Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Browse by Tags

Tagged Content List
  • Blog Post: Understanding outbound spam controls in Office 365

    As a Program Manager of Antispam in Office 365, one of the questions I am frequently asked is “How many messages outbound are we permitted to send per minute? Per hour? Per day?” When I use the term “Office 365” I mean both our existing Forefront Online Protection for Exchange (FOPE) service, and our...
  • Blog Post: Spammers ruining it for everyone

    Last week we had an incident with our outbound reputation that caused delivery issues to various US government agencies who don’t use our service.  One of our customers did something inadvertently that caused our outbound IP reputation to degrade with some 3rd party reputation lists and as a result...
  • Blog Post: Are compromised accounts getting better or worse?

    I decided to take a look at the total amount of outbound spam incidents that we have discovered over the past year.  We have multiple layers of incidents: We have thresholds for the amount of mail users can send where the content is marked as spam. We have thresholds for the amount of mail some...
  • Blog Post: The flip side of outbound spam control

    Over the past few years, I have written numerous blog posts about controlling outbound spam.  Here’s a summary of what we do: We look for mailers who send high volumes of mail that are marked as spam. We look for mailers who send sudden bursts of traffic. We do not permit outbound commercial bulk...
  • Blog Post: Handling the problem of outbound bulk mail

    When it comes to email, I am our customers’ best friend.  I really am.  I’m the good guy that is always defending the user experience.  But even I have my breaking point. Over the years, we have put in a ton of outbound spam mitigations from delivering the spam out a different pool (and...
  • Blog Post: What I’m working on now

    It’s been crazy busy around here the past few days dealing with a ton of stuff, not the least of which is related to outbound spam. We’ve actually got a good handle on outbound spam, or at least we did.  Currently, we are dealing with two issues: One of the service offerings that Microsoft has is...
  • Blog Post: Our latest outbound spam mitigation technique

    One of the things that has kept me busy the past few weeks (read: months) is outbound spam – again! No matter how many mitigations we put in place, it’s never enough. The current challenge that we are dealing with is compromised accounts. Most of the time, but not always, this happens...
  • Blog Post: Not a great week for outbound spam

    It hasn’t been a great week this week (March 1-5) for some of our customers who use us for outbound mail relay.  I’m not going to name names because there have been a wide variety of users, but every single day this week we have had one or two organizations that have been sending abusive content...
  • Blog Post: Into the wild, wild west

    Remember way back, in summer of 1999, when Will Smith and Kevin Kline starred in the movie Wild, Wild West ?  If you don’t remember, that’s fine, because the movie really sucked.  According to the Wikipedia entry, Will Smith turned down the role of Neo in The Matrix in order to star in this...
  • Blog Post: Best practices for sending outbound mail

    One of the questions that I am frequently asked is if we get a sudden burst of outbound mail from a customer using us to send outbound, will we throttle their mail?  Throttling is the process of slowing down outbound mail such that a sending organization can only send a certain amount of messages...
  • Blog Post: How to reclaim your sender reputation, part 10 - Results

    Results Forefront Online (ie, us) has come a long way in reclaiming its outbound reputation. The question now is this – has it worked? I will report on some anecdotal evidence. The Good To determine whether or not we have gotten better, I prefer to check 3 rd party sources. While we may think that we...
  • Blog Post: How to reclaim your sender reputation, part 9 – disabling offenders

    Continuing on in my 9 part series , the process of mitigating an outbound spam problem occurs in a two-fold manner. Usually they are mutually exclusive, but one can lead to the other. Cutting off mail only for the offending email address This is the default position. If only one email address is responsible...
  • Blog Post: How to reclaim your sender reputation, part 8 – More pattern analysis

    Islands Islands are named that way because their appearance looks like an island – a time zone infraction in which the middle sticks out above the others. Another term for this pattern is the head-and-shoulders pattern. Islands are the most ambiguous scenarios because while they indicate that a problem...
  • Blog Post: How to reclaim your sender reputation, part 7 – Pattern analysis

    Mountains A mountain pattern is when each subsequent monitoring of an outbound spam problem is worse than the previous time. It looks like you are climbing a mountain. Once a threshold is crossed, an alert is generated. Mountains generate the most obvious tells that a problem is occurring. If the amount...
  • Blog Post: How to reclaim your sender reputation, part 6 – Noise reduction

    Pattern Detection and Noise Reduction The amount of noise inherent in outbound spam detection is high. End users will routinely mark messages as spam that aren’t actually spam. An example of this would be company billing reports; these are not spam but lots of people mark them like that. How do you know...
  • Blog Post: How to reclaim your sender reputation, part 5 - Monitoring

    Monitoring FOSE has implemented a lot of different mechanisms to mitigate the spam problem. These include, but are not limited to, the following: Routing all mail from non-customer domains that is marked as spam through the NDR pool. Changing (1) and routing all spam from customer or non-customer domains...
  • Blog Post: How to reclaim your sender reputation, part 4 – More options

    Option 3 - Keep track of the mail disposition and cut off the entire organization This was one of the original ideas proposed to solving the outbound spam problem.  The idea is to filter the mail and write the disposition (spam vs non-spam) to an IP stats log for outbound mail but not take any action...
  • Blog Post: How to reclaim your sender reputation, part 3 - Options

    Options Since outbound spam was poisoning our reputation, we decided that there were two angles we had to approach: Disable customers from using our outbound service when we detected they were spamming. Neutralize the effects of their spam so that other customers were not affected. These really are the...
  • Blog Post: How to reclaim your sender reputation, part 2 – The Damage

    This is the second part of a paper that I presented at Virus Bulletin.  Check out their web page here . Outbound Mail The basic assumption for outbound mail is that the people sending it are sending legitimate content. The problem is that this is not a valid assumption. If one customer, among hundreds...
  • Blog Post: How to reclaim your sender reputation - Introduction

    The following document is part of a paper that I presented at Virus Bulletin in Sept, 2009, in Geneva.  It outlines the process that my team has iterated over to clamp down on the problem of outbound spam. How To Reclaim Your Sender Reputation Background Sender reputation is one of the keys to email...
Page 1 of 1 (20 items)