IBM Wades Into Murky Waters Of Anti-Spam Tech - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
3/22/2005
03:00 PM
50%
50%

IBM Wades Into Murky Waters Of Anti-Spam Tech

IBM introduces an anti-spam technology that its developer says will nab eight out of 10 spams off the bat and fill the gap until more-robust sender-authentication schemes, such as Sender ID, SPF, or DomainKeys, are widely adopted.

IBM on Tuesday introduced a new anti-spam technology that its developer says will nab eight out of ten spams off the bat, and fill the gap until more robust sender authentication schemes, such as Sender ID, SPF, or DomainKeys, are widely adopted.

Dubbed FairUCE (Fair use of Unsolicited Commercial E-mail), the technology hit IBM's alphaWorks section Tuesday. alphaWorks is where IBM typically debuts under-construction and untried technologies to customers.

Like other sender authentication protocols, FairUCE is aimed at stopping the "spoofing" of e-mail, the common practice by most spammers and all phishers of forging their From: addresses in an attempt to hide their whereabouts. In many cases -- some analysts estimate as much as one-half -- spoofed spam is sent from so-called "zombies," or previously-compromised PCs not owned, only controlled, by the spammer.

Unlike other schemes, however, FairUCE doesn't rely on domain owners "publishing" records authenticating that mail from their domain is, in fact, coming from their servers. Instead, it tries to find a relationship between the sender's domain and the IP address of the client delivering the mail using a series of cached DNS look-ups.

"Emerging identity systems such as SPF, Sender ID, and DomainKeys can tell us for sure [if a sender address is spoofed], but they require each domain to publish new information," wrote Mathew Nelson, an IBM researcher and the creator of FairUCE, in an introductory message posted to a forum on alphaWorks. "Until every domain does this, we need something else. The FairUCE best-guess system fills that gap by taking an educated guess. Incoming mail is marked as either AUTHORIZED, meaning very likely the address is not spoofed, or NOTAUTHORIZED, meaning the address is probably spoofed."

If a relationship is found, FairUCE checks the recipient's whitelist and blacklist -- which are dynamically updated after an initial "seeding" by a database provided by IBM -- as well as a reputation score to determine whether to accept, reject, or challenge.

That latter is likely the most controversial part of FairUCE. Usually called "challenge/response," it's a universally-disliked anti-spam technique that requires senders to manually reply to queries from recipients to verify their addresses.

Nelson stressed that the query FairUCE generates if it doesn't find a match between address and domain isn't a challenge/response per se. "I say 'inquiry' rather than 'challenge,' because we're not asking if the sender is human, just if they are who they say they are, at least to the domain level."

Such inquires, he claimed, would only be sent to spoofed spam coming from zombies, to power users who specify a different e-mail address for bounces, and a few other "rare exceptions."

Some have taken the inquiry or challenge/response mechanism to mean that FairUCE will be returning spam to the sending system in a tit-for-tat counter-attack. Not true, said Marc Goubert, the manager of alphaWorks. "That's not what 'challenge' is about," he said. "We're returning inquiries for the domain to identify itself, not the spam."

The inquiry, added Nelson, is initiated by making a connection to the sending IP address, which is often met immediately with a "connection refused" error. Most times, Nelson said, no actual data is returned to the sender, and if some is, he said it's very small.

"And if a domain doesn't want to receive inquiries for spoofed mail, they can simply publish an SPF record saying so," he said.

Rather than send an inquiry, FairUCE can be administrator-configured to simply mark the unmatched -- and likely spoofed and thus spammed -- messages, or even discard them, although there the false-positive problem rears its head, admitted Goubert.

Nelson claimed that FairUCE would identify all the mail coming from zombies, about 80 percent of the spam according to his numbers, almost immediately.

"That's a huge tool spammers have, and provides incentive for writing viruses to sell banks of compromised computers for cash. We can take that away from them with sender identity. Lacking that, with FairUCE we can take it away for the cost of a few delivery attempts," he said.

"For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80 percent of unsolicited commercial e-mail and very rarely challenges legitimate mail."

"This sounds really interesting," said Richi Jennings, an analyst with messaging research firm Ferris Research. "There might still be some false-positive problems, and possibly problems for companies doing e-mail campaigns and transaction e-mails using third-party outsourcers, but the good news is that this doesn't require any domain records published."

One other problem that Jennings noted -- as did at least one poster to the forum following Nelson's opening message -- was that technology like FairUCE might simply drive spammers to go semi-legit.

"Although I can see this identifying the bulk of spam today, that's not necessarily true in the future," said Jennings. "Spammers may say, 'I'll just stop spoofing.' We saw some indication in the early days of SPF, when spammers were publishing their domain records.

"Spammers have a great ability to play with the arms race between spammers and anti-spammers," he added.

Nelson, however, says that since his creation works now, it deserves a try.

"FairUCE isn't perfect. It's a first iteration," he said. "But it's stopping 99+ percent of spam from reaching my inbox, the other 1 percent will never spam me again, it's not challenging any of the bulk mail I want, it's not challenging my friends or family, it's not challenging any of the mailing lists I'm on."

While not open-source -- although that's not outside the realm of possibility down the road, said alphaWorks' Goubert -- FairUCE can be downloaded free of charge from IBM's site. For now, it runs only on Linux and requires the Postfix mail server software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll