MAP is Spam’s Simple Answer

Steven Trupp says that current spam propogation measures are so primitive that a simple piece of software can solve most of the problem.

Steven Trupp, president of Bohemia, NY-based ICS Network Systems, has been observing the spam problem for some time. The company’s Mail Sentry Gateway service, which provides anti-spam, anti-virus, and anti-relay protection for corporate networks, processes a great deal of email traffic. Of necessity, it built its own spam fighting solution.

The company’s Mail Authentication Protocol (MAP) simply checks to see whether an email received at a server with the MAP milter plugin has a valid sender address. MAP validates the complete sender address at the MX host for the sender’s domain (or the domain’s A record host if no MX record is published).

On November 13, 2003, for a typical client, MAP rejected about 50 percent of the company’s mail (presumably letting some spam through). Of that, 31 percent was rejected because the MX host for the sender’s domain confirmed the sender’s address was false. 26 percent of rejected mail was forged as coming from Hotmail, Yahoo, MSN, or AOL. Another 26 percent was rejected because MAP could not connect to an SMTP server at the sender’s domain. 11 percent of rejected mail was blacklisted. The remaining 6 percent was on hold due to various errors, possibly benign, returned by the MX host.

Trupp says the mail catches the vast majority of spammers, who are not willing to include a valid sender address in their spam. “You cannot just use any fake email address appended to a valid domain to get around MAP,” he says. He adds that spammers find that faking email addresses gets around a surprising number of filters.

Trupp says that traditional anti-spam measures are being foiled by proxy spam. Whether individuals are actually being paid to spam from their home accounts, or whether their home accounts and PCs have been taken over, he does not know, but he suspects the former. He is certain that a significant amount of spam now comes from home PCs running their own SMTP engine. The source IPs are clearly those assigned dynamically to individual subscribers by the large broadband providers, especially cable ISPs. This new source of spam is increasing at an alarming rate.

Because spam has changed from being a high-volume, single source problem to being a small-volume, multi-source problem, traditional blacklists don’t work anymore. Spammers no longer send from their own domain. “Spammers are soliciting people to work from home for money,” he says. And in the current economy, he believes many would accept the offer.

MAP includes whitelist and blacklist features. Trupp says whitelists are useful, but users sometimes get frustrated with the blacklists. He says that spam coming off the cable networks has a valid, dynamic IP address. Blacklisting that IP address has little or no effect on spam. “Some customers get frustrated because there’s stuff they don’t want to see, so they add 800 IP addresses to the blacklist in the first week, and it doesn’t change much.”

Nevertheless, some high-volume spammers still exist, and they will be frustrated by MAP. “Some spammers will send 1,000 emails in a single connection and use multiple connections. If the spammer has not provisioned an MX host that can actually receive a return email, each time he connects and I connect back to the MX host to verify an address, he waits 20 seconds for MAP to time out. Spammers face the same penalty that I’m incurring by checking them.”

After implementation, Trupp advises customers to wait for several days collecting statistics on how the MAP engine handles the customer’s traffic. The MAP engine will probably be blocking some mail it shouldn’t.

Customers need to learn which mail types need special treatment. “If someone’s using Monster.com for recruiting, they may need to whitelist the address that receives the mail about monster.com because a lot of it will come from domains other than Monster, such as AOL.”

MAP’s future seems to lie in becoming a component of another anti-spam solution, or a complement to several. Blocking forged mail pretending to come from large, known ISPs could be a business by itself, and is a useful idea.

Pricing and availability
MAP is available now directly from ICS as a milter plugin (pricing not public at press time) or as a component of the company’s Mail Sentry Gateway service.

The price for Mail Sentry Gateway is $250 for up to 50,000 messages per month. Trupp says that since the software relies on his servers, he has to charge based on his costs. “We’ve had no pushback from customers since we switched from per-user to per-message pricing, even from customers whose invoice amounts tripled.”

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource