| A Look at the Past, Present and Future of Email | | | | Further compounding matters, lists rely on anecdotal |
| Reputation Systems | | | | evidence, opening the door to vigilantes who add |
| Reputation, reputation, reputation! Oh, I have lost my | | | | senders to blacklists without first verifying that |
| reputation! | | | | they’re actually malicious; and spammers, who |
| I have lost the immortal part of myself, and what | | | | add themselves to whitelists which take a |
| remains is bestial. | | | | pay-to-play approach, allowing any |
| --Spoken by Cassio, in Shakespeare’s Othello | | | | bonded sender to buy their way onto the list. |
| (circa 1602) | | | | Other mitigating factors were behind the decline in |
| Though written over four centuries ago, the sentiment | | | | blacklist and whitelist effectiveness. In the end, the |
| behind these words still holds true — | | | | failure of these lists as email security solutions was |
| you’re nothing without your reputation. Every | | | | largely due to their inability to factor message quality |
| day, different reputation systems dictate who you are | | | | into the equation. |
| to those who don’t know you. To lenders, | | | | Second-Generation Reputation Systems |
| you’re a credit score. To insurance companies, | | | | The next iteration of reputation systems built on the |
| you’re a calculated risk. And now, thanks to the | | | | failure of blacklists and whitelists to maintain control |
| next generation of reputation systems, you’re | | | | over the spam flood. While the lists remained an |
| an IP score. | | | | integral component, new features briefly increased |
| For obvious reasons, spammers, phishers and virus | | | | second-generation reputation systems’ |
| writers would prefer to hide their identities. They use | | | | efficiency and effectiveness. With time, however, |
| countless techniques to disguise themselves with the | | | | spammers adapted their habits to evade detection. |
| intent of sneaking into your enterprise inboxes, robbing | | | | Among improvements seen in second-generation |
| you blind or hijacking your network — or both. | | | | reputation systems were dynamic lists, necessary to |
| On the other hand, those who would fight these | | | | combat the introduction of zombies into the |
| senders are well served to know who the senders | | | | email security landscape; automatic updates, which |
| are and what they’ve been up to. To that end, | | | | removed the administrative burden of manually |
| email reputation systems are used to figure out what | | | | uploading lists; and message scoring, which assesses a |
| sort of behavior senders have demonstrated in the | | | | message’s likelihood of being spam and assigns |
| past and make educated predictions of their future | | | | a corresponding score. |
| behavior, for better or for worse. | | | | The Next-Generation Reputation System |
| Content Inspection Is Not Enough | | | | Today’s spammers are more clever than ever, |
| Unfortunately, many enterprises rely on an email | | | | so today’s reputation systems must be equally |
| security solution based solely on message content; | | | | sophisticated. An effective reputation system must be |
| understanding the source of a particular message | | | | dynamic, comprehensive and precise, and based on |
| never enters the equation. While this approach is | | | | actual enterprise email traffic in order to keep the |
| moderately effective when dealing with messages | | | | spammers from gaining any advantage. To that end, |
| that contain specific spam identifiers, it is completely | | | | CipherTrust developed TrustedSource, the most |
| ineffective at stopping spam that employs techniques | | | | precise and comprehensive reputation system |
| not yet seen. | | | | available. TrustedSource keeps enterprises ahead of |
| Email Security with Reputation | | | | the spammers by leveraging research generated by |
| A comprehensive approach to email security involves | | | | CipherTrust’s industry-leading network of |
| examining both message content and sender history. | | | | customers. In developing TrustedSource, CipherTrust |
| By evaluating senders based on their past behavior, a | | | | has succeeded in defining to a reputation for every IP |
| more accurate picture of their intentions and legitimacy | | | | address in use across the Internet (all 4.2 billion!), not |
| can be discerned. Has the sender engaged in | | | | just those that have been encountered in the past. |
| spamming, virus distribution or phishing attacks? If they | | | | By combining years of industry-leading research with |
| have, an effective reputation system knows and flags | | | | the unmatched capabilities of IronMail’s |
| the message. Has the sender even been seen | | | | Message Profiler, CipherTrust has made some |
| before? If not, a reputation system should pay close | | | | ground-breaking discoveries about the email sending |
| attention to ensure that the sender is not a | | | | behavior of IP addresses. TrustedSource merges |
| zombie machine being controlled remotely by a | | | | CipherTrust’s unmatched knowledge base and |
| hacker. | | | | global customer network of over 1,400 companies with |
| First-Generation Reputation Systems | | | | generally available data such as traffic patterns, white |
| In the early days of spam (circa 2001), simple | | | | blacklists and network characteristics. This powerful |
| blacklists and whitelists seemed like an appropriate | | | | combination allows TrustedSource to assign accurate |
| response to the nuisance messages that had begun to | | | | scores to any IP address encountered by IronMail, |
| show up in inboxes around the world. Blacklists contain | | | | considering both sender history and message |
| the IP addresses of known spammers, phishers and | | | | characteristics. |
| virus senders; whitelists contain the IP addresses of | | | | Trust Your Reputation to Ours |
| senders known to be legitimate. Referencing these lists | | | | A traditional email security approach that relies solely |
| allowed companies to filter a segment of their total | | | | on identifying messages based on content and/or |
| mail flow, briefly curbing the onslaught of spam | | | | characteristics, or an approach that relies solely on |
| messages. However, their shortcomings were | | | | blacklists and whitelists, is incapable of generating |
| exposed relatively quickly. | | | | adequate data about senders. In order to accurately |
| The very nature of whitelists and blacklists makes | | | | identify messages as wanted or unwanted, |
| them manual by default. In order for a list to be | | | | corporations must embrace an approach that includes |
| updated, all messages (both wanted and unwanted) | | | | a comprehensive reputation system like |
| must first be received by an end user and then | | | | TrustedSource. To learn more about TrustedSource |
| manually reported to a system administrator. With this | | | | and how it can help you take control of your |
| sort of end-user reliance, it’s easy to see why | | | | enterprise email security, download |
| the glory days of list-only reputation systems were | | | | CipherTrust’s free whitepaper, |
| short-lived. | | | | TrustedSource: Reputation Redefined. |