Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    July 12 - My third year anniversary!

    • 9 Comments
    Today is a special day at Microsoft, it is the three-year anniversary of the day I joined Frontbridge (now Microsoft Exchange Hosted Services) as a spam analyst. Ah, what a memorable three years it has been. On our first day on the job, me and three...
  • Terry Zink: Security Talk

    Sender authentication part 13: Some SPF odds and ends

    • 0 Comments
    Let’s tie up a couple of loose ends (but by no means all the loose ends) when it comes to SPF. I would like to interpret the below SPF record: v=spf1 a/24 mx/24 ptr ?all Now that we are experts in SPF syntax, reading this is a snap. The version of SPF...
  • Terry Zink: Security Talk

    Sender authentication part 12: Some examples of SPF

    • 5 Comments
    Now that we've plowed our way through SPF, including the syntax (I can't believe I took the time to do it, but if I ever go into a university and have to teach it I guess I should know it), let's take a look at some real life examples of domains that...
  • Terry Zink: Security Talk

    Sender authentication part 11: More on SPF Syntax (Continued)

    • 1 Comments
    The mx mechanism mx mx/<prefix-length> mx:<domain> mx:<domain>/<prefix-length> All the A records for all the MX records for domain are tested in order of MX priority. If the client IP is found among them, this mechanism matches...
  • Terry Zink: Security Talk

    Sender authentication part 10: More on SPF Syntax

    • 3 Comments
    Moving onwards to mechanisms, let's take a look at them in a bit more detail. Again, this information comes straight from the OpenSPF page, with extra commentary by me. The all mechanism all This mechanism always matches. It usually goes at the end of...
  • Terry Zink: Security Talk

    Sender authentication part 9: SPF Syntax

    • 3 Comments
    This is essentially going to be a summary of the information that appears on the OpenSPF documentation web page. Really, what else can I say that isn't said there? But, if you're like me and rarely bother clicking on links inside of blog posts and would...
  • Terry Zink: Security Talk

    Sender authentication part 8: Best-Guess SPF

    • 5 Comments
    I've had a document sitting on my shelf (ie, the window-sill 10 feet away from my desk) for about 6 months now just waiting to be read. It's entitled Sender Repuration in a Large Webmail Service. It's by Bradley Taylor, at Google, and is available to...
  • Terry Zink: Security Talk

    Spamhaus spam

    • 2 Comments
    This morning I had the distinct "pleasure" of getting spam in my inbox that was pumping the services of Spamhaus. Here's an excerpt: WORKING TO PROTECT INTERNET NETWORKS WORLDWIDE Spamhaus tracks the Internet's Spammers, Spam Gangs and Spam...
  • Terry Zink: Security Talk

    More on spam levels

    • 1 Comments
    I continue my brief hiatus from sender authentication to comment on the amount of spam we're seeing. We continue to see high levels of spam not seen on our networks in previous times. They haven't really dropped off at all since they started hitting...
  • Terry Zink: Security Talk

    Update on spam levels

    • 0 Comments
    My original plan when doing the series on sender authentication (which is not yet finished) was to write a series of uninterrupted posts. I didn't want to break my mometum by diverting to another topic. However, as serendipity would have it, the start...
  • Terry Zink: Security Talk

    Sender authentication part 7: Shortcomings of SPF

    • 6 Comments
    SPF is a method of authenticating the envelope sender's domain with the IP that transmitted the message to the receiving mail server.  It is quite useful for preventing spoofing but it has its shortcomings: 1. SPF adoption has been slow. As I alluded...
  • Terry Zink: Security Talk

    Sender authentication part 6: The basics of SPF

    • 4 Comments
    In our previous posts on sender authentication, we were introduced to the concepts of SMTP, internet headers and how spammers will try to spoof headers. One of the weaknesses of SMTP is that the sender can assign any email address as the Envelope sender...
  • Terry Zink: Security Talk

    Sender authentication part 5: More on received headers

    • 1 Comments
    We saw in part 2 of this series that when a receiving email server gets the message, it inserts a Received: header into the mail headers of the message. Let's go back to our previous example and see what happens if the message is routed through a couple...
  • Terry Zink: Security Talk

    Sender authentication Part 4: Forward Confirmed Reverse DNS

    • 4 Comments
    Now that we have seen how email headers are inserted by the receiving machine upon receipt of an email, we need to go into a little bit on how mail servers convert IP addresses to host names and vice versa. DNS stands for Domain Name System. It converts...
  • Terry Zink: Security Talk

    Sender authentication part 3: Checking the received headers

    • 2 Comments
    In my previous post on the basics of email headers, we saw the basic headers that are inserted by receiving mail agent. In this post, we are going to look at some of the techniques that spammers use to hide themselves. Recall a received header; it's an...
  • Terry Zink: Security Talk

    Sender authentication part 2: Reading email headers

    • 11 Comments
    As we saw in our previous post, 5 basic commands are needed for SMTP. When the receiving mail transfer agent (MTA) receives the message, it inserts additional headers which allow us to trace the message to its source. In the example from the previous...
  • Terry Zink: Security Talk

    Sender Authentication part 1: The basics of sending email

    • 6 Comments
    This is my first post in my series on email authentication. In order to understand how to authenticate the sender of an email, we need to understand how email works. I remember back in my 4th year of university when we learned how to send "fake" email...
  • Terry Zink: Security Talk

    Sender Authentication

    • 2 Comments
    In my next few posts, I plan to write a series on Sender Authentication, specifically on SPF and a little bit on SenderID and possibly even DomainKeys. To my more technically oriented readers, I apologize if this is familiar territory for you as I...
  • Terry Zink: Security Talk

    Save the inbox, save the world

    • 6 Comments
    One of the differences that webmail services like Hotmail has is the ability that it does not deliver mail to the end-client, users have to login to their accounts and view their mail on the web (unless, of course, they POP their mail). Exchange Hosted...
  • Terry Zink: Security Talk

    SPAM vs spam

    • 5 Comments
    I notice quite often that when people refer to spam (either inside our company or on the outside), they often say "SPAM." This has often confused me because as far as I know, SPAM is not an acronym and doesn't stand for anything, it's only slang for Unsolicited...
  • Terry Zink: Security Talk

    Not one of my better moments

    • 4 Comments
    Today was not a great day.  A little humbling, if you will. I was asked to participate in a conference call with a customer who was checking out our services because I knew our technology better than the account representative for this customer.  Fair...
  • Terry Zink: Security Talk

    A quick introduction to Web 2.0

    • 2 Comments
    This post isn't all that spam-related, but I think it's an important topic because it represents a fundamental trend. I've always said (well, I say it sometimes), that if I wasn't involved in the anti-spam industry, other than the stock trading arena...
  • Terry Zink: Security Talk

    Good news for a change - even my mother gets it

    • 0 Comments
    I'm quite proud of my mother.  Yesterday, she was listening to somebody on the radio talk about spyware and how you should never click on popup advertisements.  My mom agreed with the host and explained to me that clicking on such links represents a major...
  • Terry Zink: Security Talk

    June 1, 2007 - Spam breaks to the upside

    • 1 Comments
    It's been a long time since we had a really good spam attack but finally we are seeing a good-old fashioned spam outbreak. Ed Falk writes that a new breed of spam bots are relaying mail through ISPs. If so, they're doing an exceptionally good job....
  • Terry Zink: Security Talk

    How Hotmail fights spam

    • 0 Comments
    In case anyone is curious how Hotmail goes about fighting spam, there is a description of it here . I am not involved in Hotmail's spam fighting but I know many of the guys who work on it. We use some of the same technology in our own filters, including...
Page 40 of 46 (1,145 items) «3839404142»