial emails, known popularly as “spam.” Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch email addresses. This leads many email users to submit helpdesk requests to email administrators with the question “How did these people get my email address?”.

The Center for Democracy & Technology (CDT) embarked on a project to attempt to determine the source of spam. They set up hundreds of different email addresses.  Then the CDT waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most email users that many of the addresses the CDT created for this study attracted spam.  What is very interesting is the different ways the email addresses attracted spam. There were also the different volumes, depending on where the email addresses were used.

Continue reading How do email addresses end up on spam lists?»

One of the main issues with the original development of email is that it was never designed to be secure. The focus of email was mainly to be functional and easy to use. Today these core functions, which made the invention of email successful, are now the root cause of the problem.   Spammers can send millions of messages for a minimal cost.  At the same time spammers can hide or falsify their identity information. For this reason the prohibition to send commercial electronic messages disguising or concealing identity information is included in all the anti spam legislative instruments currently implemented.

Continue reading Continuing Spam Legislation»

As every experienced network administrator knows, standardization lowers the total cost of ownership. Creating standards lowers helpdesk support calls and facilitates easier maintenance. Companies establish standards for everyone using the same software and hardware. Server hardware configurations are standard for every new application implementation. Each server uses the same hard drive configuration, same memory chips and all software service packs are all the same version. So issues encountered with any server around the world can be easily resolved. Continue reading Vanity Be Thy Email Name»

Consider your email infrastructure as a position which must deflect daily spammer assaults. As a tactical network commander, you must consider 3 fronts:

1. Insuring an email server only focuses its resources on SMTP related transactions. Under the guise of saving money, it’s a mistake to load add-in spam software. Placing this server on the inside of the fire wall greatly improves performance. Although MS Exchange and Lotus Domino software comes with some spam fighting tools, their strong functional purpose is being in the email routing business. So the email server should be configured solely to perform I/O housekeeping processes related to email send and receive. This keeps the end user complaint noise down to a whisper. Continue reading Applying Military Tactics to War on Spam»