ARN EDGE 2015
Anti-spam technology should guard the network - not clutter it!
- 28 March, 2007 14:49
By Ben Corby, Chief Technology Officer, TotalBlock Pty Ltd
Email users have two options for managing spam. They can use a spam-filtering solution that reads incoming mail, filters it according to content and puts suspect mail in a quarantine folder.
Or they can use a challenge-response solution that requires unknown senders to identify themselves, and in doing so guards against both spam and network overloads caused by storming, harvesting and denial-of-service (DoS) attacks.
However, the former solution clutters up a company’s network with the 90 per cent-plus of all email that is spam, while challenge-response does the opposite.
First it delivers real advantages in network capacity management by allowing users to reject unwanted mail at the server. They can do this by using the SMTP protocol to refuse the message completely, preventing today’s huge volumes of spam from entering the network.
Secondly challenge-response eliminates the need to archive all those spam emails. The operational and cost benefits can be substantial, particularly for large organisations.
Junk email tends to arrive in waves, often from the same server. So if a server sends more than a certain number of unsolicited messages to the same address in a given period, it is practical to stop challenging the messages and simply reject them.
Finally, if a server notices multiple “rcpt to:” messages, as is the case in harvesting, then that server can slow down its response, reducing its load and the effectiveness of the harvesting. Harvesting systems will usually give up and go away.
All the approaches discussed above help to reduce the load caused by spam and harvesting, counter denial-of-service attacks, and assist in using network capacity efficiently. It is neither practical nor cost effective to increase network capacity to allow for unwanted email traffic, because that traffic will simply increase in line with capacity.
Today, more than ever before, it is essential to stop the traffic and manage the load by any means possible. When people have begun to talk about ceasing to use email due to its frustrations and dangers, it’s imperative that designers and implementers provide effective mail management.
Although the dual network capacity management - email blocking capabilities of challenge-response should be self-evident to the technical people responsible for selecting network and anti-spam solutions, take-up of this technology remains slow. Preconceived and uninformed notions are held throughout the industry that focus on imagined negative aspects of challenge-response.
For instance, when B&C Mailing, Australia’s oldest and most trusted mailing house, sought to evaluate the TotalBlock challenge-response solution, the company’s IT Manager David Bowers talked to IT consultancy Discovery Technology.
The consultants told him there were pros and a lot of cons relating to the use of spam-blocking technology, including possible problems over the non-receipt of email from potential new customers. Nonetheless Bowers carried out extensive web research into challenge/response and came up with a list of main concerns to ask solution providers.
“I wanted to find out what the issues might be, and whether any solution was a good fit for our business scenario,” he said.
After discussions with TotalBlock Pty Ltd and a demonstration of the technology in action, he was assured that the solution had none of the shortcomings that some people associated with blocking solutions. The first month’s operation eased any doubts, as B&C Mailing found positive answers to allay the following concerns:
* TotalBlock deals with email from new sources by issuing a challenge – in this case a simple message written by Gareth Thomas, B&C Mailing sales staff – and all the sender has to do is reply to this challenge. If any choose not to do so, or somehow miss the challenge email, B&C staff can access TotalBlock’s Control Panel to free their first (blocked) email.
* When TotalBlock was implemented, B&C’s address books and the domains of client emails received over the past 24 months were entered into the system, and email from all these is automatically allowed.
* B&C staff can add domain names to the allowed list. Sales reps have been trained to add domain names to TotalBlock’s approved list whenever they sign up a new customer.
* The system accepts emails from approved senders using web-based email from Hotmail, Gmail, Yahoo etc.
* Contrary to what some critics are claiming about blocking technology, TotalBlock does not overload a company’s servers by issuing high volumes of challenges. The average challenge sends about 2 kilobytes of data – a fraction of the size of an average email.
* As required, TotalBlock runs on B&C Mailing’s own servers. (SMB and Enterprise customers can also choose to have it run on TotalBlock Pty Ltd’s servers).
* TotalBlock causes no problems when it receives challenges from email senders who are also using anti-spam blocking solutions. Challenge-response systems don't check the content of a challenge from another system, they only look at who sent it. So there is no continuous loop between sender and receiver as some critics have claimed.
“The answers to all my questions about challenge/response solutions were resolved,” says David Bowers. “ My aim was to find an Australian anti-spam solution that would work without any false positives. During our first month on the system we received 6,424 incoming emails: not one spam message was allowed through and there was no disruption to our legitimate client emails. Since then, we have been delighted with the solution.”
TotalBlock - www.totalblock.net - is an Australian-developed anti-spam solution that also guards against network overloads caused by storming, harvesting and denial-of-service (DoS) attacks. It works by blocking ALL machine-generated unwanted email, using a challenge-response technique rather than commonly used filtering. TotalBlock builds a list of acceptable incoming email senders, using a customer’s address book as well as replying automatically to any emailers who are not on the allowed list, and no further emails are challenged. The reply contains a simple action that, when followed, adds the sender to the allowed list. The action can be as simple as replying to the challenge. Since this authorisation process requires human intervention, it bypasses drone machines that spew out huge volumes of spam.
# # #
For more information
Peter Stewart or Ben Corby TotalBlock Pty Ltd Tel. 61-2-9437 9800 David Frost PR Deadlines Tel. 61-2-4341 5021
- Q&A: Cisco's Ken Boal and Jason Brouwers – We're now a software and security company
- Technology is not the biggest security problem: CompTIA
- 3D printing becomes part of science at Deakin University (+7 photos)
- Datacom joins exclusive Cloud club with AWS Managed Services Partner status
- Q&A - Splunk's Marc Olesen: 'Splunking Splunk'