Let's talk about what you can to do help make your e-mail both more reliable and keep Spam out of your client's mailboxes.
 
First, most people have this idea that e-mail is both near instant and 100% reliable - unfortunately, both of these ideas are 100% wrong!

The SMTP protocol was designed when Internet links were both unreliable and slow, therefore the protocol was built to be resilient and to retry failed messages. However, the link speeds have now increased and have become more reliable, therefore people have gotten used to their e-mail arriving really quickly and so they have come to the unreasonable expectation that e-mail is near instant and 100% reliable.

Let's look at a couple of scenarios that will show that this is not the case as well as address some ways to increase your control over your e-mail server's level of reliability.
 
Case 1 - Single Mail Exchanger
 
A lot of e-mail domains right now have only 1 Mail eXchanger (or MX record) typically pointing to a single mail server at the head office.

So what happens if your internet connection goes down or there is some "hiccup" with the mail server or your firewall (you do have a hardware firewall don't you?). Anyone who tries to e-mail you will not be able to and the sender may get an undeliverable messages (or not) from their mail server after some period of time.

The Sending mail server should be configured to retry this message to you a number of times at some interval both of which are set solely by the administrator of the sending mail server. In other words, you have no control over how often they will try again or for how long and it will be different for each and every mail server that is trying to send to you. Talk about a troubleshooting nightmare!
 
Case 2 - Backup Mail Exchanger

When you publish an MX record via DNS one of the properties of the record is a preference. Here is an example (fictitious) domain and the tools you would use to see what your MX record points to:
 
nslookup -type=mx somedomain.com
Non-authoritative answer:
somedomain.com        MX preference = 10, mail exchanger =
mail.somedomain.com
somedomain.com        MX preference = 99, mail exchanger =
smtp.SomedomainISP.com
 
What the above record is saying is that when sending e-mail to 'yourbuddy@somedomain.com' to first try sending it to the mail server named 'mail.somedomain.com' and if that fails to try and send the e-mail through the mail server named 'smtp.SomedomainISP.com'. Your ISP may even include this service for free if you ask them, however these 'store and forward' backup mail servers typically just accept and forward messages WITHOUT anti-spam processing and since they are from a trusted source (your ISP) most mail servers are configured to accept without further processing.

Guess what? The Spammers are aware of this little fact and will, in violation of the standard, try to send e-mail to your domain through your backup or secondary MX record. This is how a lot of Spam sneaks in today - it takes the back door and doesn't get challenged by the security guard at the front door - your primary anti-spam solution.

So what is the solution to this problem?

Case 3 - Spam filtered MX Backup service.

Make sure your backup or secondary MX record points to a system or systems that are as hard on Spam as the protection on or in front of your mail server. This is the reasoning behind our CudaMail.com MX Backup Service.

We (Optrics Engineering) have been Barracuda Diamond Partners for a number of years and have seen the above problems (Case 1 and Case 2) a number of times with the clients we deal with and are offering not just an MX backup service but a Spam Filtered MX Backup Service. We have a redundant cluster of Barracuda Spam Firewalls that we use to provide primary anti-spam protection for smaller organizations but can use these same servers to accept, scan for Spam and deliver to your mail server in the event that your anti-spam solution goes off-line or your Internet connection or firewall has an issue.

This cluster is configured to retry delivery to your mail server every 15 minutes for up to 48 hours. Those pesky Spammers who try to sneak in through the back door are going to be very surprised when they run into the CudaMail.com service on your secondary MX records and you now know how often and how long you have before people get an 'undeliverable' response back.

While e-mail is not 100% guaranteed the above service puts you in control and slams the door in the face of the Spammers.

Now go have a nice (Spam-free) day!

- Shaun

April Fool's Day is upon us - don't be an e-mail fool - as the Spammers will be trying to take advantage of our love of a good laugh.
 
As always be very careful when you get an e-mail that you don't expect. Just last week my own wife sent me a video via e-mail and the first thing I did was call her and ask if she had sent it to me. It turns out she had but it could easily be an e-mail containing Spam/malware like the latest storm being reported on by the Internet Storm Center.

Storming into April on Fools Day

http://isc.sans.org/diary.html?storyid=4222

Here are some subject lines to watch out for (there may be more variations):

• All Fools' Day
• Doh! All's Fool
• Doh! April's Fool.
• Gotcha!
• Gotcha! All Fool!
• Gotcha! April Fool!
• Happy All Fool's Day.
• Happy All Fools Day!
• Happy All Fools!
• Happy April Fool's Day.
• Happy April Fools Day!
• Happy Fools Day!
• I am a Fool for your Love
• Join the Laugh-A-Lot!
• Just You
• One who is sportively imposed upon by others on the first day of April Surprise!
• Surprise! The joke's on you.
• Today You Can Officially Act Foolish
• Today's Joke!

The e-mails either contain or have links to a nasty malware payload.

The download is a binary, also with varying names:

foolsday.exe
funny.exe
kickme.exe

In your e-mail it will look something like this:

April Fool's Day http://276.233.234.297 <= This is an invalid link intended to be harmless

CudaMail.com.com">CudaMail.com blocks .EXE attachments by default so anyone using our CudaMail.com CudaMail.com.com">managed anti-spam service is not going to be getting any of the malware payloads but some of the links may slip through.

We are blocking new variants as quickly as they are discovered but the best defense is to be educated to not click on unsolicited links.

Consider yourself educated. :)

- Shaun

As some of you may know,  ORDB.org (aka the Open Relay Data Base) was one of the original real time or IP based black lists. The idea was that as your mail server or anti-spam service (like CudaMail.com.com">CudaMail.com) was getting a connection from a sending mail server you could ask ORDB.org if the senders IP address was known to ORDB and if it was you had a pretty good idea that you didn't want to accept this e-mail as it was most likely spam being routed through an open relay mail server.
 
Well after running as a free service for years the ORDB.org service was shut down on December 18, 2006 and instead of replying it would just time out.  Not a big deal and since your mail server didn't get a reply either way you went on to other tests. They announced that they were going off-line and at some time in the future they would be replying with a positive result to any new queries. This has happened many times over the years with various free anti-spam databases for a variety of reasons. Most administrators didn't notice the ORDB.org announcement or put the removal of this test on their 'to do' list and promptly forgot about it until now.
 
So on March 25, 2008, after giving fair warning, the DNS servers for ORDB.org started to answer every query with a positive result. All mail servers still using a SPAM filtering solution that references ORDB (relays.ordb.org) started to immediately block all incoming e-mails regardless of their real status as spam sources. You can't blame the admin of ORDB.org as they were doing this service for free and had been paying for the bandwidth used up by all these timed out queries for the last 2 years.
 
While the CudaMail.com.com">CudaMail.com system does still use some of the no charge databases out there to block spam it does not use ORDB.org. Barracuda Central has also been actively working on their own internal reputation system. The Barracuda Reputation system is very mature at this point with the end result is that this database is flagging new spam sources before the no charge databases like ORDB.org used to do. The real benefit of Barracuda Central maintaining this database is that there are dedicated people paid to maintain it as part of their business plan and the problems experienced by people who rely on the free databases will not happen to CudaMail.com.com">CudaMail.com.

Now go have a nice spam free day!

- Shaun Sturby

Notorious 'spam king' Robert Soloway has pleaded guilty to additional charges (fraud and tax evasion) related to his previous conviction for sending out huge volumes of Spam.
 
US Department of Justice indictment against Soloway:

> www.usdoj.gov/usao/waw/press/2007/may/soloway.html

Seattle times article on Soloway's guilty plea on the new charges:

> http://seattletimes.nwsource.com/html/localnews/2004283998_spamking15m.html 

The question to the reader therefore is 'Do you think that this sentence will result in less spam to your inbox?'
 
Sadly the answer is probably 'no' as the trend in Spam is still increasing and human nature, on both sides of the equation, being what it is won't change.
 
There are a number of sites you can go to if you want to look at Spam trends and one such site is Barracuda Central:

www.barracudacentral.com/index.cgi?p=spam
 
You can go there if you want to look at the pretty graphs but the number that jumps out at me is that worldwide the number of messages processed by all Barracuda Anti-Spam Firewalls yesterday was over 2 Billion. 2,277,470,908 to be exact and of that number the vast majority or 2,170,841,992 (95.32%) were blocked as Spam. This is in contrast to the same statistics a year ago where the number of messages processed per day was around 1 Billion per day and the Spam percentage was around 92%.
 
Sadly, the Spam mix is still about 50% off-brand pharmaceuticals and about 25% knockoff products which tells you what is profitable to the Spammers. If people stopped responding to these advertisements and voted with their cash then the Spammers would not be profitable and would have to look elsewhere for their next easy meal.

Will human nature change overnight?
 
Probably not. Consumers want a good deal and are not likely to change and the Spammers have found a financial niche that they fit into so expect the volume of Spam to continue and even increase as the effectiveness of anti-spam solutions like the Barracuda appliances, which CudaMail.com.com" target="_blank">CudaMail.com is powered by, makes the Spammers job that much harder. They will ramp up their efforts to sneak Spam past such solutions rather than change their nature.
 
- Shaun

A recent report that Spammers are taking advantage of the interest in the US Elections to try and peddle Viagra along with the other things that Spammers are taking advantage of - like Valentines day - make me think that things are getting worse instead of better and also makes me wonder if we are going to have to go to some form of 'walled city' for our e-mail.

The SMTP standard was designed to be open and people at that time (about 30 years ago now) wanted such an open system that there are now gaping holes that Spammers are using to send a deluge of Spam to our users.
 
What the Spammers are doing at the moment must be effective because I review the daily logs from our systems and this is really brought to light when on a Sunday, not a typical business day, our systems processs in excess of 1.5 million messages. Out of that number less than 13,000 or LESS than 1% (0.866%) were allowed through to the mail servers. Now we don't claim that we can block 100% of Spam so there is a very small percentage that get's through so let's say that 1/10 of 1% of the 13,000 is Spam. That means that out of 1.5 million messages only 13 Spam messages got through to our users.
 
This brings up two interesting questions:

1. How many people are buying from Spammers?

- If only a handful of messages are getting through the Spammers must have a high close ratio and a high margin to make this make economic sense.
 
2. Are we going about solving the Spam problem the wrong way?

- Why should we have to process 1.5 million messages when less than 1% are legitimate?
 
Some organizations have to be more open to whom they accept e-mail from because that is the nature of their business - online sales from almost anyone - but what about those organization that only get a few e-mail messages from a few select partners? Could they setup a closed e-mail system where there is a process to be added to their accept list and reject all other e-mails? They could even setup 2 e-mail domains. The first with a few common e-mail addresses like sales@ support@ and billing@ for their public mail presence and the second - by invite only - domain for their real mail boxes?
 
The first domain will get a ton of Spam but will act like a switchboard with only a few select people having to review the messages and forward them internally to the people that will take action on them. The second domain will not accept e-mail from just any domain so it will be very easy to track down the source of any "Spammy" messages and stop them.
 
What do you think? Have you thought of or implemented a 'walled city' plan for your e-mail? Let us know in the comments.
 
- Shaun

According to this article at the Internet Storm Center (http://isc.sans.org/diary.html?storyid=4054) the bot handlers are working to build up their Spam sending bot network by sending out e-Card spam.

These seemingly harmless e-mail's claim that there is something special for you, either a joke or a surprise and more often than not will trick you into opening it.

Be part of the solution and don't get tricked by these e-Cards. If you know the sender then confirm with them (not by e-mail) that they really sent it to you.

If they didn't send it or if it is sent anonymously then don't open it no matter how curious you are. There are a lot of other joke sites on the Internet or you can always go have a chat with your Grandpa. :)

- Shaun

Do you want to educate the CudaMail.com system so it understands better what kind of e-mail you want to get and what you consider as spam?

Do you want to have a very easy way to submit SPAM and false positive reports?

Do you want an easy way to keep your white list up to date?

If you answered YES to any of the above questions then you may want to try the Outlook Plug-in.

Getting to Know The Outlook Plug-In:

This very simple toolbar can be installed in the Outlook 2000 to 2007 e-mail client (not Outlook Express or the new MS Mail) to give you some additional options and two new buttons. These Green and Red buttons with an envelope and either a Check Mark (good) or Red X (bad) make the process of sending a report back to the system that you consider a message SPAM or Wanted as easy as clicking on the corresponding button. It can't get any simpler than that!

To download the toolbar simply go to the CudaMail.com.com">CudaMail.com Web Portal and click on the 'Get Mail Client Plugins Here' link at the bottom of the page. (this download link is only for current CudaMail.com customers - if you have a Barracuda Spam Firewall and want the plug-in go talk to your network administrator)

Per-user Web portal is at CudaMail.com.com">https://web.CudaMail.com.com

Once you download the Outlook Plug-in you have to run it to install it so you need to do this with an account that has administrative access to your PC. After it is installed you should be able to get to the 'Spam Firewall' tab under the 'Tools' - 'Options' menu item and it should look something like this:



What Does This All Mean?

Automatically Update White list: When this option is checked off every time you add someone as a new personal contact or e-mail someone then they will be added to your personal white list. While this sounds like a great idea you need to login to your personal options area on the CudaMail.com system on a semi-regular basis to clear out old or stale white list entries and specifically to make sure your own e-mail address is not on the white list.

A typical spammer trick is to send you spam pretending to be you so you do not want to white list your own e-mail address or you will get more spam.

This can happen by accident if you 'reply all' to an e-mail and don't take your e-mail address off or if you are in the habit of always cc'ing yourself.

Additional Button Actions:

Spam: Permanently Delete Message or Move to Deleted Items folder.

While I like to completely get rid of any spam messages by leaving it on the 'Permanently Delete Items' option you have no way of easily getting back any message you accidently marked as Spam. By setting this option to "Move to - Deleted Items Folder' you can always rescue it from there if you have an accident.

Not Spam: Add E-Mail addresses to Whitelist. When a message come through with the subject tagged as spam '[CudaMail.comTagged] -original subject' and you click on the Green button to submit a 'falsely marked as spam' report this option will also update your personal whitelist so that this senders e-mail will not be tagged in the future.

There is a second benefit to the plug-in as it is building your own personal database of 'Good' and 'Bad' messages that are unique to you. Once you have marked at least 200 messages of each type then the statistical analysis or 'Barracuda Bayesian Learning' will kick in and provide additional protection against Spam. You will only be able to mark messages that have been processed by the CudaMail.com.com">CudaMail.com system so don't just select everything in your inbox and try to mark them all as 'good'. What you should do is look at the message and ask yourself 'Did this e-mail come from outside our organization and is it a representative sample of e-mail that I want to get in the future?'

This plug-in is also the answer to questions like the following:

1. How do I automatically whitelist all of my contacts?
2. I get so few messages in the per-user quarantine how am I ever going to get 200 'good' messages?
3. How do I send you samples of spam that I don't want?

Does the Outlook plug-in work with Microsoft Vista?

Yes the Outlook Plug-in versions 2.1.0.5 and above work with Microsoft Vista and Outlook 2007. The plug-in version can be found on the licensing screen when installing the plug-in, or in Microsoft Outlook by viewing the Spam Firewall tab in the Options window. The version number will be located in the bottom-right corner of the window.

If you can give the Outlook Plug-in a try. I have been using it myself for the last 2 years and I get a sense of joy every time I can click on the 'Spam' button because I know that this is making the Spammer's job that much harder next time.

- Shaun

(... or how to publish a Sender Policy Framework (SPF) record and minimize "Joe-Job" e-mail attacks.)


Has this happened to you?

You get a nice but cryptic message from someone called 'Postmaster' saying that the e-mail you sent to someone you don't know has not been delivered because you are sending SPAM! You know you did not send anything to this e-mail address so it looks like someone has hacked your e-mail account or is impersonating you to send Spam. You don't want this as they are treading on your reputation and may get you blacklisted so you can't send legitimate e-mail. It can also slow down your e-mail as your mail server has to deal with all these postmaster messages. One client of ours, for example, was getting over 1.8 million of these a day!

What can you do?
 
While it is very possible that they have hacked into your e-mail account* and are really using your account to send Spam it is much more likely that all the spammer has done is taken your e-mail address and used it as the 'return address' on all the spam they are sending. This is called a "Joe-Job" and the end result is that any e-mail that gets rejected for any reason will end up sending you a Non-Delivery Report (NDR) that will clog up your mailbox.

(Don't get me started on mis-configured mail servers that don't reject at the protocol level... that is something for another day ... )

So what can you do? Publish your Sender Policy Framework (SPF) record.

What is an SPF record?

Basically you get to set and publish a policy stating what mail server your e-mail should come from and what policy you want the administrators of all the other mail servers out there to take when an e-mail 'claiming' to be from you fails your policy. This is a simple record that you publish in the DNS (Domain Name) Servers that are responsible for answering the other questions people have about your domain such as where is your website and where should they send e-mail so that it gets to you.

What does an SPF record look like?

Here is the SPF record for the domain CudaMail.com.com:

"v=spf1 mx a:mx1.cudamail.com a:mx2.cudamail.com a:mx3.cudamail.com include:optrics.net -all"

'v=spf1' means this is an SPF record version 1 and is required.

'mx' means to allow e-mail from the systems that are already in your MX records.

'a:mx1.cudamail.com a:mx2.cudamail.com a:mx3.cudamail.com' are all the same and say to allow e-mail from the IP addresses that resolve or reverse DNS to these names - you could also use the IP address here.

'include:optrics.net' means to lookup the SPF record of the domain Optrics.net and also allow the mail servers listed there. This is used when you have to send through your ISP's mail servers - just include their SPF record. This is a great way to distribute the management of the SPF records because any e-mail from Optrics.net must be able to pass their SPF record so if you have to send through their mail servers by including their SPF so will yours.

"-all' this is where you set the policy for 'all other' mail servers. In this case the minus sign says to reject all e-mail claiming to be from your domain that does not come from the list of allowed mail servers. If you use a tilde '~' instead then you're telling the other mail administrators that you're not 100% sure that e-mail should only come from this list and they can choose to reject or not.

Great! So how do you go about setting up and publishing one of these SPF records?

The place to start is at www.openspf.org where a simple wizard will walk you through some questions and then present you with an SPF record ready to be published in the common DNS servers. If you have a control panel that allows you to make changes to your DNS records then you can make them yourself but if not you can forward the SPF record that OpenSPF generates for you to your ISP. In either case you will want to get someone to double check the SPF record before publishing it just in case you forgot something. Your ISP should know about SPF records and can provide you with guidance.

What should I watch out for?

There is a list of common mistakes on the OpenSPF website (www.openspf.org/FAQ/Common_mistakes) you will want to review but here is my own short list.

1. Watch out for your web forms that send e-mail. These have to be configured to send through your mail server and not to send directly out to other mail servers or the messages will fail the SPF check for your domain.

2. Similar to the above - any website that has a 'send this article to a friend' button typically has a place for you to put in your e-mail address so they can impersonate you when the message goes to your friend. While this sounds like a good idea it will also fail the SPF check for your domain so don't expect it to go through.

3. Blackberries. This used to be a problem with the older BlackBerry Internet Service (BIS) but now they have implemented a Sender Rewriting Scheme (SRS) so it shouldn't be a problem but you will want to test for messages being rejected when you send from your Black Berry. If they are, you can use an 'include:srs.bis.na.blackberry.com' in your SPF records assuming you are in North America.

4. Hotels and WiFi hotspots. Some hotels and WiFi providers run a transparent proxy service that intercepts all e-mail so they can either scan it for virus or to make sure they bill you for the service. These transparent proxies make it look like you are talking to your mail server but they are really doing a store and forward e-mail delivery on you and thus your e-mail looks like it is coming from the mail server of the hotel or WiFi hotspot. These messages will fail your SPF policy. You can either send e-mail via a web mail interface or see item 5 below for another solution.

5. Other SMTP servers. Some ISP's are blocking the standard SMTP port number (25), which is the default for most e-mail clients and are forcing you to use their servers. Either add their SPF record to yours as an include if this is your ISP or setup your e-mail server and client to allow you to talk to your server on an alternative authenticated SMTP port.  Most mail servers are starting to support a second SMTP port and requiring that the client be authenticated before allowing them to send e-mail. Check to see if your mail server supports this alternate SMTP port feature and you will be able to take your laptop anywhere and still send e-mail.

5. Testing. There are a number of excellent third party tools out there to test your SPF record both before and after you publish your SPF record. Here is a short list:

Decludes SPF test - Can test before you go live and double check after.

  > http://tools.declude.com/

DNS Stuff - Used to be 100% free but have recently gone to a paid service with some basic tests still free but you can sign up for a 21 day eval. Well worth the money but only if you work with DNS a lot. It presents the results in an easy to read format with good explanations.

  > http://www.dnsstuff.com/

Scott Kitterman's SPF test site - A simple site but it gets the job done.

  > http://www.kitterman.com/spf/validate.html

While this post is a little longer than usual taking the time to read it and then implementing an SPF record will be a great step in the right direction to stop these "Joe-Job" attacks on your domain. The second step is to make sure your mail server or anti-spam service is checking for SPF records. That will be the next article.

- Shaun Sturby
CudaMail.com's Technical Services Manager


* If they really have hacked into your e-mail account you need to change your e-mail password right now being sure to use a strong password, set your client to use encryption if possible, scan your PC for malware like keystroke loggers and if found clean these up before resetting your password to a different one again - seriously!

**If you have an e-mail address @Hotmail.com or @Yahoo.com or any other common domain then they are responsible for publishing the SPF record and have probably already done so.

A classic example of why the storm worm has been so successful. The subject lines of this variation play on peoples emotions and their desire to be wanted / loved. This will be successful again as valentines day comes around and people expect to get electronic valentines.

People have resist the urge to click on something like this that tugs on their heart strings.

Storm Worm encore. A Trojan repackaged yet again. This incarnation of the "Dorf" Trojan sends out emails posing as messages of love in an attempt to lure unsuspecting users to dangerous websites. The emails sport subject lines such as "Falling In Love with You," "Special Romance," and "You're In My Thoughts." The body of the email contains a link to a website that is actually one of the many compromised computers in the worldwide Storm botnet. The website displays a large red heart, while installing malware onto the visitor's computer.
More information:

http://www.sophos.com/pressoffice/news/articles/2008/01/love-storm.html

- Shaun Sturby
Technical Services Manager
CudaMail.com

 

AVG Research has released an interesting report on the changing malware landscape.  According to AVG, viruses now account for less than 15% of total threats, with phishing scams, backdoor worms, Trojans, keyloggers, spyware, adware and web-based exploits making up the rest.

For 2008 AVG predicts an increase in the number of web attacks on legitimate web sites, particularly social network sites, in order to use these sites for the illegal capture of user data and for the propagation of malware. Folks, over the last year I have been advising you to run your browser in a sandbox or with reduced rights. This is one of the reasons why. In the future you may not be able to assume that those "trusted" websites you visit have not been temporarily compromised.

http://www.avg.com.au/index.cfm?section=news&feature=83

- Shaun Sturby
Technical Services Manager
CudaMail.com

(really I'm not!)

1. Maybe because you misspelled something or are using text messaging shorthand, L337 (leet) speak or hacker jargon.

http://en.wikipedia.org/wiki/Text_messaging
http://en.wikipedia.org/wiki/L337

Anti-spam filters get suspicious when they see bad spelling or unusual characters inserted into words because this is what Spammers do all the time. Don't act like a Spammer and you won't get lumped in with them.

2. If you are at your corporate site you probably send e-mail out via your organization's mail server but when you work from home, at a hotel or at your favorite coffee spot they are probably either blocking outbound SMTP traffic to stop infected systems from sending Spam or are silently proxying port 25 'in your best interest'. This can cause your outbound e-mail to fail completely or fail something called an Sender Policy Framework (SPF) check or a domain check as an outgoing server whose name doesn't match your domain name raises a red flag, unless it's a well-known one, like Gmail or Yahoo.
 
What can you do about this?
 
A. Use webmail. Since you are connecting back to your real mail server the e-mail will not be blocked and it will be coming from your mail server so the mail server checks will pass. Make sure you use a secure connection (httpS) when you do this or the hotel or coffee shop may be able to read your e-mail. Not something to do if your working on your "super secret" plan!

B. Use a VPN to your office first then use your regular mail client. Again the e-mail is going from your laptop to your mail server first so you will pass these anti-spam checks. Some locations, like hotels, may not let you start a VPN connection so you will have to use webmail or the final solution - alternate SMTP port.

C. Use an alternate port for SMTP. Way back when the Internet was young and shiny and spammers weren't born things were a lot more permissive and so requiring people to identify themselves to send e-mail wasn't necessary. Today the best thing to do is run two SMTP services or e-mail server software that can listen for e-mail on more than one port. Leave port 25 to accept e-mail from the wild and do all your anti-spam checks on this port. The second port is going to be dedicated to accepting e-mail from your users only and therefore two things are needed:

1. An alternate port like 465 or 587 mapped through your firewall to your mail server.
2. A setting that forces your users to authenticate (provide a user name and password) FIRST before accepting e-mail from them.

This way your laptop connects to your mail server on a port that is not blocked and spammers can't use this port to send you spam because they don't have a username and password on your server - simple!
 
More about SPF records next week.

Shaun Sturby
Technical Services Manager
CudaMail.com

Browser vulnerabilities and botnets head threat list.

SANS has released the full article on their website:

Twelve cyber security veterans, with significant knowledge about emerging attack patterns, worked together to compile a list of the attacks most likely to cause substantial damage during 2008. Participants included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Alan Paller. Here's their consensus list in ranked order:

Sans.Org 2008 Menaces

The Register links to the same information:
http://www.theregister.co.uk/2008/01/14/sans_threat_list/

 - Shaun

There are 1,300,925,111,156,286,160,896 ways to spell Viagra!

Rob did the math on how many variations you could easily come up with and the above number is what he came up with.

http://cockeyed.com/lessons/viagra/viagra.html

Going after the word is not the way to target the spam.

This came off the Declude forums where someone is trying to come up with all the possible combinations of Viagra.

You can see why the anti-spam people went looking for a better solution.

- Shaun