Monitoring and Managing Microsoft Exchange Server 2003
Authors: Daugherty M.
Published year: 2003
|< Day Day Up >|
If you have an e-mail address, you are probably familiar with unsolicited commercial e-mail-commonly known as 'junk e-mail' or 'spam.' Senders of junk e-mail send billions of unsolicited-and unwanted-e-mail messages each day. If you are fortunate enough to be on a relatively well-protected corporate e-mail system, you probably only receive a few spam messages each day. If you have an e-mail account with an Internet service provider who does not attempt to filter spam, you may be receiving hundreds of unwanted messages each day. An estimated 30% of the e-mail sent to Internet service provider mail accounts and 15% of e-mail sent to corporate mail accounts is junk e-mail. America Online reportedly blocks more than 2 billion junk e-mail messages each day, and the number is growing.
At one time, many people considered unsolicited commercial e-mail to be a minor annoyance. However, the rapid growth of junk e-mail, combined with the aggressive and unethical tactics used by senders of junk e-mail, has caused most people to reevaluate their opinions . The quantity of unsolicited commercial e-mail has reached the point where it threatens to outweigh the benefits of e-mail.
The financial cost for junk e-mail is real but often difficult to quantify. The cost generally falls into one of the following categories:
Lost productivity . There is some amount of productivity loss associated with users receiving each message, examining each message, deciding what action to take, and performing that action. The total productivity loss is directly related to the total number of junk e-mail messages that are received (i.e., more junk e-mail leads to larger losses).
Hardware and software . The increased volume of messages requires more processing power on the mail servers, more disk space to store the message, and more network bandwidth. Companies that want to reduce the amount of junk e-mail their system receives must purchase filtering software and the hardware on which to run the filtering software.
Help desk . Junk e-mail increases complaints and questions to the help desk.
Viruses . Junk e-mail often carries viruses, spyware, or malicious code. Detecting and removing this unwanted code takes time and often requires software.
Spyware is code that the unsolicited mail installs on your system. The spyware uses your Internet connection to periodically connect to the junk e-mailer's server and send information about you and your web surfing habits.
Although there is no universally accepted definition of spam, most people-would agree that spam is the electronic equivalent of junk mail-that is, it is unsolicited commercial e-mail that is sent indiscriminately to a large number of unsuspecting recipients. Some small number of people- mainly the perpetrators of spam-see no distinction between junk e-mail and other online marketing methods . However, there are clear differences between the online marketing practices of reputable businesses and the practices of the distributors of spam. Answers to the following questions help to separate reputable businesses from the distributors of junk e-mail.
How do they make money?
What is the content of their e-mail messages?
What return address is on their e-mail messages?
How are recipient addresses added to their distribution list?
Does the recipient know that they have been added to the distribution list?
Are the distribution lists sold or shared with others?
How can the recipient be removed from the list?
Does the company honor requests to be removed?
Reputable online marketing companies make money by selling their own products and services. Senders of junk e-mail make money by selling e-mail advertisements.
E-mail messages from reputable online marketing companies are advertisements for their own products and services. Spam messages are advertisements for products and services from other companies and individuals. Many of these marketing messages are for sexually explicit products, casinos, 'get rich quick' schemes, 'free' products, debt consolidation, low-cost financing, personal health products, and other deceptive messages with misleading subject lines. Although junk e-mail message content is often objectionable , the sheer number of messages is actually a bigger problem.
Return addresses on e-mail from reputable online marketing companies almost always show their own company name . The return addresses on junk e-mail are almost always misleading. If it was easy to identify incoming messages as spam, recipients could easily filter the unwanted e-mail. Instead, junk e-mailers use a variety of techniques to disguise their identity.
Domain name variants . A common response when e-mail administrators detect unwanted messages is to block all e-mail from the sender's Internet domain. In response, senders of junk e-mail buy variants of their domain name and switch domain names frequently to get past domain name filters.
Multiple Internet Protocol (IP) addresses . Because the user -readable domain name is usually misleading, a more reliable technique is to block messages on the basis of the sending server's IP address. In response, senders of junk e-mail buy a block of IP addresses (e.g., all addresses in a class C range) and switch IP addresses frequently to get past IP address filters.
Forged From addresses . Just because a message appears to have come from firstname.lastname@example.org does not mean it really came from John Doe or from domain.com. Senders of junk e-mail often alter the userreadable message header information.
Relaying messages using an unsuspecting SMTP server that the sender of junk e-mail does not own . If a company leaves its SMTP server open for relaying, a junk e-mailer can use the unsuspecting server to distribute spam. Messages sent using SMTP relay list the unsuspecting server's domain name and IP address in the message header. This is such a common practice that there are now software packages that automate the process of finding and using unprotected SMTP servers that are open for relay.
Free e-mail accounts . Senders of junk e-mail use automated programs to sign up for free e-mail accounts on sites such as hotmail.com and yahoo.com and then use these accounts to send their junk e-mail. These sites attempt to detect this type of activity and quickly disable the account. However, some (hopefully small) number of junk e-mail messages are usually sent before the account is disabled.
Reputable online marketing companies add recipients by asking for the user's e-mail address on an e-commerce website (e.g., product registration websites ), trade show registration lists, and others. Senders of junk e-mail create their distribution lists using multiple mechanisms.
Buying address lists . Most corporate e-mail addresses are protected by firewalls. Therefore, when most employees of a company suddenly begin receiving junk e-mail, the source of the distribution list is often a disgruntled former employee who took (and then sold or donated) a copy of the company's global address list. Junk e-mailers can even buy CDs with names and addresses of corporate users.
Scraping e-mail addresses from the Internet . Addresses are published in a variety of places and are all subject to address scraping. Internet search engines (e.g., www.google.com and www.yahoo.com) use robots and spiders to automatically search the Internet to collect keywords. Scammers use similar automated address- harvesting programs to collect e-mail addresses by searching for text strings that contain '@'. Luckily, harvested e-mail addresses appear to have a relatively short lifespan. The number of junk e-mail messages sent to an address decreases once the address is removed from wherever it was posted. These robots and spiders target Internet repositories, such as the following:
Addresses posted on public websites . Plain Text and human-readable addresses posted on public websites (e.g., auctions, discussion boards , employment search) attract the most junk e-mail. Because junk e-mailers concentrate on the websites with the most addresses, the number of junk e-mail messages that a user receives is directly related to the popularity of the public websites where the user's address is posted. The more visitors a website has, the greater the probability that a junk e-mailer will use an address-harvesting program to collect the posted addresses.
Addresses posted in USENET newsgroups . Plain Text and human-readable addresses posted in newsgroups are also targets for address-harvesting programs, and some newsgroups (e.g., those discussing sexually explicit topics) may be more frequently harvested than others. Addresses posted in the message header are more vulnerable than addresses that may be included in the text of the posting.
Addresses posted in domain name registration database . E-mail addresses for domain contacts are listed in domain name registration databases. However, because of the relatively small number of addresses, these databases are not a prime target for address-harvesting programs.
Brute force and dictionary attacks . Not all spam is sent to lists of known e-mail addresses. Even addresses that have never been posted on the Internet, have never been used to send or receive e-mail, and have never been shared in any way are vulnerable to junk e-mail through brute force attacks on mail servers. In a typical brute force attack, the junk e-mailer uses various methods to 'guess' the e-mail addresses on a server. The most common methods are to use a spam program to send e-mail:
to every possible combination of letters that could form an e-mail address
to all words in a dictionary
to all common names (e.g., 'bob' or 'smith')
to all common names and first initials (e.g., 'bsmith')
As you might suspect, shorter e-mail addresses (e.g., email@example.com) are more vulnerable than longer addresses (e.g., mike.daugherty@ domain.com).
Because brute force attacks are based on guesses, few of the messages will actually make their way to an active mailbox. However, the flood of delivered and nondelivered messages consumes considerable network bandwidth, and generating thousands of nondelivery notifications requires processing time. Even if an alert network manager detects the attack, some number of messages will likely be delivered before the network manager can block the attack.
By supplying an e-mail address to a reputable online marketing company, the user understands that the company will send information about the company's products and services. Most recipients of junk e-mail have no idea that their addresses have been harvested until they begin receiving junk e-mail.
This registration process used by reputable online marketing companies often asks if the user would like to also receive information from the company's partners . Distributors of junk e-mail routinely sell their distribution lists to create an additional source of revenue.
The recipient can simply revisit the e-commerce website or send e-mail to reputable online marketing companies to be removed (or opt out) from their distribution list. Opting out from a junk e-mailer's distribution list is usually difficult and often impossible . Senders of junk e-mail usually use your attempts to be removed as verification that the e-mail address is valid. Instead of reducing the amount of junk e-mail, trying to be removed from a list actually increases the amount of junk e-mail that will be sent to you.
Reputable online marketing companies always honor requests to opt out. Senders of junk e-mail rarely honor such requests because it takes too much time. In fact, a request to be removed is validation that the e-mail address is legitimate . Because senders of junk e-mail get paid by the number of messages they deliver, they have little reason to remove an address.
|< Day Day Up >|
Monitoring and Managing Microsoft Exchange Server 2003
Authors: Daugherty M.
Published year: 2003