Anti-Spam and Spam Solution Discussion
Wednesday, April 02, 2008
You Have Invested In A Spam Filter But Continue Getting Spam - What Is Wrong With This Picture?
Wednesday, April 02, 2008 3:26:26 PM (Mountain Daylight Time, UTC-06:00) (
Anti-Spam
|
Barracuda Spam Firewalls
|
CudaMail
|
MX Backup
|
Spam Filtering Service
)
Let's talk about what you can to do help make your e-mail both more reliable and keep Spam out of your client's mailboxes.
First, most people have this idea that e-mail is both near instant and 100% reliable - unfortunately, both of these ideas are 100% wrong!
The SMTP protocol was designed when Internet links were both unreliable and slow, therefore the protocol was built to be resilient and to retry failed messages. However, the link speeds have now increased and have become more reliable, therefore people have gotten used to their e-mail arriving really quickly and so they have come to the unreasonable expectation that e-mail is near instant and 100% reliable.
Let's look at a couple of scenarios that will show that this is not the case as well as address some ways to increase your control over your e-mail server's level of reliability.
Case 1 - Single Mail Exchanger
A lot of e-mail domains right now have only 1 Mail eXchanger (or MX record) typically pointing to a single mail server at the head office.
So what happens if your internet connection goes down or there is some "hiccup" with the mail server or your firewall (you do have a hardware firewall don't you?). Anyone who tries to e-mail you will not be able to and the sender may get an undeliverable messages (or not) from their mail server after some period of time.
The Sending mail server should be configured to retry this message to you a number of times at some interval both of which are set solely by the administrator of the sending mail server. In other words, you have no control over how often they will try again or for how long and it will be different for each and every mail server that is trying to send to you. Talk about a troubleshooting nightmare!
Case 2
- Backup Mail Exchanger
When you publish an MX record via DNS one of the properties of the record is a preference. Here is an example (fictitious) domain and the tools you would use to see what your MX record points to:
nslookup -type=mx somedomain.com
Non-authoritative answer:
somedomain.com MX preference = 10, mail exchanger =
mail.somedomain.com
somedomain.com MX preference = 99, mail exchanger =
smtp.SomedomainISP.com
What the above record is saying is that when sending e-mail to 'yourbuddy@somedomain.com' to first try sending it to the mail server named 'mail.somedomain.com' and if that fails to try and send the e-mail through the mail server named 'smtp.SomedomainISP.com'. Your ISP may even include this service for free if you ask them, however these 'store and forward' backup mail servers typically just accept and forward messages WITHOUT anti-spam processing and since they are from a trusted source (your ISP) most mail servers are configured to accept without further processing.
Guess what?
The Spammers are aware of this little fact and will, in violation of the standard, try to send e-mail to your domain through your backup or secondary MX record. This is how a lot of Spam sneaks in today - it takes the back door and doesn't get challenged by the security guard at the front door - your primary anti-spam solution.
So what is the solution to this problem?
Case 3
- Spam filtered MX Backup service.
Make sure your backup or secondary MX record points to a system or systems that are as hard on Spam as the protection on or in front of your mail server. This is the reasoning behind our
CudaMail MX Backup Service
.
We (
Optrics Engineering
) have been
Barracuda Diamond Partners
for a number of years and have seen the above problems (Case 1 and Case 2) a number of times with the clients we deal with and are offering not just an MX backup service but a
Spam Filtered MX Backup Service
. We have a redundant cluster of
Barracuda Spam Firewalls
that we use to provide primary anti-spam protection for smaller organizations but can use these same servers to accept, scan for Spam and deliver to your mail server in the event that your anti-spam solution goes off-line or your Internet connection or firewall has an issue.
This cluster is configured to retry delivery to your mail server every 15 minutes for up to 48 hours. Those pesky Spammers who try to sneak in through the back door are going to be very surprised when they run into the
CudaMail
service on your secondary MX records and you now know how often and how long you have before people get an 'undeliverable' response back.
While e-mail is not 100% guaranteed the above service puts you in control and slams the door in the face of the Spammers.
Now go have a nice (Spam-free) day!
- Shaun
Comments [2]
|
Trackback
|
Related posts:
Eight Surefire Ways to Become an Identity Theft Victim
Mark Hofman Reports a Surge in His Spam - Are You So Lucky?
Spammers Take Advantage of the Tax Season
Are Anti-SPAM Solutions Failing or Are There Simply More Barbarians at the Gate?
My Predictions on McAfee's Global 'Spammed Persistently All Month' or S.P.A.M. Experiment
Happy April Fool's Day - Don't Be An E-mail Fool!
Tracked by:
"You Have Invested In A Spam Filter But Continue Ge..." (filter)
[Trackback]
Wednesday, April 02, 2008 6:17:15 PM (Mountain Daylight Time, UTC-06:00)
This is a good idea in theory, but the weakness of the approach is also pretty easy to see:
1. If one has an anti-spam system in front of the mail mail server(s), with this suggestion, there would be two different and out of sync settings and quarantines on two different systems.
2. Barracuda, is by the founder's own admission, a "cheap, but good enough" solution. I agree it is cheap, but with the ever stronger waves of spam, it clearly is not a great anti-spam system.
Combine that with #1, and it makes one wonder if this is a better approach than others that are possible.
Ted Elliot
Thursday, April 03, 2008 3:31:13 PM (Mountain Daylight Time, UTC-06:00)
Ted,
Thank you for your comment.
You're right that there would be two different systems processing Spam, with different settings but I'm sure you would agree that it is still much better than not having these messages scanned for Spam at all. If the MX Backup can reduce the Spam coming in via this back door by even just 80% that is a huge reduction in Spam being delivered to your clients and I can assure you that we strive for much more than an 80% reduction in Spam. :)
While this service (MX Backup) will work with any mail server with any anti-spam technology, including an on-site Barracuda Spam Firewall, as part of the configuration we work with the e-mail administrator of the system we are doing the MX Backup for so they are aware of the differences between their internal solution and the CudaMail MX Backup Service. While we don't want to make their job harder we don't typically run with per-user quarantine on the backup service so the end-user or client is not confused by multiple quarantine summaries in their inbox.
In regards to the comment that the Barracuda is 'cheap, but good enough' we find that Barracuda Central is always working on new anti-spam techniques, including multiple AV engines, 3rd generation OCR (Optical Character Recognition) and most recently their own IP Reputation system which is not just a block list but includes history of the IP so that a server that is well managed will not be blocked because of a few wrongly marked messages, for example.
I go agree with you that e-mail, as currently implemented, has some aspects that are, for want of a better term, 'broken' and while I don't see a large scale 'forklift' replacement of the SMTP protocol in our near future I do hope that things do improve with new techniques and standards. I did blog about this in an earlier post asking if people had already gone to or were thinking of moving to a walled garden for their e-mail or a public / private e-mail system.
Shaun Sturby
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page
Remember Me
Comment (Some html is allowed:
a@href@title, b, em, i, strong
) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.
Enter the code shown (prevents robots):
Live Comment Preview
About the author
Shaun Sturby, MCSE
Technical Services Manager, and Optrics' point person for email security
Your browser does not support inline frames or is currently configured not to display inline frames.
Navigation
Home
Archive
CudaMail.com
BarracudaNetworks.ca
Optrics Inc.
Shop.Optrics.com
Search
Category Feeds
Anti-Spam
April Fool's Day
Barracuda Central
Barracuda Networks
Barracuda Spam Firewalls
Barracuda Website Firewall
Black Market
CudaMail
e-cards
False Spam
Fortinet
Identity Theft
Illicit Trade
McAfee
MX Backup
National Geographic
ORDB
Outlook Plug-In
Robert Soloway
S.P.A.M.
Secure Computing
Sophos
Spam
Spam Filtering Service
Spam Stats
SPF
SQL Injection
Threats
Valentine's Day
On this page
Tag Cloud
Anti-Spam (19)
April Fool's Day (1)
Barracuda Central (2)
Barracuda Networks (4)
Barracuda Spam Firewalls (2)
Barracuda Website Firewall (1)
Black Market (1)
CudaMail (17)
e-cards (1)
False Spam (2)
Fortinet (1)
Identity Theft (1)
Illicit Trade (1)
McAfee (1)
MX Backup (1)
National Geographic (1)
ORDB (1)
Outlook Plug-In (2)
Robert Soloway (1)
S.P.A.M. (1)
Secure Computing (1)
Sophos (1)
Spam (6)
Spam Filtering Service (6)
Spam Stats (4)
SPF (2)
SQL Injection (1)
Threats (9)
Valentine's Day (1)
Archive
May, 2008 (1)
April, 2008 (7)
March, 2008 (5)
February, 2008 (9)
Blogroll
BarracudaNetworks.ca
Optrics.com
Squidoo CudaMail Lens
|
|
E-mail Us
Statistics
Total Posts: 24
This Year: 24
This Month: 1
This Week: 0
Comments: 4
Subscribe
Sign In
© Copyright 2008,
Optrics Inc.