E-mail provider tries message fingerprinting

E-mail provider Everyone.net says it has a new program to protect e-mail users from one by-product of the plague of unsolicited commercial (“spam”) e-mail: bounced e-mail messages.

The San Jose company Tuesday plans to announce an enhanced e-mail protection service called Total Protection 2.0 at the ISPCon conference in Washington, D.C. The new service includes a technology called Email Fingerprint, that can stop “bounce storms,” in which e-mail users who have had their e-mail address stolen by spammers or e-mail worms receive a flood of returned e-mail messages.

Everyone.net calls the new feature a kind of “paternity test” for e-mail messages. The company is adding an extension header to each outbound e-mail message. That header will contain a unique signature, created with a symmetric encryption key and based on information such as the e-mail user’s identification, the time stamp for the e-mail and more,  Everyone.net CTO Wayne Lewis said.

External e-mail servers will typically return the delivery instructions of the original message, called the “header,” including the new fingerprint extension, and often a portion of the original message. That allows Everyone.net to search bounced messages for the signature to determine whether they came from an Everyone.net user, or are bogus bounce messages from a spammer, worm or virus that is spoofing Everyone.net addresses, Lewis said.

“The goal is to stop bounce storms. (With Email Fingerprint) we can say with 100% certainty whether an e-mail message (with the signature) left our system,” Lewis said.

The new technology is not a cure-all, but will help shield Everyone.net’s customers from being inundated with rejection notifications for e-mail messages they never sent, according to Josh Mailman, vice president of sales and marketing.

The Total Protection 2.0 service will be available to Everyone.net’s personal, business and ISP customers, Mailman said.

Bounced messages are a big problem, according to John Levine of the Internet Research Task Force’s Anti-Spam Research Group.

Levine, who runs an anti-spam service called AbuseNet, receives around 10,000 or 20,000 bounced messages a day. However, the Email Fingerprint might not reliably let legitimate bounced messages through to e-mail users, he said.

E-mail server products vary widely in what content from original e-mail messages they return when they issue a bounce notice. That could mean that the Email Fingerprint is stripped out or altered by some programs, causing it to be dropped by Everyone.net’s servers.

“Bounce processing is an incredible can of worms. There are standards that are not widely adhered to and many vendors who think they are adhering to them are not,” he said.

Other researchers and e-mail providers are looking at the problem of bounced messages.

Recently, Earthlink of Atlanta said it will begin testing a plan called Sender Policy Framework (SPF) that also addresses the bounced e-mail problem. AOL said in January that it is testing SPF for outgoing mail, as well. Both companies are publishing the IP addresses of their e-mail servers in an SPF record in the DNS. Mail servers receiving e-mail messages claiming to come from those domains can check whether the messages came from one of the registered servers.