Spam Blockers Losing Ground on Sophisticated Attackers


This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."

Download it now to read this article plus other related content.

By aggregating data on billions of messages and tens of millions of senders, reputation services have emerged to gauge sender intent. The antispam companies can assess, with statistical significance, whether a particular IP address is likely to be sending spam or ham (legitimate messages). Additionally, law enforcement has gotten much more aggressive over the past three years in finding, catching and prosecuting high-volume spammers.

Thus it became important for the bad guys to more effectively mask their intent and stay hidden. This is what drove the interest in and growth of bots as an effective way to mask who they were and what they were doing. The nature of the bot communication makes it very difficult to track the identity of the bot master. The bot masters now have millions of compromised machines at their disposal to deliver spam or launch a denial-of-service attack.

But even bots will be detected and eliminated over time, so the bad guys have tried a different tack, directly attacking legitimate mail servers. If the credentials and passwords of a known good email server can be stolen or acquired via brute force, the spammer has free rein to blast messages until the reputation servers respond by giving that server a bad reputation score.

Spammers are also increasingly compromising free hosting companies and

    Requires Free Membership to View

co-opting the built-in SMTP server running on the host to blast messages unfettered until the reputation score of the server is affected. Of course, there is significant collateral damage as the legitimate senders are blacklisted.

Turning the gateway inside out

Spam and other inbound attacks are certainly very high-profile. Turn off your spam filter for an hour or two and you'll realize that. But organizations may be losing a lot more valuable information on the outbound side. Whether it's insiders sending corporate secrets to competitors or their own webmail accounts, or a customer service rep inadvertently sending private data to customers, these are significant corporate and regulatory compliance issues.

Many of the same detection techniques, including content analysis, regular expressions, Bayesian filtering and link analysis, can be used to analyze outgoing email for signs of content leakage. Thus, one of the more popular new functions for email security gateways is to "turn it inside out" and start filtering the outbound mail.

Many large enterprises are investing significant sums in dedicated data leak prevention offerings, but in some cases, the capabilities built into an existing email or Web security gateway may be good enough to stop a large percentage of the information exposure.


This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: