Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

June, 2007

  • Terry Zink: Security Talk

    Update on spam levels

    • 0 Comments
    My original plan when doing the series on sender authentication (which is not yet finished) was to write a series of uninterrupted posts. I didn't want to break my mometum by diverting to another topic. However, as serendipity would have it, the start...
  • Terry Zink: Security Talk

    Sender authentication part 7: Shortcomings of SPF

    • 6 Comments
    SPF is a method of authenticating the envelope sender's domain with the IP that transmitted the message to the receiving mail server.  It is quite useful for preventing spoofing but it has its shortcomings: 1. SPF adoption has been slow. As I alluded...
  • Terry Zink: Security Talk

    Sender authentication part 6: The basics of SPF

    • 4 Comments
    In our previous posts on sender authentication, we were introduced to the concepts of SMTP, internet headers and how spammers will try to spoof headers. One of the weaknesses of SMTP is that the sender can assign any email address as the Envelope sender...
  • Terry Zink: Security Talk

    Sender authentication part 5: More on received headers

    • 1 Comments
    We saw in part 2 of this series that when a receiving email server gets the message, it inserts a Received: header into the mail headers of the message. Let's go back to our previous example and see what happens if the message is routed through a couple...
  • Terry Zink: Security Talk

    Sender authentication Part 4: Forward Confirmed Reverse DNS

    • 4 Comments
    Now that we have seen how email headers are inserted by the receiving machine upon receipt of an email, we need to go into a little bit on how mail servers convert IP addresses to host names and vice versa. DNS stands for Domain Name System. It converts...
  • Terry Zink: Security Talk

    Sender authentication part 3: Checking the received headers

    • 2 Comments
    In my previous post on the basics of email headers, we saw the basic headers that are inserted by receiving mail agent. In this post, we are going to look at some of the techniques that spammers use to hide themselves. Recall a received header; it's an...
  • Terry Zink: Security Talk

    Sender authentication part 2: Reading email headers

    • 11 Comments
    As we saw in our previous post, 5 basic commands are needed for SMTP. When the receiving mail transfer agent (MTA) receives the message, it inserts additional headers which allow us to trace the message to its source. In the example from the previous...
  • Terry Zink: Security Talk

    Sender Authentication part 1: The basics of sending email

    • 6 Comments
    This is my first post in my series on email authentication. In order to understand how to authenticate the sender of an email, we need to understand how email works. I remember back in my 4th year of university when we learned how to send "fake" email...
  • Terry Zink: Security Talk

    Sender Authentication

    • 2 Comments
    In my next few posts, I plan to write a series on Sender Authentication, specifically on SPF and a little bit on SenderID and possibly even DomainKeys. To my more technically oriented readers, I apologize if this is familiar territory for you as I...
  • Terry Zink: Security Talk

    Save the inbox, save the world

    • 6 Comments
    One of the differences that webmail services like Hotmail has is the ability that it does not deliver mail to the end-client, users have to login to their accounts and view their mail on the web (unless, of course, they POP their mail). Exchange Hosted...
  • Terry Zink: Security Talk

    SPAM vs spam

    • 5 Comments
    I notice quite often that when people refer to spam (either inside our company or on the outside), they often say "SPAM." This has often confused me because as far as I know, SPAM is not an acronym and doesn't stand for anything, it's only slang for Unsolicited...
  • Terry Zink: Security Talk

    Not one of my better moments

    • 4 Comments
    Today was not a great day.  A little humbling, if you will. I was asked to participate in a conference call with a customer who was checking out our services because I knew our technology better than the account representative for this customer.  Fair...
  • Terry Zink: Security Talk

    A quick introduction to Web 2.0

    • 2 Comments
    This post isn't all that spam-related, but I think it's an important topic because it represents a fundamental trend. I've always said (well, I say it sometimes), that if I wasn't involved in the anti-spam industry, other than the stock trading arena...
  • Terry Zink: Security Talk

    Good news for a change - even my mother gets it

    • 0 Comments
    I'm quite proud of my mother.  Yesterday, she was listening to somebody on the radio talk about spyware and how you should never click on popup advertisements.  My mom agreed with the host and explained to me that clicking on such links represents a major...
  • Terry Zink: Security Talk

    June 1, 2007 - Spam breaks to the upside

    • 1 Comments
    It's been a long time since we had a really good spam attack but finally we are seeing a good-old fashioned spam outbreak. Ed Falk writes that a new breed of spam bots are relaying mail through ISPs. If so, they're doing an exceptionally good job....
  • Terry Zink: Security Talk

    How Hotmail fights spam

    • 0 Comments
    In case anyone is curious how Hotmail goes about fighting spam, there is a description of it here . I am not involved in Hotmail's spam fighting but I know many of the guys who work on it. We use some of the same technology in our own filters, including...
Page 1 of 1 (16 items)