Vlad Mazek – Vladville Blog

Take a look at the following article discussing the current state of SPAM, discussed by the ones with perhaps most to gain: antispam vendors. As a highly biased vendor, I can tell you that the threat description by the marketers below is pretty much dead on. The logic at the end is horribly flawed because it questions the end of spam because the consumers now have freebie filters and commercial mail is getting more difficult to send.

Quite the contrary, dear Watson. The SPAM has gotten far less expensive to send because it is being distributed through huge botnets that do not send enough SPAM to get blacklisted quickly outside of the honeypot system. At the same time, it has gotten prohibitively expensive to filter mail at the server and/or the gateway – We sign up dozens of customers daily, almost all of whom are pulling out GFI and Barracuda appliances. Those systems are now worthless, despite their cost advantage over hosted networks, because they cannot handle the volume of mail being sent – even the largest appliances are getting overflown in SMB not to mention the tight T1 or broadband pipes.

Hosted SPAM filtering is taking a hit as well. Those “free” offers are going away and effective hosted filters are starting to raise prices. Hosting companies are also adding larger premiums for this service, cornering customers to use the client-based SPAM protection, having to rely on Outlook Junk Mail filters.

As my favourite demotivator says: “It’s always the darkest right before it goes pitch black.”

Now, here is the article:

— Microsoft’s (MSFT) Bill Gates, 2004, World Economic Forum in Switzerland

SAN FRANCISCO — Why, in 2007, is spam worse than ever? Let exasperated consumers count the ways: PDF spam. MP3 spam. Pump-and-dump spam. E-card spam.

It may sound like a broken record, but spam continues to do just that — break records. This year marks the first time the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion, according to market researcher IDC.

“Every year for the past four years has been the worst year yet,” says Rebecca Steinberg Herson, vice president of marketing at e-mail security firm Commtouch.

Unwanted commercial e-mail touting Viagra, get-rich-quick schemes and more is growing by electronic leaps and bounds: an Internet-buckling 60 billion to 150 billion messages a day. “It was one of the rare times (Gates) was wrong,” says David Mayer, a product manager at e-mail security firm IronPort Systems, a Cisco Systems (CSCO) division.

The sheer volume of unwanted commercial e-mail is like a tidal wave, washing over the best-built digital dams and, despite a federal anti-spam law, resulting in spam leaking through to consumers.

Feeding the spam-alanche are advances in spamming techniques, the rise of bots — millions of compromised PCs that spew spam — and the fact that more people have multiple e-mail addresses. Market researcher The Radicati Group estimates there will be 2.4 billion e-mail accounts worldwide by year’s end.

Eliminating spam is “a war you cannot win,” says Greg Toto, vice president of products and operations at computer security firm BigFix. “It is much cheaper to send spam than stop it. Spam is becoming more specialized, and spammers are taking advantage of bad practices by consumers and businesses.

“The stuff continues to spill through,” Toto says.

A surfeit of spam

And how. Despite Gates’ bold prophecy, a revolving door of anti-spam products and the Can-Spam Act of 2003 — whose advocates breathlessly predicted would deter spammers — the total volume of meddlesome stuff has continued an inexorable climb.

So much so that Gates recently clarified his 3-year-old prediction.

“I never said it would be solved,” Gates said in an interview with USA TODAY last month. “I said it would be substantially reduced, and in fact it has been reduced a lot.”

When reminded that numbers are spiking, Gates begged to differ. “Sure, there’s a lot (of spam) out there, but software is deleting 99.9% of that anyway,” he said. (Microsoft now pegs the figure at 85% to 95%.)

Spam is popping up in different guises — whether as attachments that appear to be PDFs, MP3 files and Excel spreadsheets — to evade anti-spam services, says Scott Petry, founder of e-mail security firm Postini, a subsidiary of Google (GOOG).

Faux electronic-greeting cards, containing links to viruses, have also picked up. Since July, Postini alone has blocked more than 1.5 billion copies of Storm, an e-mail virus masquerading as a greeting card.

Meanwhile, spam containing PDFs, non-existent in May, now accounts for 8% of unsolicited commercial e-mail. “The bad guys have taken a highly mutated approach because they’re only paid for what gets through,” says Jose Nazario, senior security researcher at Arbor Networks.

This summer, a PDF promoting a pump-and-dump scam urged consumers to buy shares in an obscure company called Prime Time Group. Anti-virus firm Sophos reported a 30% spike in spam moving across the Internet at the time, fueled by the missive. The fraudulent spam messages were sent from compromised home PCs by Storm, the e-mail worm that entices victims to click on tainted e-card links and thereby turns their PCs into spam-spewing bots.

Although Sophos blocked more than 500 million copies of the Prime Time PDF, it is likely the Internet was swamped by several billion copies of this particular piece of fraud spam. Many copies were getting blocked by anti-spam filters, but some made it to unprotected in-boxes.

“As long as even a small percentage of people continue responding to pump-and-dump scams like this, the problem will continue to exist,” says Ron O’Brien, Sophos’ senior security analyst.

And then there is phishing, those fraudulent e-mail and websites designed to rip off personal information. An insidious version of spam, its levels are at all-time highs. In July 2007 — the most recent month for which data are available — the Anti-Phishing Working Group said new phishing sites pole-vaulted to 30,999, from 14,191 in July 2006.

One in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago, according to e-mail security firm MessageLabs.

Fighting back

All is not lost, however. Consumers and corporations are getting creative to cope with the problem, operating on the premise that spam is inescapable.

“You can’t eradicate (spam), but you can manage the problem,” says Arbor Networks’ Nazario, who compares spam to the flu.

Industrious e-mail users are using an exotic mix of software and services to tamp down spam across several fronts. Think of it as their idea of spam inoculation.

For a start, tens of millions use Google’s Gmail because it was designed with built-in spam defenses. Others are joining social-networking sites such as Facebook and MySpace, where they control who has access to their personal profile, to exchange e-mail with friends, family and business associates.

Many also use phishing filters provided by Microsoft on its Internet Explorer browser. Last month, Yahoo, eBay and PayPal took a major step to shield customers from phishing attacks. They announced eBay and PayPal customers who use Yahoo Mail should start receiving fewer bogus e-mails because it now uses DomainKeys, an e-mail-authentication technology.

A new breed of e-mail services, such as CertifiedEmail from Goodmail Systems, put the financial onus on the senders of unsolicited commercial e-mail.

CertifiedEmail treats e-mail as a FedEx-like service. For less than one-fourth of a penny per message, commercial marketers, government agencies and non-profits are guaranteed delivery of e-mail to individuals who have indicated they will accept the messages from that specific sender. Recipients see a blue seal verifying that the message is legitimate, says David Atlas, senior vice president of worldwide sales and marketing at Goodmail.

Another free option, Boxbe, lets users of Gmail, Microsoft Outlook and Yahoo Mail create a guest list, giving them final say on who is allowed to send e-mail. Anyone not on the list receives an invitation to join when they send an e-mail to the Boxbe user.

The multilayered-defense approach has worked to stop such scourges as image spam, which varied the content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says.

Given all of these free available solutions, and their success in some cases, could the future be brighter for spam-slammed consumers?

Richi Jennings, lead analyst for e-mail security at Ferris Research, thinks so. He expects evolving anti-spam technology to slowly choke off unwanted commercial e-mail.

Could Gates’ oft-disparaged prophecy be right, after all?

“As more people have in-boxes protected by better and better spam filters, their experience of spam gets closer to Gates’ vision,” Jennings says. “He was a bit overaggressive with the prediction, of course. But spam isn’t an easy problem to solve.”

Contributing: Byron Acohido

I was sitting around writing some documentation and felt compelled to share some general knowledge on how Internet mail is routed around. The basic problem / solution here is how do I get a multihomed Exchange environment on the cheap? Enjoy.

Please first consider the following document: ExchangeDefender Deployment Guide

ExchangeDefender can deliver inbound mail to a static IP address or perform an MX lookup and deliver to the first available server. We support secure TLS delivery to both IPv4 and IPv6 addresses.

If you have multiple static IP addresses that you wish to deliver inbound messages, ExchangeDefender can perform an MX lookup in order to deliver mail to one or more mail servers. Larger clients tend to have multiple Internet providers on multiple IP ranges and use them to provide failover service or load balancing. ExchangeDefender fully supports this configuration.

In order to get ExchangeDefender to deliver messages to either a failover or load balanced connection that has multiple external IP addresses you need to create another MX record in your domain and add the hostnames of the IP addresses to that MX list. Your default @ MX record for the domain will still point to inbound30.exchangedefender.com but ExchangeDefender will deliver to your new MX record. Here is an example:

# Primary / default MX record
@ in mx 10 inbound30.exchangedefender.com.

# Host records for individual mail servers
mail1     in a 65.99.192.2
mail2     in a 65.99.255.3

# MX record for direct load balanced / failover access
directmail  in mx 10 mail1.domain.com.
directmail  in mx 20 mail2.domain.com.

In the example above, your default / primary MX record for domain.com is inbound30.exchangedefender.com. You have defined a hostname on each IP range you own as mail1.domain.com and mail2.domain.com. Finally, you have created a new MX record directmail.domain.com that will resolve to mail1.domain.com and mail2.domain.com

Under this example external mail for user@domain.com would be sent to inbound30.exchangedefender.com. ExchangeDefender would then route the message according to the MX lookup for directmail.domain.com which goes to mail1.domain.com or if unavailable to mail2.domain.com. This is the failover configuration. If you set the weights on directmail MX record to 10/10 (or any other numbers, so long as they are equal) then ExchangeDefender would deliver mail in a round robin fashion allowing for load balancing.

This configuration is independent of router choice, because it does not require the router to fail over the link. You could just have multiple routers with multiple gateways on your network. This configuration will work with virtually all routers and load balancers on the market because it uses DNS to route mail, not a hardware switch.

Of course, to set the MX record to deliver mail to access your ExchangeDefender configuration and click Advanced Settings for Inbound mail.

Important Notes:

• Make sure you check that the MX record exists, nslookup -q=mx directmail.exchangedefender.com should return two or more mail servers. If it returns invalid domain, something went wrong.
• There is a difference between a host (A) record and a mail exchanger (MX) record – if you point ExchangeDefender at a host the message will bounce.
• This is an advanced network topic and we strongly advise it be done by a competent IT Solution Provider, please contact us for a reference.