• United States

Postini: Half of all e-mail requests rejected

Jul 07, 20044 mins
MalwareMessaging AppsNetworking

Anti-spam company Postini said that it is now rejecting more than half of all attempts to send e-mail to its customers, due in part to increased activity from compromised home computers that have been turned into “zombies” for sending spam e-mail.

Anti-spam company Postini said that it is now rejecting more than half of all attempts to send e-mail to its customers, due in part to increased activity from compromised home computers that have been turned into “zombies” for sending spam e-mail.

The company is dropping 53% of all e-mail connections that use the SMTP (Simple Mail Transfer Protocol) without reading the content of the e-mail messages. That’s an almost 20% increase since the company began aggregating information about troublesome Internet addresses from across its customer base, said Andrew Lochart, director of product marketing at Postini.

The Redwood City, Calif., company manages e-mail for around 3,300 companies and 5 million e-mail users. Postini uses its own algorithms to spot spam, as well as denial of service attacks and other threats, by analyzing the behavior of Internet-connected machines attempting to send e-mail and, after that, the message content.

Since October, 2003, the company began aggregating information on IP addresses of machines attempting to e-mail its customers, and dropping connection attempts from IP addresses that are behaving suspiciously without ever receiving the intended message. Since that time, the percentage of dropped connections swelled from around 35% of all connections to the current 53%, he said.

“We’re cross-correlating spam and virus attacks for all our customers, and that allows us to block an even greater percentage of messages without even looking at the content,” he said.

Home computers connected to the Internet through large ISPs are responsible for around 36% of all the dropped connections. Loosely configured machines called “open relays,” and other compromised computers account for the rest of the dropped connections, he said.

Of the 47% of e-mail connections that are accepted, around 76% of the mail accepted are spam and 1% or 2% are viruses. Only 11% of the 10.75 billion SMTP connections the company receives each month are for legitimate e-mail messages, Postini said.

Spam and the problem posed by compromised home computers have been attracting more attention in recent months. Leading ISPs, including Comcast have begun kicking zombie machines off their network. At the same time, a number of companies and international standards organizations are evaluating technology standards that, if widely adopted, would allow companies to verify the source of e-mail messages and stop address spoofing, a common technique spammers use to disguise the origin of their messages.

In June, The Anti-Spam Technical Alliance (ASTA), an industry organization representing e-mail providers Yahoo, Microsoft, AOL and EarthLink, released recommendations for ending spam e-mail, including a list of suggestions and “best practice” recommendations for ISPs, e-mail service providers, governments, corporations and bulk e-mail senders.

Microsoft is also backing a proposed standard called Sender ID that requires organizations that send e-mail to publish the addresses of their outgoing e-mail servers in the Domain Name System (DNS) using XML. The Sender ID standard, which has been submitted for approval to the IETF will allow companies to check for spoofing by analyzing information stored in the e-mail envelope and in the message body, Microsoft said.

Postini believes that its solution is superior to sender authentication schemes because it is “dynamic,” and allows the company to freeze communications from IP addresses that are behaving badly for short periods of time, then restore communications with them when they begin behaving normally again, as opposed to placing them on a block list for prolonged periods, Lochart said.

Such a system is better suited to the current spam distribution system, in which spammers shift e-mail traffic rapidly between thousands of compromised machines to send messages, Lochart said.

However, he also acknowledged that the system was only feasible for e-mail service providers like Postini that benefit from intelligence gathered from thousands of e-mail domains.

The spam problem calls for e-mail providers and antispam companies like Postini to combine their knowledge about spammers and their activities, said James Kobielus, an industry columnist at The Burton Group.

Kobielus recommends a federated antispam network in which companies like Postini, Brightmail and others share spam signatures, whitelists and IP addresses, so that every legitimate e-mail sender can benefit from up-to-date information on spamming activity.