by Jeremy Nigh on July 23, 2009
According to a mid-year report from TRACElabs, spam is at it’s highest level ever. Previously the highest level recorded was in July of 2008, so this trend suggests that spammers really kick things into high gear during the summer months, and they don’t care one bit about the actions being taken against them.
“The clear message spammers are giving us is that they are unimpeded by the efforts of law enforcement and the security community,” says TRACElabs senior researcher Phil Hay.
With the recent FTC crackdown on Mocolo and 3FN the volume of spam did slow considerably. However, these latest reports show that spammers have hunkered down and brazenly developed better and more resilient systems for keeping themselves in business. According to Hay, “The crime groups running the Waledac, Rustock, Pushdo and Grum spamming botnets continue to be very strong.”
The report also shows that:
- More than 30% of all spam last week came from Asian countries after Vietnam overtook traditional spam powerhouses China, Turkey and Russia for the first time ever.
- Brazil continues to dominate with over 15% of all spam, followed by the USA with 10%.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
So despite the fact that organizations are investing more time, money, and resources into the spam problem, the spammers continue to relentlessly pound the unprotected email user with wave after wave of unsolicited messages. These high numbers serve as a reminder that the spam epidemic is not going to disolve anytime soon, so this blogger recommends that you find a good email security service and ride out the storm in comfort.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
by Tim Sullivan on July 17, 2009
As mentioned in a previous post, the recent story concerning Governor Mark Sanford’s extra-marital affair highlights the need for effective email security. So, what is the key to effective email security?
The answer is layering. It has become an industry best practice to have a layered security approach when it comes to email. Typically, layers of security begin with a cloud based service (like Mailprotector) followed by an appliance (both protecting the email server).
There are other keys to layering, however, including encryption and email best practices. Recently we talked with Ira Victor of the Data Security Podcast about these issues. have a listen »
by David Setzer on July 15, 2009
On Monday we looked at SPF records and why they are important specifically to spam filters and email security in general. So today, lets take a look at how you create an SPF record for your domain.
As a quick review, an SPF record is a DNS based text string that a receiving email server can query and parse to find out what IP addresses the domain owner says should be sending email for the domain. Now, at first it seems like creating the SPF should be a pretty simple task. Simply use the syntax to say “these are my legitimate IPs”. But, it’s a little more complicated than that. SPF has a number of options which allow the domain owner to add some nuance to the result.
I’m not going to delve into all the possibilities here. But a great resource site for you is the OpenSPF project site. So, here is a breakdown of the SPF syntax where you can dissect all of the possibilities. Let’s look at two of the most common setups though:
1. First let’s look at an example of an SPF record that says “My MX records are the same and ONLY IP addresses I use to send outbound email”. This record would look like “v=spf1 mx -all”. Where “v=spf1″ gives the version of SPF used and “mx” is the command to allow all IPs that are associated to the A records in your MXs and “-all” specifically disclaims any other IPs. ***WARNING*** if you are using Mailprotector or another cloud based email security service do NOT create this SPF. Your MX records are not the same IPs that you send outbound mail through.
2. Now, here is an example of an SPF record that specifically defines the IP addresses which send mail. This record says “These are the ONLY IP addresses which send mail for my domain”: “v=spf1 ip4:192.168.0.1/16 -all”. For IP ranges, SPF uses CIDR notation. In this record “v=spf1″ again defines the version of SPF used, “ip4:192.168.0.1/16″ says “allow all ip4 addresses from 192.168.0.1 to 192.168.255.255″ and the “-all” again specifically disclaims all other addresses. So, you simply substitute your IP(s) or range(s) for the one listed in this example. If you have multiple, just add them one after another with a space between keeping the “-all” at the end. If you are a Mailprotector customer and using our outbound filtering you can get a list of the possible outbound sending ranges from the Help tab in your console.
The OpenSPF site has a great FAQ and Common Mistakes section.
Now, in conclusion I’ll just add the nice big disclaimer…use at your own risk; while not an SPF expert I do play one on TV; past SPF functionality does not guarantee future performance; the author of this article specifically disclaims any shred of truth to this material in this universe or any other. Seriously though, check out the OpenSPF site and go create your record. It’s simple and will help prevent your domain from being forged.
by David Setzer on July 13, 2009
SPF stands for Sender Policy Framework and is an anti spam/anti spoofing tool which domain owners can use to tell receiving systems about their valid outgoing email server’s IP addresses. It is used to identify whether or not an email which purports to be from a specific domain is originating from the email servers the domain owner says are legitimate.
Let’s back up for a minute though and figure out why this is important in terms of email security. Part of the email message is what’s called the “envelope”. Just like a piece of regular mail I can write whatever return address I would like on the envelope as well as in the letter itself. The receiver has no way of knowing if that return address is valid. The one additional piece of information we do know with email though, is what IP address connected to our email server and delivered the message. While we still don’t know if the return address is valid, using SPF we can ask the domain owner if that IP should be sending mail for the domain.
SPF data is created as a DNS record and administered through the DNS system. In most DNS software the SPF record must be entered as a TXT record, however newer versions are now including capability to add SPF as an additional record type along the lines of an A, MX, or CNAME. Since it is only the true domain owner that controls a domain’s DNS it can be reasonably assumed that domain related DNS data is authentic.
The domain owner has a number of options in creating an SPF record that range from no record at all or “I’m not going to tell you anything about my sending IPs” across the spectrum to an absolute record which tells the receiving server “These are my outgoing email servers ONLY.”
It’s important to remember here that like many other anti-spam measures, SPF records are informational only. It is ultimately the receiving entity’s decision as to what action to take in their spam filter with this information. It’s also important to note that SPF cannot be used to determine the authenticity of the sender. It is limited to verifying if a sending ‘from’ address is coming from an IP authorized by the domain owner to send email.
Stay tuned for Wednesday when we’ll talk more about the technical implementation of SPF and how to create the most common SPF record.
by Bruce LaFlam on July 8, 2009
Yesterday, Microsoft announced a serious security flaw with PCs using Windows XP or Windows 2003 related to its internet explorer browser. The most likely initial attack will come in the form of email spam that will try to trick users into clicking a link which will then send them to corrupted web pages.
Our Mailprotector Security Center reports that spam levels for the month of June reached 92% for all email traffic. The Microsoft security announcement confirms what we have seen on a daily basis – users need to be protected by a robust spam filter that can adjust to the changing threat environment. The best place for this level of robustness is the SaaS email security model. In discussing SaaS spam filters with Searchmidmarketsecurity.com, Forrester Analyst Jonathan Penn states:
“Really a no-brainer to go into direction of service providers,” said Forrester’s Penn. “There’s really no good reason these days for a smaller organization that doesn’t have that kind of expertise in-house already, that kind of staffing, that kind of competency dedicated to email management to go with a product.”
Given the fact that Mailprotector is a SaaS email security company, we agree with the notion that SMBs should take advantage of the expertise associated with a hosted security provider. We also suggest that everyone use good old common sense judgment when clicking any link in an email, and make sure your web browser is up to date. If history is any indicator this won’t be the last security flaw found in a Microsoft product, but an ounce of prevention is worth a pound of cure, so be sure you’re protected beforehand.
by Jeremy Nigh on June 30, 2009
Michael Jackson’s death last week left a mourning fan base of gargantuan proportions. Fans of the “King of Pop” (one of which this writer is not) have expressed their grief and sentiments through email, youtube, twitter, and various other social and Internet-related media in a way rarely seen before. But for many, their state of sadness has left them vulnerable to email and web-based attacks.
It’s no secret that spammers and malware creators can always be counted on to deliver a bevy of non-benevolent business when a phenomenon such as this reveals itself. At only 50 years old, nobody (least of all the average spammer) expected MJ to die so suddenly. Subsequently, Micheal Jackson email scams got off to a slow start, but over the past weekend attacks have ramped up significantly. Have a look at an actual Mailprotector quarantine page to see some of the spam we’ve stopped over the past 3 days:
A quick Mailprotector quarantine search for the words "Michael Jackson" yields quite a few results.
It’s not really surprising. Spammers have always had a propensity to follow the buzz of current trends and hot news stories. They’ve learned what works, and focusing on current events works very well for them. The Michael Jackson death story is the latest “easy target” scenario, but be forewarned that spammers never stop looking for creative ways to get to your inbox, so it’s important to take proper measures to ensure you’re protected from the Bad stuff.
The best way to keep safe is to use an email security service (such as Mailprotector) that provides an exchange spam filter, which tells spam messages to Beat It before they even get to your email server. If such a service is not an option for you, however, you can always take the common-sense approach to protect yourself:
- Always be very careful to only open email from trusted senders
- Never click links in emails that seem even remotely suspicious
Better safe than sorry is always the way to go when dealing with potentially harmful email. The Michael Jackson spam attacks will subside, but if history is any indicator the next spam-inducing current event is just around the corner, and for those of us in the email security industry it promises to be one heck of a Thriller.
Ok, this one is a little off the email security topic but I think it’s a fundamental marketing question worth exploring.
I walked in my bank the other day (I like the smaller local banks because I like knowing who’s messing with my money) and they have this big display for Coke on the main table in the lobby. As I walk up to the teller window and start chatting I see that they are offering a free 2 liter of Coke with any new account. So, after my obligatory joke about what happened to the free toasters I had to ask if they really thought offering a $.99 two liter of Coke was going to make one iota of difference in anyone’s decision making process about whether to open an account or not. Needless to say, most in this branch agreed that it made a nice looking display but a pretty ineffective marketing tool.
I left the bank and passed the experience off as one of those little amusements of life. Until yesterday, that is, when I open a local business paper and see another bank who has designed and paid for an entire ad around the enticement of a free box of cookies for opening a new account. This made me start to doubt my own logic now. Are there really people out there saying to themselves “Hmmm, can’t decide which bank to use. Do I want the cookies or the Coke?”
From the very first day of Mailprotector’s launch I made sure that we offered a fully functional 30 day demo without any credit card numbers or other upfront obligations. I always felt like the best way for our customers to know if Mailprotector would work for them is to actually use it. Especially for something as critical as a spam filtering service. I never really thought of it as a marketing gimmick or freebie. Maybe banks should do the same. Let us try their online banking for a while. Let us see if their tellers really are that friendly and their hours convenient.
Please tell me there’s a difference between the cookies and our demo. If not, we may just switch out the demo with a box of doughnuts…
by Jeremy Nigh on June 10, 2009
Research shows that email is the most popular tool for online communication
Though email is over 40 years old (that’s older than SMS, Instant Messaging and even the Internet itself) global research conducted by Epsilon in North America, Europe (EMEA), and the Asia-Pacific (APAC) region shows that email is still by far the consumer favorite when it comes to online communication.
Email dominates other popular messaging mediums globally.
And despite the fact that the largest percentage of emails received are reported to be spam, email remains a mainstay communication and is being used on an increasing number of devices.
The vast majority of email messages are spam.
The new definition of spam
As long as email has existed, so have spam and a consumer intolerance of unsolicited messages. The new definition of spam is not limited to emails to which consumers have not subscribed, but now encompasses irrelevant messages and contact saturation as well.
The definition of "spam" is becoming (in some cases) increasingly hard to determine. This underscores the need for an email security solution that includes content filtering.
How to limit spam delivery
Accustomed to these messages, consumers are taking action to eliminate or limit the amount of spam they receive by unsubscribing and using tools such as “junk email” folders, “report spam” and “block sender.” 43%-50% of respondents reported to use a spam filter.
Everyone hates spam, and they'll try anything to stop it.
Source: http://www.epsilon.com
by David Setzer on June 8, 2009
Here is a great article I picked up from one of our Twitter followers. It does an excellent job of explaining the two different cultures and types of blackhats responsible for the spam, malware and other cyber-threats today. Having been in the email security business for almost 10 years now we see the effects of these types of thugs and can deduce much of their makeup but this article really nails it.
It’s interesting how human nature never really changes. This is nothing more than the 2000’s version of your pick pockets and organized crime of 1930’s Chicago or New York.
We finally launched! Whenever you’re working on something it always takes longer than you want but the group around here is pretty jacked today. We’ve had the new console in partner and end user beta for about 2 months now with a ton of changes along the way. Our marketing and tech folks took the public site from idea to reality in 8 weeks which was awesome. With the public site launch we finally had to bite the bullet and retire the old console. Sorry, I know some of you don’t like change but I promise, you’re gonna love this one. You’ll still see us cleaning a little house here and there but we just couldn’t wait to get it out. I think my favorite is the new pricing page which calculates any service option including Hosted Exchange.
Enjoy the new sites and for our international customers, please join us here in the U.S. this Memorial Day weekend as we honor our fallen soldiers who died to bring freedom around the world.
