2006 November

Ferris Analyst Receives 25,000 Spam Messages Over Two Days

Comment on this (2 comments)Nov 30, 2006

Late last week, a spammer decided to send a large run of spam messages in my name. We estimate that in the space of 48 hours, the spammer’s botnet spewed 10 million messages that appeared to come from one of my privately owned domains.

A small percentage of those messages bounced, resulting in 25,000 bounces in my email over a 48-hour period. At its peak, I received one misdirected bounce per second. Many of the bounces included images — about half a gigabyte of unwanted, "backscatter" email.

What should we learn from this?

We were impressed with how well the Symantec Brightmail spam filter that protects these domains worked. It did a near-perfect job of sifting out the bounces from the real email: better than 99% effectiveness, and no false positives — although it’s hard to be sure when there are so many messages to check in the quarantine. (For clarity, Symantec doesn’t protect the ferris.com domain; these forgeries were attacking other, privately owned domains such as richi.co.uk.)
Many email servers behave badly, to the extent that they bounce unwanted email, instead of rejecting it. Some of this is due to configurations that accept everything at the perimeter and only later decide the mailbox doesn’t exist. Others seem to be due to badly configured perimeter protection — including a surprising number of Barracuda appliances. If you’re responsible for a mail system that creates such backscatter, please fix it.
Many sites allow their users to auto-reply to email with no regard to whether they’re replying to spam (and hence sending irrelevant junk to a forged sender). Incredibly, some of these sites clearly decided the message was spam — as can be seen from SpamAssassin-like headers or subject tags added to the spam — yet they still kindly let me know that they’re "out of the office" because a spammer falsely used my email address as the spam’s sender. This is another form of backscatter; if you’re responsible for a mail system that does this, please fix it.

… Richi Jennings

The attraction of instant messaging

Comment on this... (0 comments) Nov 30, 2006

Article discussing the IM in the enterprise and how it is replacing email for casual communications. More

SWING Integrator 5 Provides Better Ties between Lotus Notes and OpenOffice

Comment on this... (0 comments) Nov 30, 2006

SWING Software released version 5 of SWING Integrator, its Office integration toolkit for Lotus Notes and Domino developers. Adds OpenOffice integration with IBM Lotus Notes applications. Available immediately. More

Azaleos Provides Free Microsoft Exchange Cost Calculator Tool

Comment on this... (0 comments) Nov 30, 2006

Azaleos released Exchange TCO, its TCO calculator for Exchange. Analyzes of the costs of running Exchange 2003 and Exchange 2007 incorporating data collected from hundreds of customers to provide assumptions about software, hardware, archiving, management, monitoring, and IT resource costs associated with operating Exchange. Available immediately. More

F-Secure Client Security 7 offers deep proactive protection for the corporate world

Comment on this... (0 comments) Nov 30, 2006

F-Secure announced version 7 of F-Secure Client Security, its anti-virus solution. Key enhancements: F-Secure DeepGuard application to provide zero-day protection against previously unknown malware, integrated F-Secure BlackLight rootkit scanning, and new scanning options, among others. Available 1Q2007. More

Accelerate Your Adoption of Application Security Practices

Comment on this... (0 comments) Nov 30, 2006

Secure Software will host “Accelerate Your Adoption of Application Security Practices,” it webinar, on December 5, 2006 at 2:00 pm EST. Highlights: application security program needs continue to be driven by compliance demands and the growing number of exploits at the application layer, Yankee Group presentation on current industry perspectives and best practices, and learn [...]