Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Challenge-Response the best way to curb junk email and protect network capacity

  • 06 December, 2005 09:22

<p>By Ben Corby, Technical Director, New Millennium Solutions</p>
<p>It’s no secret that most businesses and Government agencies are being handicapped by unsolicited email. Users receive unmanageable volumes of junk emails, some of which cause mischief to recipients plus other Internet users. Some of our customers receive nearly 1,000 junk emails per day, but can’t change their e-mail address for business reasons.</p>
<p>There are many reasons why email volumes have become unmanageable, but the dominant one is that unwanted mail has become self-perpetuating.</p>
<p>Initially it was only a nuisance, which it had to be read and discarded. Now a recipient can get mail that will use his or her computer to send out more mail, including names in the victim’s address book, so friends and business associates are bugged too!</p>
<p>How do the senders collect email addresses? Often by harvesting. This involves a server sending hundreds and sometimes thousands of messages to an email system with varied user names. Sooner or later, the combination will succeed. Harvesting can increase mail traffic to a server far beyond any previous limits and render the server inoperable. Harvest attacks are always random in timing and duration.</p>
<p>So worldwide, a huge daily volume of unwanted mail and harvesting is being passed from server to server, box-to-box, user-to-user, clogging commercial arteries with useless traffic.</p>
<p>Analysis of unwanted mail shows that 70-80% is peddling products - about 5% is pornography and the rest is a meaningless composition of names, domains and content. Most of that unwanted mail is mischievous rubbish.</p>
<p>Worse, most unwanted mail has the potential to be hazardous in a number of ways, not the least of which is the inclusion of a virus in unsolicited mail that might render a victim’s computer unusable.</p>
<p>Challenge-Response the best defence</p>
<p>Users must choose one of two approaches when deciding on a system to manage unwanted mail. Solutions either read the mail, filter it according to content and put suspect mail in a specific folder. Or they challenge an unknown sender to identify him or herself, a process known as Challenge-Response. I am a firm advocate of Challenge-Response, believing it to be the best defence against unwanted mail.</p>
<p>The email server is the first line of defence against the volume of rubbish and those who aim to maintain the volume. So is there anything that a server can do to increase its defence? Certainly, and any worthwhile system will incorporate these techniques in its operation.</p>
<p>Challenge-Response provides some real advantages in network capacity management. It allows users to reject unwanted mail at the server. They can do this by using the SMTP protocol to refuse the message completely, preventing over 90% of email traffic from even entering the network.</p>
<p>Further, Challenge-Response eliminates the need to archive unwanted email. Since spam emails don’t enter the network, they are not archived. This benefits large organisations that receive high volumes of mail. In most cases, more than 40% of the mail is rubbish, but in some cases, the volume can be as high as 80%.</p>
<p>Most junk email comes in waves, often from the same server. If a server sends more than a certain number of unsolicited messages to the same address in a given period, it is practical to stop challenging the messages and simply reject them.</p>
<p>Finally, if a server notices that there are multiple “rcpt to:” messages, as is the case in harvesting, then the server can slow down its response, reducing the load on the server and the effectiveness of the harvesting. Harvesting systems will usually give up and go away.</p>
<p>All the above approaches help to reduce the load caused by unwanted mail and harvesting, and assist in using network capacity effectively. It is no longer practical to increase network capacity to allow for unwanted email traffic, because the traffic simply will increase in line with capacity. These days it is essential to stop the traffic and manage the load by other means. If people are ceasing to use the Internet due to its frustrations and dangers, it’s up to the designers and implementers to provide better mail management.</p>
<p># # #</p>
<p>Contact the author, Ben Corby, at</p>

Most Popular