EmailSafety.net - Verizon's weird antispam science

Verizon's weird antispam science

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

IDG Related content

Missouri lender weans itself off faxes, paper documents with eCopy
Computerworld Inc.

Desktop virtualization: Making PCs manageable
Computerworld Inc.

Detroit law firm fends off 'nasty' VoIP problems
Computerworld Inc.

Community

Ballmer questions business strategy of Google

CEBIT - Scientists show thought-controlled computer

IBM search tool targets flying saucers, ghosts and goblins

All security forums

Mirror matter is just like everyday matter (and for that matter, antimatter), except it is as if it has been reflected in a mirror and consequently has some weird properties.

Read the latest WhitePaper - Veritas Configuration Manager by Symantec Real-time, Accurate Application and Server Configuration Information for Your Enterprise CMDB

Here in the IT world, we have spam technologies and we have their opposite: antispam technologies. Then we have what Verizon is apparently doing, using mirror antispam technology -- what I shall henceforth call Alice-spam technology.

Alice-spam technology relies on doing something that looks like antispam technology but actually achieves something weirdly different. I was told the story of Verizon's weird science by reader Stephen Cannale of e-mail integrity assurance company OnlyMyEmail.

Here are the details: Verizon has a big spam problem, and its solution has been to use a technique called Sender Call-back (or Call-out) Verification (SCV).

SCV works like this: When you send e-mail to someone at a Verizon address your SMTP server will connect to the Verizon server to transfer your message. The Verizon server will keep the incoming SMTP connection open while it simultaneously opens another connection to your SMTP server to see if it will accept a message addressed to you.

If your SMTP server confirms within 30 seconds that it will accept the message -- in other words, that you exist -- then Verizon's server will accept your e-mail. If your SMTP server doesn't confirm that you exist or fails to respond in time your e-mail will be rejected, thus guarding against spoofing.

Sounds reasonable but . . . well, there's a lot of "buts."

First, the fact a server confirms an address doesn't mean that was who sent the message. Second, if the server being used for verification is overloaded then the 30-second window could be easily exceeded, which would cause the message to be rejected. Third, many servers handle multiple domains and are configured to verify any address, which defeats the whole purpose.

1 | 2 | Next >

Recent News:

· The State of Spam: What to Expect in 2009
· Twitter hit with phishing scam
· Psychic predictions for tech in 2009
· Watch out for hidden cookies
· Microsoft downplays Windows Media Player bug

Site Map | Recent News | Related Sites

Other stories on this topic

IDG Related content

Community