June 2007 - Posts
My original plan when doing the series on sender authentication (which is not yet finished) was to write a series of uninterrupted posts. I didn't want to break my mometum by diverting to another topic. However, as serendipity would have it, the start
Read More...
SPF is a method of authenticating the envelope sender's domain with the IP that transmitted the message to the receiving mail server. It is quite useful for preventing spoofing but it has its shortcomings: 1. SPF adoption has been slow. As I alluded to
Read More...
In our previous posts on sender authentication, we were introduced to the concepts of SMTP, internet headers and how spammers will try to spoof headers. One of the weaknesses of SMTP is that the sender can assign any email address as the Envelope sender
Read More...
We saw in part 2 of this series that when a receiving email server gets the message, it inserts a Received: header into the mail headers of the message. Let's go back to our previous example and see what happens if the message is routed through a couple
Read More...
Now that we have seen how email headers are inserted by the receiving machine upon receipt of an email, we need to go into a little bit on how mail servers convert IP addresses to host names and vice versa. DNS stands for Domain Name System. It converts
Read More...
In my previous post on the basics of email headers, we saw the basic headers that are inserted by receiving mail agent. In this post, we are going to look at some of the techniques that spammers use to hide themselves. Recall a received header; it's an
Read More...
As we saw in our previous post, 5 basic commands are needed for SMTP. When the receiving mail transfer agent (MTA) receives the message, it inserts additional headers which allow us to trace the message to its source. In the example from the previous
Read More...
This is my first post in my series on email authentication. In order to understand how to authenticate the sender of an email, we need to understand how email works. I remember back in my 4th year of university when we learned how to send "fake" email.
Read More...
In my next few posts, I plan to write a series on Sender Authentication, specifically on SPF and a little bit on SenderID and possibly even DomainKeys. To my more technically oriented readers, I apologize if this is familiar territory for you as I hate
Read More...
One of the differences that webmail services like Hotmail has is the ability that it does not deliver mail to the end-client, users have to login to their accounts and view their mail on the web (unless, of course, they POP their mail). Exchange Hosted
Read More...
I notice quite often that when people refer to spam (either inside our company or on the outside), they often say "SPAM." This has often confused me because as far as I know, SPAM is not an acronym and doesn't stand for anything, it's only slang for Unsolicited
Read More...
Today was not a great day. A little humbling, if you will. I was asked to participate in a conference call with a customer who was checking out our services because I knew our technology better than the account representative for this customer. Fair enough,
Read More...
This post isn't all that spam-related, but I think it's an important topic because it represents a fundamental trend. I've always said (well, I say it sometimes), that if I wasn't involved in the anti-spam industry, other than the stock trading arena,
Read More...
I'm quite proud of my mother. Yesterday, she was listening to somebody on the radio talk about spyware and how you should never click on popup advertisements. My mom agreed with the host and explained to me that clicking on such links represents a major
Read More...
It's been a long time since we had a really good spam attack but finally we are seeing a good-old fashioned spam outbreak. Ed Falk writes that a new breed of spam bots are relaying mail through ISPs. If so, they're doing an exceptionally good job. His
Read More...
In case anyone is curious how Hotmail goes about fighting spam, there is a description of it here . I am not involved in Hotmail's spam fighting but I know many of the guys who work on it. We use some of the same technology in our own filters, including
Read More...
