Is your e-mail server ripe for harvesting?

By Anne Saita, News Director 26 Jan 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

If you're the e-mail administrator for a small to mid-sized publishing company, real estate agency or law firm, you're likely battling more spam than admins in other industries. Meanwhile, regardless of where you work, your e-mail server's likely under attack -- and you don't even know it.

That's the conclusion drawn from an annual, exhaustive e-mail threat report released today by managed service provider Postini, which processes an average 400 million SMTP and e-mail messages daily. "This is the deepest we've ever dug into our vast databases," said Chris Smith, the company's senior director of worldwide product marketing.

Much of what the company's analysts concluded from last year's number-crunching is of little surprise to anyone in the trenches. Spam held steady at 75% to 80% of corporate e-mail despite the threat of prosecution from new laws like CAN-SPAM. Phishing grew more formidable, costing companies billions of dollars in stolen financial data. And millions of PCs infected with spam-friendly worms like Netsky and Bagle now act as mail relays to do spammers' dirty deeds.

Cumulatively, what emerges from the report are growing legions of enterprises grappling with increasingly sophisticated scams and server attacks that drain IT manpower and overwhelm equipment. The answer, Smith argues, is for more organizations worldwide to use these statistics as a wakeup call for better e-mail hygiene.

More on e-mail protection Extroverts more likely to open virus laden e-mail attachments Don't get caught in the spam and malware web

Some companies need a boost more than others, it appears. Among the surprising findings:

Size really does matter: Smaller companies with less than 100 users averaged 35 spam messages per user per day compared to companies with more than 10,000 users, which averaged a mere three such messages daily. This could be because larger companies are more likely to use security tools that filter out spam. Another theory surmises spammers intentionally root out smaller companies because they know they're more vulnerable.

"I'm not so sure spammers are that sophisticated," Smith said. "But we do suspect strongly that either one or both of these effects are in play here. So, these small companies tend not to have the resources of the bigger companies … and they're bearing more than their fair share of the spam problem."

Don't put yourself out there: Spam varies even more by industry. Companies that rely heavily on electronic communications obviously are easy targets, particularly the publishing industry, which topped the charts with 25 daily spam messages per user. Those findings aren't unusual. Reporters, lawyers and consultants, for example, readily expose their e-mail addresses online in the course of doing business.

So where should you work to reduce your spam intake? Your best best's the electronics, food and beverage or pharmaceutical industries, which all averaged one spam message or less a day. The financial and banking industries -- "the most paranoid of the paranoid" -- also did an excellent job of locking out louses.

People are getting better at limiting exposure of their e-mail addresses. Spammers, though, are getting increasingly creative on how they harvest e-mail addresses. -Chris Smith senior director of worldwide marketing, Postini

E-mail address theft unknown, underreported: For a couple of years now, Postini has campaigned to raise awareness of directory harvest attacks, which last year amounted to 150 daily attacks for the average company in Postini's system. Each one of those attacks averages 250 lookups. Add it up and it amounts to an astonishing 40,000 lookups per day for the average company -- just from attacks, not legitimate inquiries.

During a directory harvest attack, spammers essentially use brute force against an e-mail server to compile comprehensive lists of valid e-mail addresses to use or sell. Meantime, the plethora of probes overwhelms the e-mail server, creating a denial of service from the vast amout of non-delivery reports the attack generates. Lotus Domino and Microsoft Exchange are especially prone to these "NDR storms" because their servers tend to accept all messages for their domain by default.

"Directory harvest attacks are alarmingly widespread and are probably the most underreported threat of 2004," Smith said. He compared the rising e-mail server attack rate to the cumulative effect of insect bites. "One mosquito bite isn't life-threatening, but death by 40,000 mosquito bites is possible."

Most e-mail administrators don't associate the flood of non-delivery reports with an attack, or recognize that the tidal wave of inquiries slows servers. "It's because these mosquito bites, these directory harvest attacks, are biting corporate America. They're causing worldwide corporate e-mail administrators to spend more money on infrastructure than is probably necessary. And so it's the scourge of the e-mail world."

"It's sort of depressing if you're an e-mail guy. People are getting better at limiting exposure of their e-mail addresses. Spammers, though, are getting increasingly creative on how they harvest e-mail addresses," Smith concluded. "From what we've seen, this stuff works. It's a pretty scary trend."

Tags: Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Messaging Threats (spam, phishing, instant messaging) How to prevent brute force webmail attacks Unified communications: Securing a converged infrastructure Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CAPTCHA  (SearchSecurity.com) challenge-response system  (SearchSecurity.com) crimeware  (SearchSecurity.com) pharming  (SearchSecurity.com) phishing  (SearchSecurity.com) Register of Known Spam Operations  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Sender Policy Framework  (SearchSecurity.com) spam cocktail  (SearchSecurity.com) spear phishing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary