by Bruce LaFlam on July 30, 2009
At Mailprotector, we have seen the technically savvy spammer community become more sophisticated and operate in ways that require swift response. With the ability to respond quickly to threats, it makes sense that cloud based or hosted spam filtering companies are growing at at rate faster than the other potential email security solutions: software and appliance.
At the Black Hat Vegas security conference this week, Cisco chief security officer, Patrick Peterson, confirms what we see on a daily basis – spammers are fast.
“Cybercriminals hunt prey with a velocity that’s impossible for legitimate businesses to match”
With hosted email security, businesses can be sure that there is a team of security professionals monitoring and adjusting to threats 24/7.
Byron Acohido in a USA Today story shares more from the Black Hat Security Conference. You can read his story here.
by Jeremy Nigh on July 29, 2009
A recent report from Messagelabs shows that spammers are now utilizing automated translation services to translate their messages into other languages, allowing for them to target more countries with the same content with little extra effort on their part.
Free, online translation services have become a favorite of 419-type advance-fee fraudsters. Only recently though, have general spam senders also adopted these tactics as their own. Some countries who have enjoyed better email security before now are seeing a dramatic rise in the level of spam due to the translation of messages into their native tongue.
Spam levels in Germany and The Netherlands have risen by 13% since May of this year, with spam now representing over 95% of all email traffic globally. According to the report, “…in Germany 46.5% of all spam is in German and 2.5% in French. In The Netherlands, 25% of spam is in the Dutch language while in France, 53% is in French and 4% in German. In Japan, 62.3% of the spam is found to be in Oriental non-English languages and in China, this number is 54.7%.”
Despite the influx of non-English spam, however, the report also shows that around the world most spam is still targeting the English language. In July only 1 in every 20 spam messages was in a non-English language.
by Bruce LaFlam on July 24, 2009
In recent months, our company which provides a spam filter and hosted exchange service has been investing resources into social media. With marketing dollars (and time) in limited quantities these days, it’s important to ask “is social media here to stay and will there be a return?” In a story posted on USAToday.com, Forrester Research shares some insight into the future of social media. Read the entire article here.
The money that businesses spend on social media now is growing faster than any other form of online marketing. Some 25% of small businesses surveyed by Ad-ology Research said they would spend more on social networking in 2009, beating the numbers who’ll spend more on e-mail, blogging or company websites. Forrester Research projects the $455 million that companies spent on social networking in 2008 will balloon to more than $3.1 billion by 2014, a growth rate more than three times what it forecasts for e-mail marketing.
USA Today
So, marketing decision makers should be comfortable knowing that social media will be growing strong for years to come.
by Jeremy Nigh on July 23, 2009
According to a mid-year report from TRACElabs, spam is at it’s highest level ever. Previously the highest level recorded was in July of 2008, so this trend suggests that spammers really kick things into high gear during the summer months, and they don’t care one bit about the actions being taken against them.
“The clear message spammers are giving us is that they are unimpeded by the efforts of law enforcement and the security community,” says TRACElabs senior researcher Phil Hay.
With the recent FTC crackdown on Mocolo and 3FN the volume of spam did slow considerably. However, these latest reports show that spammers have hunkered down and brazenly developed better and more resilient systems for keeping themselves in business. According to Hay, “The crime groups running the Waledac, Rustock, Pushdo and Grum spamming botnets continue to be very strong.”
The report also shows that:
- More than 30% of all spam last week came from Asian countries after Vietnam overtook traditional spam powerhouses China, Turkey and Russia for the first time ever.
- Brazil continues to dominate with over 15% of all spam, followed by the USA with 10%.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
So despite the fact that organizations are investing more time, money, and resources into the spam problem, the spammers continue to relentlessly pound the unprotected email user with wave after wave of unsolicited messages. These high numbers serve as a reminder that the spam epidemic is not going to disolve anytime soon, so this blogger recommends that you find a good email security service and ride out the storm in comfort.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
by Jeremy Nigh on July 22, 2009
Does spam actually return any profit to companies that hire spammers to push their product? Believe it or not it does. Why? Because a decent percentage of individuals actually click spam messages in their inbox.
Recently the MAAWG (Messaging Anti-Abuse Working Group) asked North Americans if they had ever responded to a message they believed to be spam (note: we’re assuming their respondents did not have an email security solution in place). Out of the 800 people surveyed 12% confessed to doing so because they were actually interested in what the spam had to offer. “Big red button pressers” represented 6% of the total respondents, saying that they have clicked on spam “just to see what would happen”, while another 13% said they “unknowingly” clicked spam.
That’s a 31% click-through rate! With such a high rate of success, I think it’s safe to say that spam is going to stick around for a while.
by Tim Sullivan on July 17, 2009
As mentioned in a previous post, the recent story concerning Governor Mark Sanford’s extra-marital affair highlights the need for effective email security. So, what is the key to effective email security?
The answer is layering. It has become an industry best practice to have a layered security approach when it comes to email. Typically, layers of security begin with a cloud based service (like Mailprotector) followed by an appliance (both protecting the email server).
There are other keys to layering, however, including encryption and email best practices. Recently we talked with Ira Victor of the Data Security Podcast about these issues. have a listen »
Forbes Magazine published an article this week on the topic of role models which featured one of our own. The article shares some great insight into the importance of role model as you continue to grow. The sub-title reads, “You don’t get to the top without looking up to someone.”
David Setzer is the chief executive officer of Mailprotector, an e-mail security service. He works as a role model himself, serving as a mentor in a program for new CEOs called NextStart. The program helps young entrepreneurs bring their ideas to market, assisting them in finding or developing whatever they need to do so. Setzer says he credits several role models.
The common thread mentioned by many of the CEOs was the need to have multiple role models. You can read the entire Forbes article here.
by David Setzer on July 15, 2009
On Monday we looked at SPF records and why they are important specifically to spam filters and email security in general. So today, lets take a look at how you create an SPF record for your domain.
As a quick review, an SPF record is a DNS based text string that a receiving email server can query and parse to find out what IP addresses the domain owner says should be sending email for the domain. Now, at first it seems like creating the SPF should be a pretty simple task. Simply use the syntax to say “these are my legitimate IPs”. But, it’s a little more complicated than that. SPF has a number of options which allow the domain owner to add some nuance to the result.
I’m not going to delve into all the possibilities here. But a great resource site for you is the OpenSPF project site. So, here is a breakdown of the SPF syntax where you can dissect all of the possibilities. Let’s look at two of the most common setups though:
1. First let’s look at an example of an SPF record that says “My MX records are the same and ONLY IP addresses I use to send outbound email”. This record would look like “v=spf1 mx -all”. Where “v=spf1″ gives the version of SPF used and “mx” is the command to allow all IPs that are associated to the A records in your MXs and “-all” specifically disclaims any other IPs. ***WARNING*** if you are using Mailprotector or another cloud based email security service do NOT create this SPF. Your MX records are not the same IPs that you send outbound mail through.
2. Now, here is an example of an SPF record that specifically defines the IP addresses which send mail. This record says “These are the ONLY IP addresses which send mail for my domain”: “v=spf1 ip4:192.168.0.1/16 -all”. For IP ranges, SPF uses CIDR notation. In this record “v=spf1″ again defines the version of SPF used, “ip4:192.168.0.1/16″ says “allow all ip4 addresses from 192.168.0.1 to 192.168.255.255″ and the “-all” again specifically disclaims all other addresses. So, you simply substitute your IP(s) or range(s) for the one listed in this example. If you have multiple, just add them one after another with a space between keeping the “-all” at the end. If you are a Mailprotector customer and using our outbound filtering you can get a list of the possible outbound sending ranges from the Help tab in your console.
The OpenSPF site has a great FAQ and Common Mistakes section.
Now, in conclusion I’ll just add the nice big disclaimer…use at your own risk; while not an SPF expert I do play one on TV; past SPF functionality does not guarantee future performance; the author of this article specifically disclaims any shred of truth to this material in this universe or any other. Seriously though, check out the OpenSPF site and go create your record. It’s simple and will help prevent your domain from being forged.
by David Setzer on July 13, 2009
SPF stands for Sender Policy Framework and is an anti spam/anti spoofing tool which domain owners can use to tell receiving systems about their valid outgoing email server’s IP addresses. It is used to identify whether or not an email which purports to be from a specific domain is originating from the email servers the domain owner says are legitimate.
Let’s back up for a minute though and figure out why this is important in terms of email security. Part of the email message is what’s called the “envelope”. Just like a piece of regular mail I can write whatever return address I would like on the envelope as well as in the letter itself. The receiver has no way of knowing if that return address is valid. The one additional piece of information we do know with email though, is what IP address connected to our email server and delivered the message. While we still don’t know if the return address is valid, using SPF we can ask the domain owner if that IP should be sending mail for the domain.
SPF data is created as a DNS record and administered through the DNS system. In most DNS software the SPF record must be entered as a TXT record, however newer versions are now including capability to add SPF as an additional record type along the lines of an A, MX, or CNAME. Since it is only the true domain owner that controls a domain’s DNS it can be reasonably assumed that domain related DNS data is authentic.
The domain owner has a number of options in creating an SPF record that range from no record at all or “I’m not going to tell you anything about my sending IPs” across the spectrum to an absolute record which tells the receiving server “These are my outgoing email servers ONLY.”
It’s important to remember here that like many other anti-spam measures, SPF records are informational only. It is ultimately the receiving entity’s decision as to what action to take in their spam filter with this information. It’s also important to note that SPF cannot be used to determine the authenticity of the sender. It is limited to verifying if a sending ‘from’ address is coming from an IP authorized by the domain owner to send email.
Stay tuned for Wednesday when we’ll talk more about the technical implementation of SPF and how to create the most common SPF record.
by Bruce LaFlam on July 10, 2009
In an article posted this week at Infoworld.com, Peter Bruzzese shares a 10 point checklist for selecting an email security solution. Also in the article, our CEO David Setzer gives some insights on email security best practices. You can read the entire article here.
Peter’s 10 email security requirements:
- Lowest total cost of ownership, upfront capital investment, ongoing administration, and user training
- Access to experienced live customer support to quickly address issues
- Preservation of network and server bandwidth
- Processing of security threats inside or outside the corporate perimeter
- Fastest time to value delivery — can it be deployed and working quickly?
- Reduced risk — ensuring your choice does not introduce a single point of failure within the organization
- Interoperability with network systems and software
- Multiple layers of protection against spam, malware, phishing, viruses, vulnerabilities, and other attacks
- Simple operation and management to reduce IT burden and allow focus on more strategic IT initiatives
- Very little or no user training requirements
Peter writes articles and posts them on his Infoworld Blog that benefit IT directors and decision makers. You can find his Blog here.
