A little technology based spring cleaning – my thoughts on malware and e-mail security technologies that are being phased out and the newer, better technologies that are taking their place:

The first technology being replaced is the traditional spam filter. As we all know, the % of spam and unwanted e-mail has been steadily increasing for the last decade. Clearly, the concept of filtering e-mail based on content has failed to even make a dent in the problem. Even the best spam filters, all based on a blend of heuristics and/or Bayesian probability, have proven to be reactive and ineffective. The replacement for these failed systems is e-mail address verification. Only through the establishment of human-to-human e-mail address verification can people begin to regain their confidence in e-mail as a trusted form of communication for business.

The next technology being replaced is signature based anti-virus tools. Gone are the days when enterprises can rely on a single vendor, or even a group of vendors, to provide virus definitions and scanning tools. Intelligent pattern recognition engines, like those provided by Commtouch RPD, are proving to be more effective and more efficient than traditional signature based tools.

Next, all technologies that call themselves “IP Reputations” technologies are on their way out. Products and services like Spamhaus, Spamcop, and other blacklisting databases are the cancer of the Internet and cause more harm than good. As the world moves from IPv4 to IPv6, these IP Reputation tools/systems/databases will become irrelevant.

Finally, from a security perspective, IPv4 is on its way out, to be replaced with IPv6. This transition is well underway within the confines of wireless networks and large private networks, and will soon be making its way into the public domain.

Check out my opinion piece, published 10 April 2009, in SC Magazine’s print edition and on-line…

SC Magazine (http://www.scmagazineus.com/Protect-your-email-domain/article/130481/)

Of all the struggles associated with securing email, one of the most basic is the identification and prevention of domain name forgery. Email has become an essential tool for business, however, there is absolutely no security layer required when an email message is sent and/or received.

Two promising technologies have been developed to protect against domain name forgery. Unfortunately, both have been lumped into the “anti-spam” category. While preventing some email spam is a minor side effect of these technologies, this mis‑characterization appears to have limited the widespread adoption of these technologies.

Sender Policy Framework (SPF) is designed to empower domain owners to limit the ability of their domains to be forged within email addresses. SPF records are published via DNS and provides owners a means to specify which mail sources are legitimate for their domain.

Domain Keys Identified Mail (DKIM) is a cryptographic domain authentication protocol developed to protect against domain forgery within email addresses. DKIM is the merger of two similar concepts from Yahoo! and Cisco.

Here’s the catch… Both SPF and DKIM require domain owners to take responsibility for themselves. In this day and age, any business or organization that relies on email as a trusted channel of communication owes it to themselves and their customers/partners to implement SPF and DKIM for each of their domains as soon as possible. While some consider this to be a “chicken and the egg” proposition, it’s clear that now is the time for responsible internet citizens to step up and embrace these important technologies.