Network News Break: Microsoft Backs a New Way to Slam Spam

by Michael Hall

With a new day comes a new, Microsoft-backed standard for spamfighting. With the merger of Caller ID for E-Mail and the popular but flawed SPF, there's no reason to sit out the spam wars. Also: Cisco's monstrous new switch, Comcast's startling admission, and Microsoft's new security software.

Network News Break is Crossnodes' daily summary of networking news, served up fresh daily. Please send your comments and suggestions to the editor.

Yesterday we touched briefly on the presence of a growing galaxy of standards where the battle against spam is concerned. It's probably a good comment on the ever-changing and early days nature of this battle that with the dawn came a new wrinkle: After a week of discussions, Microsoft and the creator of the Sender Policy Framework (SPF) have come to an agreement about a merger of SPF with Microsoft's own Caller ID for E-Mail.

Up to this point, we had some serious reservations about SPF. Because it depends primarily on a minor modification to DNS records, it has the advantage of relative simplicity, but it provides little protection against so-called phishing attacks, whereby a malicious spammer with access to a perfectly legitimate (and SPF-respecting) domain could still send a mail that represented itself as coming from somewhere it didn't via manipulation of headers that SPF doesn't concern itself with.

Our other concern is a shortcoming with SPF where mail forwarding is concerned. There are workarounds, but they don't work as well as Yahoo's proposed DomainKeys standard.

With the proposed merger of the two standards, SPF will adopt both a new, XML-based configuration (though the merged standard will honor servers with older configurations) and it will gain the ability to assess the headers of a mail, and not just the SMTP envelope. Consequently, a mail coming from joeschmoe.com will need to represent itself as such in any reply-to or from headers as well.

So what's this mean for the harried admin trying to staunch the flow of spam? For starters, it means SPF might be around for a while: It's got Microsoft in its corner. One of two major shortcomings (the lack of analysis of "from" headers) has been addressed, and the second (broken forwarding) can be dealt with, even if it's not perfect.

There's no reason to not at least try a test implementation of SPF. With an installed base of thousands of servers, including heavyweights like AOL, Google, Earthlink, W3.org, Symantec, and Ticketmaster, you'll be stepping into a sizable community of relatively stable networks already using SPF.

Related Links:


» What better 20th birthday present to give yourself than a $450,000 router? Cisco is rolling out what it previously code-named the HFR, (huge, fast router) and now calls the more staid "Cisco CRS-1 Carrier Routing System." Whatever the designation, it's impressive. The CRS-1 has an upward capacity of 92 terabits per second. Early testers have included Spring, AOL, and Verizon.

» We were interested to note a startling statistic from Comcast: The company reports that of the 800 million e-mail messages a day leaving its domain, about 100 million pass through its official servers, and 700 million are largely spam and viral mail from so-called "zombies," machines that are passing e-mail without their owners even realizing it. The cost of merely blocking port 25, says Comcast, would run upwards of $58 million due to notification and support costs. So the company's looking instead at selective blocking of port 25 on identified zombie machines via remote reconfiguration. The owners, if they are running zombie machines, will presumably never notice, and the rest of us will get a break from machines capable of sending hundreds of thousands of spams a day while the owner remains blissfully unaware.

» Microsoft continues to make a lot of noise about security, with the Internet Security and Acceleration Server (ISA) 2004 being its latest product in that area:

"ISA Server 2004, which comes in two editions -- Standard and Enterprise -- is a combination application layer firewall, virtual personal network (VPN) and Web caching repository. It can be used to perform deep inspection of Internet protocols to detect threats that traditional firewalls might miss."

HP plans to release a hardware security appliance running ISA Server 2004. The HP ProLiant DL320 is slated for Q3 2004, at an estimated retail price of $3,000.

The Week in Crossnodes

» Pack-Rats by Law: A Message Archiving Primer

With the Sarbanes-Oxley Act, messaging archives have gone from a voluntary tic among pack-rat users to a regulatory necessity. Here's how to crate up the correspondence without overloading your LAN.
» AirDefense Secures the Wireless Perimeter
In the rush to go wireless, administrators will find that they must supplement standard security measures with serious reporting and policy-enforcing products. Count AirDefense among them.
» WiMAX Bridges the Last Mile in Broadband
WiMAX is slated to provide high-speed connectivity over distances that dwarf 802.11's effective range. Of course, it also promises to keep things interesting for network administrators just coming to grips with Wi-Fi.

»Plan and Project Your Wireless LAN in 3-D

Don't guess when it comes to creating a wireless network at your company. LANPlanner SE lets you design and deploy a wireless network with confidence.

The Week in Network News

» Monday: Time to Talk Network Storage

If your CIO hasn't come to chat about archiving and storage, brace yourself: the message storage outlook for many companies is a little rocky. Also: battling message authentication standards, and a boost in NAS capabilities from Microsoft provokes some products from Iomega.
This article was originally published on Tuesday May 25th 2004