[an error occurred while processing this directive]
|Location: > Support > SNL #3 Site Map|
This issue of the SNL covers yet again what is probably the single most popular topic online today: unsolicited email (also known as spam). Functional additions to the UITB.com system employed within Deep Sky Tech. are covered in detail. As well, much convenience and support content has been included to help deal with unsolicited email, information that will help the usage of the UITB.com system. Some of the new content available on the Deep Sky Tech. web site is discussed, content that is invaluable to help make your online experience as problem free as possible.
Table of Contents
Not all of the invoices for Q3 2003 have been posted yet. Continued concentration on development of internal systems has yet again delayed the posting of all invoices for Deep Sky Tech. customers.
As you are probably already familiar with, invoices will be posted with the date of the posting, so no worries that anything will be considered late at all. If we do not post the invoice then you do not have to pay it yet. But, they should all be out within the week, in case you have not received yours yet.
This should be the last time that invoices are posted late (fingers crossed). The development plans for Deep Sky Tech. for 2003 have now to a large extent been completed. There are still a lot more changes and feature additions to be made, a great deal of work still remains for us, but the most difficult and time consuming tasks are now completed. This relieves a great deal of pressure from our shoulders so we can catch up on all outstanding support requests, work to adding many of the features we have been wanting to include for our hosting customers, and devote some of our energies to a more timely completion of regular tasks.
Though we have not had an issue of SNL for four months, the value of these newsletters is obvious. Summer is clearly the busiest time at Deep Sky Tech. Our trip through New York, the Great Lakes region, and into Chicago to visit many of you took a great deal of our time during the summer months.
Currently though, the SNL is only sent in email to customers that administer their sites currently hosted at Deep Sky Tech. (i.e. people with access to the Billing section of the SAME interface).
The local interns at Deep Sky Tech. have done a lot of work this summer to help this, though. One of the tasks that they have completed in the last few months is the posting of the SNLs to the Deep Sky Tech. web site. These back issues of the SNL are available fully to the public for all to read, benefit from, and enjoy.
You can find all of the issues of the SNL on our web site by following the Support link. Or, you can go directly to the main Support page by using the following URL:
All future issues of the SNL will be posted to this location, as well. So, in case you missed any of the articles in previous issues or need to review any of the previous content, it is all available for you to go back to and review.
Most importantly, much of the information in the SNL is geared towards all users of the Deep Sky Tech. services. This includes not just the administrators of sites and domains, but all the end users. As previously mentioned, though, we do not distribute the SNL directly to every user of the Deep Sky Tech.'s services, only to the administrators.
To save you from having to forward this information along to your users, you can just refer them to the SNL archive for them to more conveniently and easily learn about the systems at Deep Sky Tech. This meakes life easier for all of us.
In the first part of this article, available in the previous SNL, we spoke about the general difficulty of blocking unsolicited email. The issue of the email content being completely unreliable and forgable was shown to be a major difficulty in blocking systems based on content. It was also shown that the only piece of verifiable information related to an email that is being received is the IP address the email is coming from (commonly the IP address of the remote email server).
In this second part of this article, we will discuss the problems that can result from blocking based solely on the IP address of the remote email source. Different types of systems that rely on the IP address of the remote email source will be discussed. Some of the common problems that can exist in email systems will be discussed, most of them being security settings that are set incorrectly and thereby allow for exploitation of the email server for sending unsolicited email.
The largest problems with blocking email based solely on IP address is the problem of unsecure email servers and nefarious users. It is not uncommon for email servers to be configured incorrectly, and thereby unsecurely, by email administrators. This can result in security holes in the access to use the server for relaying email to remote locations by originators not intended by the email administrator. Purposeful misuse by users of remote email servers can also result in problems with blocking systems based on IP addresses.
If a remote email server is configured to allow any user to use it for relaying email to a remote email server without any form of logging in, it is a simple matter for anyone in the world to take advantage of such an email server for relaying their email. This is commonly known as an 'open relay'. Open relays are quickly found by purveyors of unsolicited email and exploited for delivering their messages. This results in unsolicited email having an apparent remote source of the IP address of the open relay email server. If this email server is identified then by an IP based block list for having delivered unsolicited email, then any legitimate email coming from the same email server will be blocked.
Another common misconfiguration of an email server that can allow it to be used to relay unsolicited email is called an 'open relay bounce'. Many email servers are configured to accept email addressed to any email address within a specified list of domains. Only when the email has been fully received is the intended recipients then checked for actual authenticity. If it is found then that the actual intended recipient email address does not exist, then this receiving email server will send a return message to the From: address. This return message will be formatted commonly as a bounce message, indicating the email could not be delivered, and commonly contain the original message that was attempted to be delivered. Purveyors of unsolicited email can easily take advantage of such systems by intentionally sending email to an address in the open relay bounce servers domain that do not exist and setting the From: address to the actual recipient that is targeted. The open relay bounce server would then generate its bounce message to the listed From: address and thereby deliver the unsolicited email. This exploit is so subtle that many large companies even now have their email servers configured such that this exploit is available. For instance, AOL (aol.com) has particular email servers in their network available for use online that can be exploited for such purposes (as of the writing of this article, this is still true). This can result in no end of hassles for users that use the same email server for sending their email as the same source can easily be listed as a source of unsolicited email.
Other common exploits for email servers include faking the hostname identification of the source, forging the MAIL FROM envelope address to be a local user (e.g. postmaster or webmaster), exploiting web based and automated email services in the network, and obviously virii. In no way is this a definitive listing of the exploits possible in an email server. But, they are the most common and all can result in a email server being used for relaying unsolicited email. Once an email server has been exploited in such a way, IP based block lists will identify the source of the unsolicited email, block any further email from that location, and thereby possibly block legitimate email that is sent through the same email server.
Notice so far that all of the exploits mentioned involve in some way unsecure and improper configuration of an email server by the email administrator. It is not uncommon for email administrators to setup the email server initially and then never change any of the configuration options. Email servers are often very stable pieces of software that can run with very little maintenance or monitoring. Unfortunately, this is what most email administrators then do. By failing to consider a particular security problem in the configuration and then not monitoring closely enough the resulting usage of the email server, problems can exist for an extended period of time, sometimes for years, without ever being noticed. It is imperative that email administrators monitor closely the usage of their email servers and investigate any and all usage anomalies that are seen.
When a security hole of some sort is found to exist in an email server, the single best course of action to take is to inform the email administrator of the problem. This is often as simple as sending email to the postmaster. The postmaster of the email server is required to have the email address of 'email@example.com', with the domain portion being whatever the domain of the SMTP server happens to be. The email administrator is the only individual that can investigate properly the problems encountered and thereby take corrective action. And, if you are lucky, the email administrator of the SMTP server you are using is willing to correct security problems in their systems (surprisingly enough, it is not uncommon to find email administrators that are not willing to correct security problems in their systems, believe it or not).
Another very common source of problems with IP based blocking is that of nefarious users. If users that could be considered legitimate by particular remote email systems intentionally use the email servers they can access for sending unsolicited email, this can easily result in blocking of the email server. Services like Hotmail, Yahoo, and many others, where email services are provided for users for free in an automated fashion from the web are commonly exploited for such purposes. Dialup providers that offer free initial access, including AOL, MSN, Earthlink, and many others, can have fake accounts opened in an automated fashion and then be exploited for sending unsolicited email from such nefarious users. Though most service providers have a strong anti-spam policy, the actual configuration of their systems allow for such continued exploitation by users. Until the ease by which users can gain access to these systems is corrected, the problem of unsolicited email coming from these sources will continue.
In the next installment in this serious, some of the additions for IP based block lists will be discussed. These additions to the base functionality of an IP based block list are what allow such a system to become much more effective and usable for combatting unsolicited email.
There is an exciting, and powerful, new feature available in the UITB.com system at Deep Sky Tech. This new feature allows users to easily and simply customise the block list used by the UITB.com system. And, these customisations to the block list are unique for each individual domain hosted at Deep Sky Tech. This new feature is available for all users of the UITB.com system immediately.
When within the UITB.com Trapped Email Interface, it used to be that the only functionality available was the ability to review trapped email and choose for each whether it was Spam or Not Spam. Items that were marked as Not Spam were forwarded to the original recipient email account as if it was normal email.
The new functionality in the UITB.com system does not change any of the existing functionality. Rather, it is purely an additional feature that is now available to all users.
The new features basically allow for all customers to specific domain specific white lists. A white list is essentially a list of criteria for accepting email. The implementation of white lists within the UITB.com system is specific for each domain hosted at Deep Sky Tech. This means that entries on the white list for foo.com will not affect the white list for goo.com. Each domain can have a unique and customisable white list. The white list implementation within the UITB.com system is based on the IP addresses that received email comes from. The white lists obviously allow you to make exceptions directly to the global block list used to trap email in the UITB.com system.
When within the UITB.com Trapped Email Interface, marking emails as Not Spam can bring up the page that allows the new features to be used. When trapped email is marked as Not Spam, the originating sources (IP addresses) of these emails are checked. If the sources are not currently on the white list for your domain, a page to Confirm White Listings is displayed. For each source IP address these Not Spam emails were received from, there is a display of all of the details on file in the UITB.com system for why email from this location currently is being trapped. This can include the percentage of user marked unsolicted email received from the location, details of any attacks from the location, and any other pertinent information related to each particular source. You can see directly then the reasons for the listing in the global block list within the UITB.com system for each location you received legitimate email from.
At this point, you are prompted for each location whether you want to include it on the white list for your domain. With the information provided, you can make an informed decision about whether you want to receive directly the email from each location without it being trapped in the UITB.com Trapped Email Interface. For sources that you choose to add to your domain's white list, future email that is received from that location will be handled differently.
Any existing email in the UITB.com Trapped Email Interface that is from a source that is currently on your domain's white list will be sorted to the top of the display list and shown with a background color of light red. This will make it very clear that these emails are from sources that have already been white listed for your domain and should be closely scrutinized for whether they are legitimate email that you should receive.
White list entries, though they exist in the UITB.com system immediately, are not available immediately to the email server. The email server is what determines whether email is placed into the UITB.com Trapped Email Interface or not. The loading of the white lists into the email server is currently done on an automated, cycled process that activates once every six (6) hours. This means that though you may white list a source, the email from that location may not bypass the UITB.com Trapped Email Interface for up to six hours. The simple rule to remember that should always work for this is 'white list entries you make today will be fully active tomorrow'. We are investigating ways to reduce the turnaround on loading the white lists throughout the UITB.com systems and hopefully will be able to devise a way to increase the frequency of these loads.
One other caveat to know about the white lists is that not all white listings will be directly loaded and available. For each white list entry, real time lookups for each email received from a white listed entry for your domain will be done. The lookups performed will be to determine the current percentage of spam received from that location in relation to the total number of emails on file from the same location. If the source maintains a high percentage of unsolicited email relative to legitimate email traffic, the white listings will not be respected by the UITB.com system and email from that source will continue to be trapped. Currently, this threshold is set at 80% total unsolicited email, so only the most prolific sources of spam should be affected by this threshold limitation in the white listings. Clearly, these are sources of email that have such a serious problem with relaying unsolicited email that it needs to be address by the remote email administrator to correct the security problem in their systems.
Keep in mind, it is very easy to make a white list entry now for your domain. And, white listing sources that you receive unsolicited email from can result in the amount of spam you receive directly without it being trapped in the UITB.com system increasing. Paying proper attention to the details provided for each potential white list source while on the Confirm White Listing page will help considerably in making an informed choice about what to white list and what not to white list.
In the future, features will be added to analyze the affect your white lists are having on your email as well as additional further management functionality for more direct control of the white lists for your domain.
Let us know how this new functionality works for you. Feedback and suggestions are invaluable to our efforts. Though we know now what other functionality we want to add to the system, obviously your feedback provides a large influence on the direction of further development we do in the UITB.com system.
The Support section of the Deep Sky Tech. web site has had many changes and additions in the last few months. The Support section is available to all users by following the Support link from anywhere on our web site. It can be accessed directly using the following URL:
As previously mentioned, all issues of the SNL have been posted to the Support section of the web site. The SNLs are available in full for all users to view and read. This makes it very easy for you to refer back to content in previous issues of the Services Newsletter at any time. As well, since the content of the SNLs are a great resource of information for all users, it is a simple matter to refer others to the Support section of our web site to read the exact same material.
The Email Support section has been completely updated, as well. These pages provide detailed instructions, with pictures, of all of the currently major email client software available to use the servers at Deep Sky Tech. to access email. Many additions have been made to this area to account for new email client software, including updated versions of previously available email client software instructions. The instructions have all been revamped, too, to set the email client software for secure sending of email through the email servers at Deep Sky Tech. (as opposeed to using your local ISP's SMTP server). This provides a direct means for making email client software settings that will work from anywhere in the world without any changes.
As existed before, there are sections in the Support area of our web site for general information about unsolicited email (spam) and how to report spam you receive directly to our Abuse department. Reading these instructions, and helping fight unsolicited email by reporting it to us, is a significant step to helping us in all of the spam fighting endeavors we have undertaken.
To help report unsolicited email automatically to our Abuse department, there is a section of the Support section of our web site that contains scripts and tools for different email client software. These scripts automate the process of reporting unsolicited email to us, making it as simple as selecting the emails in your email client to report and running the script. Detailed instructions for installing and using these scripts are provided as well as links to download the scripts for use on your machine.
Please be certain that as many users are reporting unsolicited email to our Abuse department as is possible. Using the scripts mentioned above makes this process considerably simpler. For now, scripts are available for only different email client software that run on the Macintosh platform. But, in the future, we will make available the tools for different Windows based email client software for doing the exact same task just as easily.
With the latest updates to internal systems at Deep Sky Tech., in particular the UITB.com system, we are now through probably the most difficult period in the history of our firm. Unsolicited email is unfortunately a part of the online world which literally threatens the long term viability of the internet. We still have a lot more work to do, but the main pieces of the systems to control unsolicited email and provide us with the data we need to have a real affect on the amount of unsolicited email in the world are now fully online and functional.
The remainder of this month will be spent catching up on support issues we have in our backlog of tasks for customers at Deep Sky Tech. As well, some minor feature additions to existing systems and other assorted tasks will be worked on to move all of our services forward.
On Friday, August 15th, 2003, the whole staff of Deep Sky Tech. will be taking the afternoon off for a group meeting at our favorite local crab shack. This is one of those places where the formal tables have newspaper covering them, food is brought to you in buckets and preferably still moving, and it is all freshly caught straight from the water outside the front door of the restaurant. It is a great place to relax and gives all of us time to go over our future tasks. A favorite line to say at this restaurant must be: 'Another bucket for monsieur ?' So, in case you need to reach anyone in the office Friday afternoon, please leave a message on our voicemail and we will get back to you as soon as we return.
As always, if you have any questions about any of these items, feel free to contact us at your earliest convenience.
Have a wonderful week.