Network News Break: Microsoft Backs a New Way to Slam Spam

Network News Break is Crossnodes’ daily summary of networking news, served up fresh daily. Please send your comments and suggestions to the editor.

Yesterday
we touched briefly on the presence of a growing galaxy of standards
where the battle against spam is concerned. It’s probably a good
comment on the ever-changing and early days nature of this battle that
with the dawn came a new wrinkle: After a week of
discussions
, Microsoft and the creator of the Sender Policy
Framework (SPF) have come to an agreement about a merger of SPF with
Microsoft’s own Caller ID for E-Mail.

Up to this point, we had some serious reservations about SPF.
Because it depends primarily on a minor modification to DNS records,
it has the advantage of relative simplicity, but it provides little
protection against so-called phishing attacks, whereby a malicious
spammer with access to a perfectly legitimate (and SPF-respecting)
domain could still send a mail that represented itself as coming from
somewhere it didn’t via manipulation of headers that SPF doesn’t
concern itself with.

Our other concern is a shortcoming with SPF where mail forwarding is
concerned. There are workarounds, but they don’t work as well as
Yahoo’s proposed DomainKeys standard.

With the proposed merger of the two standards, SPF will adopt both
a new, XML-based configuration (though the merged standard will honor
servers with older configurations) and it will gain the ability to
assess the headers of a mail, and not just the SMTP envelope.
Consequently, a mail coming from joeschmoe.com will need to represent
itself as such in any reply-to or from headers as well.

So what’s this mean for the harried admin trying to staunch the
flow of spam? For starters, it means SPF might be around for a while: It’s got Microsoft in its corner. One of two major
shortcomings (the lack of analysis of “from” headers) has been
addressed, and the second (broken forwarding) can be dealt with, even
if it’s not perfect.

There’s no reason to not at least try a test implementation of
SPF. With an installed base of thousands of servers, including
heavyweights like AOL, Google, Earthlink, W3.org, Symantec, and
Ticketmaster, you’ll be stepping into a sizable community of
relatively stable networks already using SPF.

Related Links:

Elsewhere:

» What better 20th birthday present to
give yourself than a $450,000 router? Cisco is rolling
out
what it previously code-named the HFR, (huge, fast router) and
now calls the more staid “Cisco CRS-1 Carrier Routing System.”
Whatever the designation, it’s impressive. The CRS-1 has an upward
capacity of 92 terabits per second. Early testers have included
Spring, AOL, and Verizon.

» We were interested to note a startling
statistic from Comcast
: The company reports that of the 800
million e-mail messages a day leaving its domain, about 100 million
pass through its official servers, and 700 million are largely spam
and viral mail from so-called “zombies,” machines that are passing
e-mail without their owners even realizing it. The cost of merely
blocking port 25, says Comcast, would run upwards of $58 million due
to notification and support costs. So the company’s looking instead
at selective blocking of port 25 on identified zombie machines via
remote reconfiguration. The owners, if they are running zombie
machines, will presumably never notice, and the rest of us will get a
break from machines capable of sending hundreds of thousands of spams
a day while the owner remains blissfully unaware.

» Microsoft continues to make a
lot of noise about security, with the
Internet Security and Acceleration Server (ISA) 2004
being its
latest product in that area:

“ISA Server 2004, which comes in two editions — Standard and
Enterprise — is a combination application layer firewall, virtual
personal network (VPN) and Web caching repository. It can be used to
perform deep inspection of Internet protocols to detect threats that
traditional firewalls might miss.”

HP plans to release a hardware security appliance running ISA
Server 2004. The HP ProLiant DL320 is slated for Q3 2004, at an
estimated retail price of $3,000.

The Week in Crossnodes

» Pack-Rats
by Law: A Message Archiving Primer

With the Sarbanes-Oxley Act, messaging archives have gone from a
voluntary tic among pack-rat users to a regulatory necessity. Here’s
how to crate up the correspondence without overloading your LAN.

» AirDefense
Secures the Wireless Perimeter

In the rush to go wireless, administrators will find that they must
supplement standard security measures with serious reporting and
policy-enforcing products. Count AirDefense among them.

» WiMAX
Bridges the Last Mile in Broadband

WiMAX is slated to provide high-speed connectivity over distances that
dwarf 802.11’s effective range. Of course, it also promises to keep
things interesting for network administrators just coming to grips
with Wi-Fi.

»Plan
and Project Your Wireless LAN in 3-D

Don’t guess when it comes to creating a wireless network at your
company. LANPlanner SE lets you design and deploy a wireless network
with confidence.

The Week in Network News

» Monday: Time to Talk Network Storage

If your CIO hasn’t come to chat about archiving and storage, brace
yourself: the message storage outlook for many companies is a little
rocky. Also: battling message authentication standards, and a boost in
NAS capabilities from Microsoft provokes some products from Iomega.

Latest Articles

Follow Us On Social Media

Explore More