Twitter Us!

Sendio - eMail Integrity.Sendio Philosophy
Email System Protection

Product Philosophy:

... Or got policed - so that today there is virtually no unsolicited commercial email sent. Valid email marketing lists are all opt-in, and every message has an opt-out option.

No, the problems today with open Internet email are the con games and the criminals. The billions of messages from these "people" are not actually commercial. They are not marketing anything real. They are trying to either steal from you or your company directly, or infiltrate your computers with malicious code (e.g. viruses and trojans) which allows the criminals to add the systems to their illegal networks.

The "offers" for "effortless diplomas," weight loss programs, cheap pharmaceuticals, replica watches, celebrity gossip, discount software licenses, sales lead sources and help with your libido are all bogus. They just want you to click the link and become a statistic. And if you try to figure out where these messages come from, you realize that the senders are also bogus (typically "bots" on already compromised PCs using fake or spoofed addresses).

What is the REAL Problem to be Solved ?

In the simplest terms, BLOCK ALL MESSAGES FROM BOGUS SENDERS from ever reaching your email server and your users' inboxes. It doesn't matter what they send you, since none of it is legitimate.

Secondarily, we also want to make sure that legitimate messages from real senders don't inadvertently carry malicious components such as viruses or trojans. These two basic requirements are the definition of email system protection. If we could accomplish that, email systems management would be just work and not an on-going nightmare.

Well, (surprise surprise) this is EXACTLY what Sendio can do. Check out the rest of the Philosophy topics and the Facts topics for how we do it.

Solving the Problem:

It comes down to a simple distinction between "good guys" and "bad guys". Good guys are the customers, partners, suppliers, other business associates, friends, service providers, teachers and everyone else you already communicate with or who you may want to communicate with in the future. Bad guys are whoever sends (or gets some bots to send) any bogus messages.

If you already knew all of the good guys you ever wanted to communicate with, you could simply create a "white list" with their addresses. That would solve the first part of the problem. Unfortunately, there are always new good guys coming online (like new prospective customers). You do not want to create bad impressions and administrative headaches by simply rejecting messages from unknown people and then having to manually add them to your white list.

Community

Open Internet email was essentially "invented" in August 1982 with the publication of RFC 821, which described the Simple Mail Transport Protocol (SMTP). At that time, everyone using the Internet was a good guy, so no mechanisms were included for blocking bad guys. More recently, communications tools like Instant Messaging (AIM, GTalk, Skype et al) and social networks like Facebook have been released, and their designers learned from watching how bad guys abused email.

All of these more modern communications tools assume that there are good guys and bad guys (i.e. "friends" and "everybody else"), and they provide a means for creating each user's "community" of friends (or "buddies" or "contacts" or "followers" etc.). You interact with your community, and are protected from everybody else. New people can ask to join your community, and you control the process.

Community for Email

This concept of community is EXACTLY what email needs in order to solve the abuse problems. But, it must be simple and intuitive, and not add any administrative overhead. As an email administrator (presumably), you have two basic choices: request that your email system vendor add this functionality to their product, or externally augment your system. (We, of course, would recommend adding our products as the ideal course of action.)

At a high level, Sendio's definition of communities for email can be summarized as:

  • Take the effectiveness of white listing
  • Add a straightforward automated mechanism for new "good" people to join that "bad guys" won't use
  • Provide an easy way for dumping a "semi" good guy that you just don't have the need or interest to communicate with
  • Add extra features for dealing with mailing lists, newsletters and other automated messages that come from "software" and not "people"
  • Finally, perform a virus check on messages just to make sure nothing is trying to sneak in via a message from a "good guy"

Building an Initial Community

So, how do you go from lovely concept to hard reality ? First, you recognize that there can be both company-wide communities and personal communities. A company-wide community is the list of people that everyone may want to communicate with, whereas a personal community would include people that are specific to an individual.

The company-wide community would import all of the system contacts in your email server and, typically, all of the contacts in the your CRM system (SAP, Siebel et al). Personal communities would import all of an individual user's contacts (from Outlook for example). In this way, everybody you already do business with or interact with is automatically in your community.

Maintaining a Community

Once your community is defined and deployed, the communications process is straightforward:

  • Every email sent to your server first has a series of SMTP validity and header checks performed to eliminate obviously bogus, forged or spoofed messages
  • Next, the message is scanned for viruses and other malware, and it is rejected if anything is found
  • Then, the message is analyzed to determine if it violates any corporate policies (e.g. message size, attachment types, standards compliance [DKIM, SPF, etc.])
  • Finally, the message sender is compared to the community lists, with two potential outcomes:
    • If the sender is already a member of the community, the message is forwarded on to the email server for routing to the appropriate inbox(es)
    • If the sender is NOT a member of the community, the message is held in a "pending queue" while the sender is invited to join the community

The "Invitation" Process

Here is where the bad guys get shut down while new good guys get connected. When a message from a non-community member comes in, it gets held in a "pending queue" while an invitation-to-join-my-community email is sent back to the non-member. All that person needs to do to join your community is reply to the invitation (click Reply and Send). This proves that a real person sent the original message.

Once they reply, they are now a part of your community and their original message gets delivered. Then, from now on, all messages from the new community member get delivered to you immediately, unless you decide to block then at some point. You "own" your community and completely control who has access to your inbox.

The "trick" here is that the bad guys won't (and in fact can't) reply to the invitation-to-join-my-community message. Bad guys go to great lengths to be "anonymous" so that they cannot get tracked down. A message sent to them goes to either a fake address or a compromised bot system, neither of which will respond. So, the invitation gets ignored and the original message gets dropped from the pending queue. You never see it.

This process is EXACTLY the same as when you joined Skype or Facebook. You had to confirm you were "real" and then you were in (until you break the rules at which point you get dropped). Everybody is familiar with this.

Newsletters and Subscriptions

But wait, you ask, what about legitimate messages that come from automated systems, not "people", like newsletters and subscription notices and other online services ? No problems. When you first implement email system protection using communities, you "teach" the system about each user's personal preferences. One user may want notices from Adobe, while another user NEVER wants those notices, and each can be accommodated.

No "Lost" Email

So, adding community management protects your email system from attacks and abuse by:

  • blocking all messages from bogus senders
  • blocking all messages that include malicious components (e.g. viruses and trojans)

In addition, it eliminates the "lost email" problem. So called "email security" products create this problem when they attempt to block bad messages using techniques like "probabilistic risk assessment" and "reputation scoring," which are fancy technical marketing terms for GUESSING. And we have all seen how they frequently guess wrong.

With communities, it is simply about message senders. If they are a part of your community, you get ALL of their messages. If they are outside, you get NONE. You have total control.

Easy. Elegant.

Content Filtering :

In the IT world, if someone says the word "anti-sp*m", everyone adds the word "filter" in their minds. It seems that "of course they just go together". But why ? We just cannot figure it out.

It must be something like "of course the world is flat" or "of course cigarettes are safe" or "of course General Motors is a solid investment". Those things that "everybody knows" right up until they are shocked by the reality.

Well, content filtering of network traffic is cool technology. And, when it can help make simple, clear yes/no, good/bad, black/white decisions, it can be very useful. For instance, in data leak prevention (DLP) products, filtering can work well. If the filter "sees" a credit card number or a social security number where there should not be one, then actions can be taken. A totally deterministic process.

Even anti-virus scanning is a form of content filtering. If a virus signature is matched, block the message. Again, a totally deterministic process.

The Failure: Using Content Filtering to Determine Meaning

But using content filtering for the "semantic content" (i.e. the "meaning") of an email message seems crazy. Sure, some content would be "obviously" bad, but most of it is open to interpretation. If you have ten people read a message, and four find it offensive, three don't care and three really like it, what should software do ? This is NOT a deterministic process. This is why, with email, filters have failed.

Again, let's be blunt. If email filters really worked, we would not still be having these problems (which are actually getting worse). But since filters are really just "guessing" at the meaning of a message, the bad guys keep adapting their approaches and the garbage just keeps flowing in.

What it comes down to: Who, or what, do you Trust?

It comes down to who, or what, you trust, and whether information is flowing in or out. If you truly trust your employees, then there is nothing to worry about with regard to the wrong information leaving the company. In the real world, even good people can make mistakes, so many companies are deploying DLP products because it really is all about the data.

On the incoming side, it is NOT about the data. It's about whether you trust the sender of the data. If you do not trust them, why do you want ANYTHING they send ? And the answer is, you don't.

 

Home | Evaluation Request | View Cart | Shipping | Return Policy | Terms & Conditions | Privacy Policy | Contact Us

SendScreen.com is a division of Virtual Graffiti Inc, an authorized Sendio reseller.
Copyright © 2010 Sendio, Inc. All rights reserved.