SC Magazine: Protect your email domain

Check out my opinion piece, published 10 April 2009, in SC Magazine’s print edition and on-line…

SC Magazine (http://www.scmagazineus.com/Protect-your-email-domain/article/130481/)

Of all the struggles associated with securing email, one of the most basic is the identification and prevention of domain name forgery. Email has become an essential tool for business, however, there is absolutely no security layer required when an email message is sent and/or received.

Two promising technologies have been developed to protect against domain name forgery. Unfortunately, both have been lumped into the “anti-spam” category. While preventing some email spam is a minor side effect of these technologies, this mis‑characterization appears to have limited the widespread adoption of these technologies.

Sender Policy Framework (SPF) is designed to empower domain owners to limit the ability of their domains to be forged within email addresses. SPF records are published via DNS and provides owners a means to specify which mail sources are legitimate for their domain.

Domain Keys Identified Mail (DKIM) is a cryptographic domain authentication protocol developed to protect against domain forgery within email addresses. DKIM is the merger of two similar concepts from Yahoo! and Cisco.

Here’s the catch… Both SPF and DKIM require domain owners to take responsibility for themselves. In this day and age, any business or organization that relies on email as a trusted channel of communication owes it to themselves and their customers/partners to implement SPF and DKIM for each of their domains as soon as possible. While some consider this to be a “chicken and the egg” proposition, it’s clear that now is the time for responsible internet citizens to step up and embrace these important technologies.

McAfee report says: Spam e-mails killing the environment

While I can’t comment on the science behind McAfee’s study, if it’s to be believed, that would make Sendio the single most eco-friendly anti-spam product on the planet!

Hot off the digital presses… Spam e-mails killing the environment, McAfee report says

McAfee’s Avert Labs recently reported the significant impact that spam is having, not just on our inboxes, but on the environment. The novelty of this angle aside, shouldn’t people be asking themselves how is it possible this problem has been allowed to get so bad? Let’s assume we like the idea of elevating spam to a place where it is considered to be an environmental hazard (I think its even worse — more like an environmental disaster — but the promotion is long overdue), clearly the time has come to ask “who has been asleep at the switch?”

Back in the 1970’s it became obvious that air pollution was caused, to a large extent, by exhaust from automobiles and trucks. Once this fact had been established, the question became… “What are we going to do about it?” If air pollution had been addressed like email pollution, we would have simply trusted the auto manufacturers to make things better. In light of today’s study from McAfee, I think it is safe to say that anti-spam filters = auto manufacturers. While the automobile industry has certainly made great strides in the areas of fuel efficiency and emissions, they have never come close to getting ahead of the curve or actually fixing the problem.

Just like the US auto industry has failed to keep pace, from an innovation perspective, with their competitors around the globe, the developers of anti-spam filtering technologies have, obviously, failed to keep pace with spammers. As Albert Einstein said, “The definition of insanity is doing the same things, over and over again, expecting different results.” Like the US auto industry, the US anti-spam filtering industry is bloated, stuck in the past, is stagnant, and is losing the arms race to the bad guys.

Fortunately for us, the challenge to improve air quality was not simply “trusted,” or handed-over, to the auto industry alone. We realized that individuals needed to get involved. We, the people, needed to make changes to the way we did/do things. We came to understand that to help ourselves we needed to actively engage; not simply sit back and hope some passive system would make everything better.

The time has come, once and for all, for “we the people” to take a stand against spam! Clearly, the mammoth companies, like McAfee, Cisco, Symantec, Google, Barracuda Networks, etc., that make anti-spam filtering tools have failed to save our environment from this polluting scourge. If we, as individuals and collectively as businesses, don’t start looking beyond the status quo with respect to failed anti-spam filtering, we are not only going to loose e-mail as a tool, we are going to hasten the deterioration of our physical environment.

Valentine’s Day Spammers

I came across this article last night, “Botnet Operators Gearing Up for Valentine’s Day Spammers try to play Cupid, with a dark twist” by Richard Adhikari with Internet News (http://www.internetnews.com/security/article.php/3802331) and can’t help but think there is nothing new here.

The “bad guys” are well funded and have developed sophisticated tool-sets to evade detection by content driven and IP reputation based security systems.

While I’m not extremely familiar with the term “fast flux DNS,” this is a perfect illustration of why DNS blacklisting (a.k.a. IP reputations) is such a waste of time as currently implemented by folks like Websence, etc. The “bad guys” know that as long as they are competing against reactive technologies like content filters and DNS blacklists they will ALWAYS be ahead of the curve.