Antispam company Postini Inc. said that it is now rejecting more than half of all attempts to send e-mail to its customers, due in part to increased activity from compromised home computers that have been turned into “zombies” for sending unsolicited commercial (“spam”) e-mail.
The company is dropping 53 percent of all e-mail connections that use the SMTP (Simple Mail Transfer Protocol) without reading the content of the e-mail messages. That’s an almost 20 percent increase since the company began aggregating information about troublesome Internet addresses from across its customer base, said Andrew Lochart, director of product marketing at Postini.
The Redwood City, California, company manages e-mail for around 3,300 companies and 5 million e-mail users. Postini uses its own algorithms to spot spam, as well as denial of service attacks and other threats, by analyzing the behavior of Internet-connected machines attempting to send e-mail and, after that, the message content.
Since October, 2003, the company began aggregating information on Internet Protocol (IP) addresses of machines attempting to e-mail its customers, and dropping connection attempts from IP addresses that are behaving suspiciously without ever receiving the intended message. Since that time, the percentage of dropped connections swelled from around 35 percent of all connections to the current 53 percent, he said.
“We’re cross-correlating spam and virus attacks for all our customers, and that allows us to block an even greater percentage of messages without even looking at the content,” he said.
Home computers connected to the Internet through large Internet service providers are responsible for around 36 percent of all the dropped connections. Loosely configured machines called “open relays,” and other compromised computers account for the rest of the dropped connections, he said.
Of the 47 percent of e-mail connections that are accepted, around 76 percent of the mail accepted are spam and one percent or two percent are viruses. Only 11 percent of the 10.75 billion SMTP connections the company receives each month are for legitimate e-mail messages, Postini said.
Spam and the problem posed by compromised home computers have been attracting more attention in recent months. Leading Internet service providers, including Comcast Corp. have begun kicking zombie machines off their network. At the same time, a number of companies and international standards organizations are evaluating technology standards that, if widely adopted, would allow companies to verify the source of e-mail messages and stop address spoofing, a common technique spammers use to disguise the origin of their messages.
In June, The Anti-Spam Technical Alliance (ASTA), an industry organization representing e-mail providers Yahoo Inc., Microsoft Corp., America Online Inc. and EarthLink Inc., released recommendations for ending unsolicited commercial (“spam”) e-mail, including a list of suggestions and “best practice” recommendations for Internet service providers (ISPs), e-mail service providers, governments, corporations and bulk e-mail senders.
Microsoft is also backing a proposed standard called Sender ID that requires organizations that send e-mail to publish the addresses of their outgoing e-mail servers in the Domain Name System (DNS) using Extensible Markup Language (XML). The Sender ID standard, which has been submitted for approval to the Internet Engineering Task Force (IETF) will allow companies to check for spoofing by analyzing information stored in the e-mail envelope and in the message body, Microsoft said.
Postini believes that its solution is superior to sender authentication schemes because it is “dynamic,” and allows the company to freeze communications from IP addresses that are behaving badly for short periods of time, then restore communications with them when they begin behaving normally again, as opposed to placing them on a block list for prolonged periods, Lochart said.
Such a system is better suited to the current spam distribution system, in which spammers shift e-mail traffic rapidly between thousands of compromised machines to send messages, Lochart said.
However, he also acknowledged that the system was only feasible for e-mail service providers like Postini that benefit from intelligence gathered from thousands of e-mail domains.
The spam problem calls for e-mail providers and antispam companies like Postini to combine their knowledge about spammers and their activities, said James Kobielus, an industry columnist at The Burton Group Corp.
Kobielus recommends a federated antispam network in which companies like Postini, Brightmail Inc., and others share spam signatures, whitelists and IP addresses, so that every legitimate e-mail sender can benefit from up-to-date information on spamming activity.