Interesting article for all SPAM hunters. Larry Smith GoldenShed Enterprises, Limited Ph: 03-332-2428 Mob: 021-756-856
-----Original Message----- From: NW on Security [mailto:[EMAIL PROTECTED] Sent: Wednesday, 20 August 2003 7:50 a.m. To: [EMAIL PROTECTED] Subject: Time to stop spam NETWORK WORLD NEWSLETTER: STEPHEN COBB ON SECURITY 08/19/03 Today's focus: Time to stop spam By Stephen Cobb [Note from M. E. Kabay: My good friend and colleague Stephen Cobb sent me this good news about progress in the fight against spam. Introducing delays into network responses is a well-established approach to interfering with automated attacks; for example, automated dictionary attacks on passwords via logon interactions can be stymied by a two- or three-minute delay every few wrong-guesses. I'm glad to see someone implementing this technique to deal with the wretched people who are abusing the 'Net with their floods of junk. As a matter of full disclosure, I have no commercial relation whatsoever with the vendor named in the following article. Please communicate directly with Stephen Cobb for all commentary about this article.] Networks can use time to stop spam - and I mean this quite literally. People may argue about the definition of unsolicited bulk e-mail or spam, but nobody disputes the fact that it continues to grow in volume, month after month, despite lawsuits and legislation (spam is already illegal in 30 states and, since most spam is commercially deceptive, much of it is a violation of the Federal Trade Commission Act). Nobody disputes the fact that spam places network administrators between a rock and hard place, where the rock is user complaints and the hard place is mail servers that are groaning and, all too often, collapsing, under the weight of expanding spam traffic. Security officers are being challenged as well, by spam's threat to uptime and availability, and its growing popularity as a distribution mechanism for malicious code and fraudulent scams. Unfortunately, but perhaps understandably, the most common choice for antispam defense is filtering. This assumes spam is akin to malicious code, something you can readily identify and quarantine. But spam is the Achilles of e-mail threats, at once more powerful and yet more vulnerable. If you doubt the power of spam, talk to your local ISP. When a spammer targets your domain you can be staring down the barrel of a spam cannon firing 6 million messages an hour. Some spam will always beat filters. This is because spam shares so much digital DNA with legitimate high-volume e-mail - like this newsletter or my Discover card payment reminder - as to be practically indistinguishable. Ratchet up the filters and you lose wanted e-mail. As for blacklisting as a spam defense, that is now fraught with problems too numerous to mention. Spammers have a strong incentive to beat filters and blacklists: economics. Unlike virus writers, spammers are in it for the money, which turns out to be good news, because that is also their Achilles' heel. Consider what happens to a spam cannon when the target network is so slow most of the messages don't even leave the barrel: It moves on to the next target. In other words, if you can't get a network to accept a high rate of messages per minute, there is clearly no money to be made there, and you move on. I know this because my colleagues in ePrivacy Group's antispam laboratory figured out how to make a large network appear - to spammers - as though it is very slow. When they tried this trick at an ISP whose servers had been collapsing under relentless spam attacks, the effect was immediate and quite astonishing. Spam attacks were either repelled or displaced. The good e-mail came through faster, without false positives, and server loads returned to manageable levels while user complaints plummeted. The techniques used to accomplish this, a combination of traffic analysis and traffic shaping, have now been "productized" in an appliance that can be dropped into place between the Internet and an organization's e-mail servers. The technology, SpamSquelcher, works best when applied to networks of 5,000 mailboxes or more, and it can be an effective complement to filtering strategies. That's because spam squelching eliminates the biggest weakness of filtering: the need to receive all the messages that a spammer sends to then decide which are spam and which are ham. Whether you filter in-house or through a service, the spam has to be accepted by someone before a filter can look at it - which actually tends to increase spam volumes. Besides, if your first line of defense is squelching, rather than filtering, you can not only win back valuable server capacity, but also enjoy the distinct pleasure of knowing you are making life more difficult for spammers. RELATED EDITORIAL LINKS Latest worm puts focus on patch woes Network World, 08/18/03 http://www.nwfusion.com/news/2003/0818blaster.html _______________________________________________________________ To contact: Stephen Cobb Stephen Cobb, CISSP, is the author of _Privacy for Business: Web Sites and E-mail_ and two dozen other books. In addition to teaching Information Assurance at Norwich University in Vermont, he is a senior vice president at ePrivacy Group, the developers of SpamSquelcher. Stephen can be reached at mailto:[EMAIL PROTECTED] or mailto:[EMAIL PROTECTED] _______________________________________________________________ This newsletter sponsored by SSH Communications Security, Inc. Copyright Network World, Inc., 2003 ------------------------ This message was sent to: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 12/08/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 12/08/2003
