Back in March, I wrote about some new e-mail message continuity services from FrontBridge. Well, according to a press release just received from Microsoft, FrontBridge is about to become Microsoft’s latest acquisition as it steps up its systems management and security capabilities. With the purchase of Giant Company (anti-spyware), Sybari (anti-virus) and now FrontBridge (anti-spam and message continuity), Microsoft’s security arsenal is starting to look good. It will be interesting to see how these purchases shape up and whether they are integrated into Windows, retained on an application service provider (ASP) basis, or developed into one or more new products, perhaps as part of the System Center family, or (in the case of FrontBridge) maybe we will see some of the new technology integrated into Exchange 12?
The new face of spam
We are all used to spam arriving in our e-mail inboxes, but now the problem is spreading to other communications methods.
Research by Wireless Services Corporation shows almost half of the mobile phone text messages received in the US are spam, compared with 18% a year ago. Another problem is the growing menace of spam over instant messaging (spim), with Meta Group reporting 28% of instant messaging users hit by spim.
Meanwhile, IT managers are turning to new methods of trapping e-mail-born spam at the network edge. According to e-mail security provider Postini, 88% of e-mail is spam and Symantec reports 70% (their Brightmail Antispam product is used by ASPs such as MessageLabs) with 80% from overseas, particularly China and Russia. Appliance servers are now available that claim to trap “dark traffic” such as unwanted inbound SMTP traffic, directory harvest and e-mail denial of service (DoS) attacks, malformed and invalid recipient addresses.
Last month, Microsoft acquired Sybari and according to IT Week, the Sybari tools are likely to be offered as a plug in for the virus-scanning API in Exchange Server 2003 service pack 1, as well as part of Microsoft’s plans to offer edge services in forthcoming Exchange Server releases, including Sender ID e-mail authentication in Exchange Server service pack 2, IP safe lists, and a requirement for senders to solve a computational puzzle for each e-mail sent, increasing overheads for spammers (and unfortunately for the rest of us too).
Some industry commentators criticise the use of filtering products, citing examples of blocked legitimate e-mail. Sadly this will always be the case (one of my wife’s potential customers once claimed that her domain name pr-co.co.uk is invalid, blocking all addresses containing hyphens) and many of my clients (wisely, if in a somewhat draconian style in some cases) block various attachment types. A few weeks back, even a reply which I sent to a request for assistance left on this blog was picked up as spam. There will always be a trade off between false positives and a small amount of spam getting through – what is needed is for a real person to double check the filtered e-mail, combined with an overall increase in the use of digitally signed e-mail.
Links
Practical measures for combating spam (MessageLabs)
Battle spammers with Outlook’s tracking options
I just came across a top tip on the Microsoft website to stop spammers from verifying your e-mail address using a read/delivery receipt.
Basically, it involves enabling the tracking option to “ask me before sending a response”. That way you can tell when someone has attempted to validate your e-mail address – I had thought that sending a fake non-delivery report (NDR) would be enough but it seems without this setting I could also have been sending a read receipt without realising it when I deleted the spam.
Spam-proof your website
I found an interesting article on the OutFront (FrontPage support) website which gives some practical advice on how to prevent your e-mail address from being harvested and then abused by spammers. Basically, it involves converting e-mail addresses displayed on websites to unicode (for which a unicode converter may be useful). Let’s see if it works…
Tackling spam in Exchange with the RegEx SURBL
Last week, I read an interesting e-mail from the Windows and .NET magazine network Exchange and Outlook update, discussing Spam URL Realtime Block Lists (SURBLs), which examine message contents to block spam. This week’s e-mail highlights a free Exchange Server SURBL – the RegEx filter.
The basic idea behind the RegEx Filter, is the ability to filter email based on any arbitrary text pattern. It is implemented as an event sink that hooks into the Exchange SMTP engine (by default, the filter works only with the first virtual server instance, but this can easily be changed) and applies regular expression tests against the message sender, recipient, or contents.
It is possible to specify any number of individual filters to run against incoming messages and the filter also includes:
- A large filter file that tests for common patterns found in adult-oriented spam.
- A whitelist of expressions to be allowed; by customizing this list, it is possible to easily whitelist addresses or senders.
- A list of blocked recipients; the filter drops blocked recipients as soon as it sees the SMTP
rcpt to
verb, instead of waiting until the mail has been accepted for delivery. - A list with expressions commonly found in “Nigerian scam” messages.
Any or all of these capabilities can be used to roll in additional filtered expressions (by editing XML files, as long as there is a regular expression that will match the messages to be accepted or dropped). The XML schema for the filtering language includes the ability to specify IP address ranges, perform DNS lookups and filter according to the results, slow down the sending mail server by imposing a timeout (for punishing repetitive spammers), and a host of other features.
I haven’t tested the filter yet (I need to move my e-mail service over to Exchange first), but in Paul Robichaux’s original article (from which the information in this post is taken) he suggested that the filter didn’t add any significant performance overhead and that it also includes a set of Performance Monitor counters that can be registered to assist in assessing any performance issues as a result of filtering.
Robichaux also highlighted that RegEx isn’t perfect: its documentation is pretty opaque, and there’s no real step-by-step guide to installing the filter on an Exchange server. Also (and potentially worrying) the default filter configuration logs all accepted messages to disk, exposing all valid, accepted mail in plain text form. Apart from the obvious security implications, these logs also consume a large amount of disk space. Fortunately, the logging can be turned off.
This looks to me, to be a useful (free) tool in the battle to prevent spam.
Office 2003 SP1 and enhanced junk e-mail filtering for Outlook 2003 released
Last week, Microsoft released Office 2003 Service Pack 1. The service pack includes the many public updates and hotfixes that have been released since Office 2003 debuted in autumn 2003 and adds fixes to several other problems that Microsoft hadn’t previously documented. It also offers some new security functionality including the addition of several file types to the list of those that Outlook blocks (noteably: .asp; .tmp; .vsmacros; .vss; .vst; .vsw; and .ws).
Along with the main service pack, equivalent service packs for OneNote 2003, Project 2003 and Visio 2003 were released, as well as an update for Outlook 2003’s junk e-mail filter allowing it to automatically update the safe senders list with outgoing messages’ recipients. This update replaces the outlfltr.dat file that controls the behaviour of the filter and provides a more current definition of which messages should be considered junk, based on Microsoft’s most recent analysis of mail patterns from the massive volumes of spam that Hotmail servers receive.
Bill Gates’ view on solving the spam problem
I’ve just read an interesting executive e-mail from Bill Gates in which he discusses preserving and enhancing the benefits of e-mail, whilst curbing the epidemic of junk e-mail. Not surprisingly, this includes a plug for Microsoft’s Sender ID proposed standard.
Suffering from my fair share of domain spoofing, I think that Sender ID sounds a reasonable approach to take, although doubtlessly there will be those from the open source and Macintosh communities who will take offence at any technology (co-)developed by Microsoft (even as part of the Anti-Spam Technical Alliance, whose members include AOL, Yahoo, Earthlink, Comcast and BT).
One point of particular interest, was the comment around the possibility of charging for e-mail. I’ve read various articles which have suggested this (although I had guessed this was non-technical journalists failing to appreciate the idea of charging computing time to “qualify” e-mails and slow down spammers), but according to Microsoft:
- “We firmly believe that monetary charges would be inappropriate and contrary to the fundamental purpose of the Internet as an extremely efficient and inexpensive medium for communications.”
Gates also discusses third-party e-mail accreditation services.
It all makes interesting reading, and the full article is available on the Microsoft website.