IPkey.com
information security
monitoring & management
Information Security Bulletin
January 2003
Feature Story:
Spam
You've got
mail,
and more mail,
and even more mail...
It's getting ugly out there.
Everyone is talking about how much more junk email (Spam) they are now
getting. Some of this material is extremely offensive, and many of you
are missing important email because it's getting buried in so much Spam.
I personally had over 1,000 junk emails filtered from my
inbox during one week. That doesn't include those that made it through the
filters which I deleted manually.
Email me and tell me how many you're getting and I'll publish the results next month.
Another less-known problem with Spam is that it's become a popular vehicle for transporting viruses and other malicious code such as spyware and adware. Read more about this in next month's issue of ISB.
While there is consensus that Spam is getting out of hand, a fierce debate rages over what to do about it. I know some of you change your email address every few months, but for organizations with registered domain names, that's not a realistic option.
Those who don't host their own email servers are looking to their ISPs for help. Many ISPs have been using 'blacklists.' These are compilations of email addresses and domains that spammers have used to send bulk email. The ISP's email servers then refuse to accept ANY email from these senders. While this sounds like a great idea, it has caused controversy because some legitimate email has been filtered out. This happens because spammers frequently impersonate legitimate domains and IP addresses.
In the Spam filtering world, a legitimate email that's blocked is called a 'false positive'. Conversely, real spam that makes it through the filters are called 'false negatives.' There is no filtering ->
Welcome
to the
Information Security Bulletin, your local source for the latest information you can use to protect your organization's critical
information and
network services.
Marcus Clarke
Our Top 10
Threats
to your data
1. Viruses
2. Hardware Failures
3. Link failures
4. Spyware & Adware
5. OS Vulnerabilities
6. Power problems
7. Bad Backups
8. Employees
9. Hackers
10. IS Contractors
-> The most challenging email for the spam filter companies to validate are the subscribed mailing lists. These look just like spam, but are legitimate, solicited email. In most cases, such email will be filtered until the recipient identifies the sender as legitimate (see ISB Hot Tip)
One thing is for sure; free, open email as we know it today will not likely survive. Mail servers are being bombarded by directory harvest attacks which try to steal legitimate email addresses. They do this by attempting to send email using thousands of common names and looking for those that don't come back. ISPs and larger organizations have been scrambling to fight back. .
I believe that the only hope for internet email is the use of 'white lists' and ultimately the use of digital certificates. The server you use to receive email will only accept messages from those on your 'white list' of approved senders.
Eventually, I believe that to send email one will have to have a digital certificate issued by the recipient. The certificate will be uniquely associated with a particular sender or their domain, and can be revoked at any time. So if you issue a certificate that is abused by the sender, you can just have your server refuse to authenticate it.
ISB Takeaway:
If
you use an ISP to host your email, now is the time to discuss how your email
is being processed. An ISP can be a valuable partner in controlling spam,
but some legitimate email may be filtered.
Spam has already forced significant changes in the Internet email world, and
there are certainly more to come. Stay tuned.
ISB Hot
Tip:
When evaluating spam filtering tools,
look for the ability for individual email users to add or exclude senders
to the filtered sender list. To do this they must have access to their
suspect email so that they can look for legitimate mail that was filtered
out. If this capability isn't available, legitimate email will be
blocked. For almost every client I know, that just isn't acceptable.
-> software that can achieve zero false positives AND zero false negatives. The compromise that most people make is to put up with some small amount of spam so that make sure that legitimate email isn't blocked. ->
The ISB is a monthly email newsletter published by IPkey.com, your source for affordable information security monitoring and management. IPkey.com is part of Meridian Group, a New Mexico based corporation serving the IT need of it's clients for 14 years. We encourage you to forward ISB to your co-workers, colleagues and friends. To subscribe or unsubscribe to the ISB newsletter, email us at isb@ipkey.com.
Next Month:
Spyware, adware, scumware, malware,
hostile and malicious code. What is all this stuff, and what's it doing on your
employees' PCs?
All contents copyright (C) 2003 Meridian Group Inc.