Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    Sender authentication part 21: Some recommendations

    • 4 Comments
    In documentation that Microsoft is going to release shortly, they have some recommendations on how to set up your SenderID records as well as a list of frequently asked questions. I will post a link to the relevant documents when they become available...
  • Terry Zink: Security Talk

    Sender authentication part 20: Advantages of PRA vs MAIL FROM

    • 3 Comments
    Microsoft is shortly coming out with some documentation on SenderID and the business case for its implementation. Hopefully by now I have demonstrated its usefulness. The Purported Responsible Address has a couple of advantages when deciding to support...
  • Terry Zink: Security Talk

    Sender authentication part 19: How spammers evade SPF

    • 6 Comments
    How would a spammer get around SPF? One way is the method used by Spammer-X in his book Inside the Spam Cartel . Spammer-X is a retired spammer (so he says) and goes into a lot of the details in his book. I'll give a review when I'm done this series on...
  • Terry Zink: Security Talk

    Notes on the CEAS

    • 4 Comments
    Here's a round up of my random thoughts on the CEAS: 1. The stuff on image spam detection was interesting, but it's a little late. Spammers have moved on to other tricks. 2. Speaking of the stuff on image spam, the false positive rates were very high...
  • Terry Zink: Security Talk

    I haven't disappeared

    • 1 Comments
    I've just been busy with a bunch of stuff over the past two weeks. I plan to resume to normal blogging in the near term.
  • Terry Zink: Security Talk

    See you at the CEAS!

    • 1 Comments
    Well, today I'm off to the Conference on Email and Antispam , in Mountain View, California. It's on Aug 2-3, 2007. I'm not speaking or presenting anything this, but maybe next year I'll present a topic like "How to write an antispam blog."
  • Terry Zink: Security Talk

    Sender authentication part 18: More hazards

    • 5 Comments
    The other hazard I'd like to look at with regards to SPF and SenderID is the issue of newsletters, or more specifically, bulk emailers. Bulk emailers have a long and checkered history of using questionable email practises. They put in lots of advertising...
  • Terry Zink: Security Talk

    Sender authentication part 17: Hazards of SenderID and SPF

    • 3 Comments
    Both SenderID and SPF have their critics. I'd like to touch on two potential problems with them: the first is the issue of email forwarding. There's no official standard on how email is to be forwarded (in terms of rewriting the headers). Suppose that...
  • Terry Zink: Security Talk

    Sender authentication part 16: SenderID vs SPF

    • 1 Comments
    SPF and SenderID are similar to each other in the way they act, but the differences between them are in what they are designed to target (at least how I see it). Both OpenSPF and Wikipedia say that SenderID and SPF are designed to address different problems...
  • Terry Zink: Security Talk

    Some notes on PDF spam

    • 2 Comments
    I started tracking some statistics on pdf spam this weekend. The following numbers will seem a little inflated (since spam performance metrics always appears better on weekends) but they are still interesting. Of all the messages with PDF attachments...
  • Terry Zink: Security Talk

    Sender authentication part 15: How SenderID interprets SPF records

    • 2 Comments
    In my last post, we were introduced to the new SPF record syntax that is specifically designed for SenderID. The question now is how does SenderID treat SPF records that were originally designed to be used with SPF? SenderID allows the spam filter to...
  • Terry Zink: Security Talk

    Sender authentication part 14: Introduction to SenderID

    • 2 Comments
    Now that we've moved our way through the workings of SPF, let's take a look at Microsoft's own branded technology, SenderID (I don't mean that Microsoft invented it since it derives from an earlier standard, only that Microsoft advocates the use of it...
  • Terry Zink: Security Talk

    July 12 - My third year anniversary!

    • 9 Comments
    Today is a special day at Microsoft, it is the three-year anniversary of the day I joined Frontbridge (now Microsoft Exchange Hosted Services) as a spam analyst. Ah, what a memorable three years it has been. On our first day on the job, me and three...
  • Terry Zink: Security Talk

    Sender authentication part 13: Some SPF odds and ends

    • 0 Comments
    Let’s tie up a couple of loose ends (but by no means all the loose ends) when it comes to SPF. I would like to interpret the below SPF record: v=spf1 a/24 mx/24 ptr ?all Now that we are experts in SPF syntax, reading this is a snap. The version of SPF...
  • Terry Zink: Security Talk

    Sender authentication part 12: Some examples of SPF

    • 5 Comments
    Now that we've plowed our way through SPF, including the syntax (I can't believe I took the time to do it, but if I ever go into a university and have to teach it I guess I should know it), let's take a look at some real life examples of domains that...
  • Terry Zink: Security Talk

    Sender authentication part 11: More on SPF Syntax (Continued)

    • 1 Comments
    The mx mechanism mx mx/<prefix-length> mx:<domain> mx:<domain>/<prefix-length> All the A records for all the MX records for domain are tested in order of MX priority. If the client IP is found among them, this mechanism matches...
  • Terry Zink: Security Talk

    Sender authentication part 10: More on SPF Syntax

    • 3 Comments
    Moving onwards to mechanisms, let's take a look at them in a bit more detail. Again, this information comes straight from the OpenSPF page, with extra commentary by me. The all mechanism all This mechanism always matches. It usually goes at the end of...
  • Terry Zink: Security Talk

    Sender authentication part 9: SPF Syntax

    • 3 Comments
    This is essentially going to be a summary of the information that appears on the OpenSPF documentation web page. Really, what else can I say that isn't said there? But, if you're like me and rarely bother clicking on links inside of blog posts and would...
  • Terry Zink: Security Talk

    Sender authentication part 8: Best-Guess SPF

    • 5 Comments
    I've had a document sitting on my shelf (ie, the window-sill 10 feet away from my desk) for about 6 months now just waiting to be read. It's entitled Sender Repuration in a Large Webmail Service. It's by Bradley Taylor, at Google, and is available to...
  • Terry Zink: Security Talk

    Spamhaus spam

    • 2 Comments
    This morning I had the distinct "pleasure" of getting spam in my inbox that was pumping the services of Spamhaus. Here's an excerpt: WORKING TO PROTECT INTERNET NETWORKS WORLDWIDE Spamhaus tracks the Internet's Spammers, Spam Gangs and Spam...
  • Terry Zink: Security Talk

    More on spam levels

    • 1 Comments
    I continue my brief hiatus from sender authentication to comment on the amount of spam we're seeing. We continue to see high levels of spam not seen on our networks in previous times. They haven't really dropped off at all since they started hitting...
  • Terry Zink: Security Talk

    Update on spam levels

    • 0 Comments
    My original plan when doing the series on sender authentication (which is not yet finished) was to write a series of uninterrupted posts. I didn't want to break my mometum by diverting to another topic. However, as serendipity would have it, the start...
  • Terry Zink: Security Talk

    Sender authentication part 7: Shortcomings of SPF

    • 6 Comments
    SPF is a method of authenticating the envelope sender's domain with the IP that transmitted the message to the receiving mail server.  It is quite useful for preventing spoofing but it has its shortcomings: 1. SPF adoption has been slow. As I alluded...
  • Terry Zink: Security Talk

    Sender authentication part 6: The basics of SPF

    • 4 Comments
    In our previous posts on sender authentication, we were introduced to the concepts of SMTP, internet headers and how spammers will try to spoof headers. One of the weaknesses of SMTP is that the sender can assign any email address as the Envelope sender...
  • Terry Zink: Security Talk

    Sender authentication part 5: More on received headers

    • 1 Comments
    We saw in part 2 of this series that when a receiving email server gets the message, it inserts a Received: header into the mail headers of the message. Let's go back to our previous example and see what happens if the message is routed through a couple...
Page 40 of 47 (1,157 items) «3839404142»