| The recent spike in the volume of spam traveling | | | | charges. There is also a time-lag between when a |
| across the Internet, combined with the dangers of | | | | spammer starts sending spam from a particular IP |
| phishing and virus attacks that frequently accompany | | | | address and when the address gets added to the |
| these messages, has forced enterprises to reconsider | | | | blacklist. By the time the services become aware of a |
| how they determine which messages will be allowed | | | | spammers activities, the spammer has already sent |
| into their network. The latest advances in anti-spam | | | | millions of messages. |
| technology have been enabled in part by the use of | | | | Two prominent examples of bonded programs are |
| reputation services which determine the good | | | | IronPort’s Bonded Sender Program and and |
| and bad senders. There are several | | | | Habeas’ Sender Warranted Email programs. |
| approaches to determining a sender’s | | | | These programs allow email marketers to secure |
| reputation; some more effective than others. | | | | bonds to certify that their email adheres to guidelines |
| In order to determine whether senders are good | | | | on the basis of privacy, mailing practices and issue |
| or bad, organizations must have the ability to | | | | resolution. ISPs and other mail servers can then query |
| accurately identify the sender of an email. Spammers | | | | Bonded Sender when scanning incoming messages |
| and their ilk would prefer to hide their identities — | | | | and handle them accordingly. However, this |
| especially for those that are engaged in open fraud | | | | pay-to-play model is fundamentally flawed, as it |
| such as phishing attacks. They modify email headers in | | | | gives spammers the ability to simply buy their |
| an attempt to fool recipients into thinking the email is | | | | way onto the list by securing a bond as a legitimate |
| coming from a legitimate source. This practice, called | | | | sender, regardless of whether they’re actually |
| spoofing, is a common tactic used by | | | | legitimate or not. While the cost of the bond may be |
| spammers to obfuscate their true identities. | | | | prohibitive to some senders, the benefits far outweigh |
| To confront this issue, Microsoft, CipherTrust and other | | | | the costs to most spammers, as the only way the |
| industry leaders have worked to create standards that | | | | bond will be debited is if Bonded Sender receives |
| allow organizations to determine whether an email is | | | | complaints about a specific account sending spam. |
| coming from a legitimate sender. To date, there | | | | And really, when was the last time you or anyone you |
| continues to be debate as to which technology will | | | | know reported receiving spam? Would you even |
| prevail. Microsoft’s Caller ID (now dubbed the | | | | know where to report it? In reality, spammers are |
| Sender ID Framework or SIDF) has emerged as a | | | | paying IronPort for the right to clog your inbox. |
| front-runner along with Meng Weng’s Sender | | | | TrustedSource is CipherTrust’s adaptive, |
| Policy Framework (SPF) . | | | | real-time email reputation system that provides |
| Unfortunately, merely knowing who is sending an email | | | | information on email sender behavior. Who sends |
| doesn’t necessarily stop spam. As it turns out, | | | | spam? Who polices their outbound email well? |
| spammers have been early adopters of the new | | | | TrustedSource knows. By constantly observing and |
| standards, they are better about applying for sender | | | | analyzing email traffic across the Internet, CipherTrust |
| authentication technologies than normal corporations, | | | | identifies the "good guys. TrustedSource provides |
| and they are eager to participate! | | | | constant updates on sender status to improve |
| Regardless of how many spammers adopt | | | | spam-fighting accuracy and allows IronMail, the secure |
| honest emailing practices, the technology to | | | | email gateway, to achieve the highest level of |
| identify email senders is quickly being adopted by | | | | accuracy in determining good email from bad. |
| major ISPs and corporations. Armed with that | | | | TrustedSource servers provide data to IronMail by |
| knowledge, reputation-based filtering can have a | | | | contributing negative values to IronMail’s Spam |
| significant impact on the level of spam in | | | | Profiler (SP) algorithm for messages sent from |
| everyone’s inbox. | | | | senders that are deemed reputable. Every message |
| There are a number of methods companies use to | | | | that passes through IronMail is checked against the |
| determine whether a given email sender has a | | | | TrustedSource list and based on the reply, IronMail will |
| good reputation. Some of the most common | | | | make a decision about whether to reduce the overall |
| tactics are: | | | | SP spam score for that message and improve its |
| By far the most costly method in terms of human | | | | chances of not being classified as spam. |
| resources, In-house lists require IT staff to maintain | | | | What constitutes good behavior |
| whitelists and blacklists in order to cut down on the | | | | Spammer behavior changes constantly so no definitive |
| spam problem. The difficulty with these programs is | | | | answer is available. However, the following practices |
| that they require that the IT staff become | | | | are considered best practices for email senders: |
| knowledgeable about a host of email security and | | | | - Comply with the proper RFC protocols for email. |
| spam issues, and the investment is rarely sufficient to | | | | - Do not attempt to obscure content or messages in |
| overcome the thousands of variations of nuisances | | | | emails. |
| and threats posed by spammers, phishers, and other | | | | - Do not send email to unverified or nonexistent email |
| dubious email senders. By the time the administrator | | | | addresses. |
| becomes aware of a new spam attack, the spam has | | | | - Post privacy policies where they can be read and |
| already gotten onto the network, and into users | | | | understood, prior to submission of a request. |
| inboxes. | | | | - Offer opportunities for users to opt-out of programs. |
| These whitelists and blacklists are built and maintained | | | | Adopting a reputation-based anti-spam system alone |
| by third party organizations for the benefit of | | | | has not proven effective to stop spam. However, by |
| subscribers. These lists are subject to many of the | | | | combining reputation-based systems such as |
| same problems faced by in-house administrators. In | | | | CipherTrust’s TrustedSource with other |
| addition, some blacklists are maintained by vigilante | | | | methods of spam control technologies such as SIDF, |
| groups that are quick to penalize an organization for | | | | SPF, Bayesian Filters, Blacklists, Whitelists, Anomaly |
| spam; sometimes without due diligence and without | | | | Detection, and Spam Signatures, IronMail has achieved |
| giving that organization time to respond to spam | | | | industry-leading success. |