Messaging Anti-Abuse Working Group (MAAWG) Message Sender Reputation Concepts and Common Practices
|
|
- Doris Wade
- 5 years ago
- Views:
Transcription
1 Messaging Anti-Abuse Working Group (MAAWG) Message Sender Reputation Concepts and Common Practices Abstract Reputation is commonly defined as a measure of whether the populace at large has a generally favorable or unfavorable opinion of a person or entity. In Internet messaging, a sender s reputation reflects how responsible and trustworthy a person seems to be based on a variety of characteristics. Unlike the common definition, however, this form of reputation is based more on hard data than arbitrary interpretations and widespread opinion. Reputation assessors which could be a person, organization, or automated software agent - perform the necessary activities to collect that data and calculate sender reputation. This process is sometimes accomplished inhouse directly by the message service provider or performed by a contracted third-party. Message service providers can then refer to the assessment results to decide how to handle a sender s messages with the goal of keeping the message recipients safer and happier. This white paper describes the inherent concepts and common practices concerning the reputation systems used in Internet messaging but it is not a specification or a set of requirements for all reputation systems. The paper is intended for a general industry-related readership and assumes basic familiarity with Internet messaging systems. Contents ABSTRACT... 1 EXECUTIVE SUMMARY...2 INTRODUCTION...3 ASSESSMENT GOALS...3 RISK... 3 TRUST... 4 TRUST VS. RISK... 4 ASSESSMENT MODELS...5 THE BEHAVIORAL ASSESSMENT MODEL... 5 THE CERTIFICATION ASSESSMENT MODEL... 6 COMPARING THE TWO MODELS... 6 ASSESSMENT ALGORITHMS...7 COMMON INPUTS... 7 CALCULATION... 8 COMMON OUTPUTS AND RECOMMENDED ACTIONS... 8 CURRENT USE...8 FUTURE USE...9 CONCLUSION GLOSSARY REFERENCES Messaging Anti-Abuse Working Group MAAWG Messaging Anti-Abuse Working Group P.O. Box San Francisco, CA info@maawg.org
2 Executive Summary It takes many good deeds to build a good reputation, and only one bad one to lose it. - Benjamin Franklin Reputation is commonly defined as the estimation in which a person or thing is held. It is a measure of whether the populace at large has a generally favorable or unfavorable opinion of that person or entity. Brands take great care to establish and maintain their reputations in the minds of their customers. Factors such as quality, convenience and dependability all affect customer opinion. Reputation is usually defined within specific contexts. Therefore, a good reputation in the business world or in the minds of consumers does not necessarily carry over directly into Internet messaging. While a brand s good reputation within its general social environment might provide a small boost to its online standing, it is the brand s online behavior and the opinions of its message recipients that contribute to their Internet messaging reputation. Message service providers use Internet messaging reputation to provide a better user experience and reduce operating expenses. Messaging reputation predicts whether a sender s future messages will be abusive or not. Message service providers can make deliverability decisions based on the sender s reputation quickly, reducing message handling costs. Message filters can skip expensive filtering steps on messages from reputable senders, avoiding false positives and user frustration over s mistakenly sent to the junk folder, while efficiently rejecting messages from disreputable senders at the edge of the network. Message filtering based on reputation is more robust and flexible than traditional whitelisting and blacklisting. The wide range of reputation scores can be mapped to appropriately aggressive filtering actions. Senders have the option of engaging a reputation assessor a person, organization, or software agent that calculates a messaging reputation result in order to establish trust proactively. Otherwise the sender s reputation will develop organically as message providers and ISPs assessors passively observe their messaging behavior. Reputation is already a powerful tool for fighting messaging abuse. As more organizations adopt domain authentication mechanisms, such as DomainKeys Identified Mail (DKIM), Sender Identification Framework (Sender ID or SIDF) and Sender Policy Framework (SPF), reputation will become even more powerful as a way to establish greater trust. [For more information on authentication, see the MAAWG white paper Trust in Begins with Authentication ( Message system operators of all types should take steps to monitor and protect their reputation to ensure appropriate delivery of their messages. This may be achieved by monitoring and filtering outbound messages, ensuring the security of messaging infrastructure, receiving and acting on recipient complaints via feedback loops (FBL) from mailbox providers who offer them, and making use of third party reputation assessment and monitoring services. MAAWG Message Sender Reputation Concepts and Common Practices 2
3 Introduction Using online reputation is a powerful approach to combating Internet messaging abuse. Reputation predicts whether a sender s future messages will be abusive or not. Message service providers use the sender s reputation, the result of a quality assessment of the sender, to decide how to handle a message, instead of the qualities of the individual message itself. The two most common examples of data-driven reputation in the real world are credit scores and driving records. Credit agencies assess an individual s financial assets and history to arrive at a score. Financial institutions can then refer to the result of that assessment, the credit score, when deciding whether or not to lend money to the individual. Similarly, insurance companies do not give all drivers the same rate simply because they are licensed to drive. The insurer takes into account numerous factors about the driver, including the driver s record, to determine how high of a risk it would be to insure them and then sets the rate appropriately. In Internet messaging, the actors in a reputation system are analogous to these real word examples. There are reputation assessors who perform the same duties as a credit agency, assessing all the identities people, organizations, or any other accountable entity who attempt to send messages. Handling filters fill the role of the financial institutions, referencing the assessment results to make message delivery decisions. A person, an internal department, a third-party organization, or an automated software agent can all act as a reputation assessor. The largest message service providers tend to perform their own assessments internally. In those cases the assessor and handling filter are the same entity. Handling filters can also use the results of thirdparty assessors. Reputation is very flexible. Assessors can identify both trustworthy and malicious actors. Filters on both the sending and receiving side of message transactions can make decisions based on reputation. The assessment results can be very broad and general or very targeted and specific. Assessment Goals The goal of sender reputation assessment is to determine how trustworthy the sending identity is or to measure the risk that the identity s messages may cause distress or harm to recipients, or both. Understanding the differences among these goals is key to understanding the different ways in which reputation is assessed and applied. Risk The result of a risk assessment reveals the probability that future messages from a given identifier - a unique online string that refers to an identity, such as a domain name or IP address - will be abusive. Assessing risk is of great interest to the anti-abuse community. While malicious senders can produce an almost endless number of variations in message content, they are constrained to a much smaller number of sending identifiers. Determining the risk associated with a particular message stream allows filters to adjust their aggressiveness appropriately. As previously unknown vulnerabilities are exploited and malicious senders change their tactics without warning, the risk associated with message traffic can fluctuate greatly over a short period of time. Therefore, reputation systems that attempt to measure risk perform their assessments on either a continuous real-time basis or at very short intervals in order to provide the most accurate and up to date results. MAAWG Message Sender Reputation Concepts and Common Practices 3
4 Trust A trust assessment aims to determine how responsible the identity behind the identifier is and how capable the identity is at handling abuse issues that arise. Traditional whitelisting is an example of a trust assessment. As trust increases, any observed abuse may increasingly be considered as simply errors the sending identity can be relied upon to address rather than abusive behavior. While risk advises filters as to how aggressive they should be, trust advises filters as to what filtering mechanisms are appropriate to apply and which to ignore. For example, a handling filter might choose not to apply filtering mechanisms that control the rate an identifier can send messages, such as connection management or rate-limiting filters, to moderate or highly trusted identities. Yet it would continue to apply basic content filtering to identities at all trust levels. Obtaining a moderate level of trust could be as simple as providing valid contact information and requesting a feedback loop (FBL) of recipient complaints or other similar steps to differentiate a legitimate and responsible identity from a malicious and evasive one. Higher levels of trust might require a very rigorous security examination of the identity s physical infrastructure and any processes or policies involved in message submission and delivery or even some form of binding agreement. The nature of the identity can also play a role in trust assessments. For example, any organization whose messages are considered protected by law, such as political or religious organizations, might be considered highly trusted. Assessors also afford a high level of trust to government organizations, particularly law enforcement and public safety related groups. In contrast to risk, trust is a more stable value. It requires knowledge of the sending identity that is not likely to change at the same rapid rate as an attacker s tactics. Reputation systems that attempt to assess trust may do so in a discrete manner at longer intervals. Unfortunately, an entirely trustworthy identity may operate equipment which is susceptible to attack and control by untrustworthy actors. As a result, if the identity s behavior changes quickly and drastically, a risk assessment may temporarily override any trust assessment thereby reducing the potential harm caused by a security breach or similar issue. Trust vs. Risk Many reputation systems attempt to measure both trust and risk in an effort to provide the most accurate possible guidance to their clients. In those cases, reputation is the combination of organizational trust and message risk, as shown in Figure 1. Each reputation system will, of course, have its own specific policies, statistical thresholds and reputation levels. Depending on the capabilities of their clients, many will offer higher degrees of risk and trust granularity in order to fine tune and carefully target their recommendations. Figure 1: Organizational Trust vs. Message Risk At low trust levels, either little or nothing is known about the identity or it has an established history of irresponsible behavior. The default filtering mechanisms are applied and delivery is entirely dependent on the MAAWG Message Sender Reputation Concepts and Common Practices 4
5 assessed message risk. That is not to say that identities at low levels of trust are unable to deliver messages. If the volume and risk of messages is relatively low then few difficulties should be encountered. In the event of high-risk messages, identities at low trust levels are likely to be fully blocked, perhaps even permanently. Filtering becomes more targeted at medium trust levels, as the more trustworthy identities are exempted from the harshest default filtering mechanisms. High-risk messages might still result in strong filtering actions, but those actions are likely to persist for a shorter duration than they would against an identity at a lower level of trust. Identities at medium trust levels with a history of low-risk messages rarely experience delivery issues, if at all. Highly trusted identities are not usually subject to filtering, as any filtering actions would result in false positives. However, even highly trusted identities can be compromised and abused on rare occasions. Such identities are expected to address the issue swiftly. In the event of very high-risk messages, such as a phishing attack, the reputation assessor will recommend fully blocking the compromised identity until the issue is resolved. The difference between high trust and the lower levels of trust is that the assessor will immediately recommend full delivery once the highly trusted identity has addressed the issue. Identities at lower levels of trust can expect a period of heavier filtering following a similar compromise. Of course, a highly trusted identity that has constant abuse issues is not likely to remain highly trusted. Assessment Models Two models exist for assessing message sender reputation: the behavioral model and the certification model. At first glance, the two models are very similar. In both models, the author - the actor who creates the message content - sends a message through a responsible identity to a recipient. A handling filter decides whether or not to deliver this message to the recipient based on guidance from a reputation assessor, which might consult multiple reputation databases for assistance. Assessment and filtering can occur on both the sending and receiving side of the message transaction, or a third party vendor can perform assessments. However, the behavioral model acquires data reactively while the certification model requires active participation from the responsible identity. The Behavioral Assessment Model In the behavioral model, reputation assessors calculate a result in reaction to the messages an identifier sends. The result of this assessment is a prediction of the quality of future messages based on the observed quality of past messages. The assessor works in the background, basing its decisions on data from handling filters, feedback from recipients and any external data sources it deems appropriate perhaps even the output of other reputation systems. Figure 2: The Behavioral Assessment Model MAAWG Message Sender Reputation Concepts and Common Practices 5
6 The Certification Assessment Model In the certification model, the assessor plays more of a central role. The responsible identity initiates assessment by contacting the assessor directly. In this manner, the assessor can perform the assessment prior to the identity sending any messages. Moreover, the certification model allows the responsible identity to act cooperatively with the assessor to address any abuse issues on an ongoing basis. Figure 3: The Certification Assessment Model Comparing the Two Models Cooperation and interaction between the responsible identity and the reputation assessor allows the certification model to perform a more effective trust assessment than the behavioral model does. The responsible identity can provide information to the assessor that is not available in the behavioral model, such as documented polices or contact information, and the identity can work with the assessor to maintain their good standing. However, relying on the responsible identity to initiate and cooperate with the assessor causes scale problems. The responsible identity must both be aware that an assessment is needed and have the necessary resources to participate. Many identities will either lack the resources or not meet the high level of quality required. It is therefore unlikely that a certification model assessor will be able to provide comprehensive guidance to a handling filter. The behavioral model, on the other hand, makes no additional requirements of the responsible identity and places the entire burden of assessment on the assessor. While a responsible identity must cooperate with the assessor in the certification model, he cannot avoid assessment in the behavioral model. This makes the behavioral model more adept at dealing with malicious identities and assessing risk. The weakness of the behavioral model lies in its reactive nature. The behavioral model requires some amount of history in order to perform an assessment and therefore can lead to false positives and false negatives until the assessor collects sufficient data. As a result of the pros and cons of both models, many reputation systems are a hybrid of the two approaches. This allows the two models to act in a complementary fashion so that each can support and balance the other. Handling filters can then benefit from the results of both trust and risk assessments and make a well-informed delivery decision. MAAWG Message Sender Reputation Concepts and Common Practices 6
7 Assessment Algorithms The basic process at the heart of the reputation system is always the same, as shown in Figure 4, regardless of the algorithm used to calculate reputation. First, the assessor collects the relevant inputs and feeds them to the algorithm. The algorithm then performs its calculation and recommends an action to message handling filters. This may be done in an automated fashion, manually, or by some combination of the two. Figure 4: The Reputation Assessment Process Common Inputs Reputation systems with differing assessment goals will have different inputs contributing to their respective reputation algorithms. Risk assessments tend to rely mainly on objective message statistics, filtering results, and recipient feedback. Trust assessments may incorporate other, somewhat more subjective, elements such as the type of identity being assessed and the identity s documented policies and practices. Most of the industry expresses message statistics as a percentage or rate of relevant events compared to total message volume over a period of time. Commonly used relevant events include: Messages reported as false negatives by recipients (complaint rate) Filtered messages reported as false positives by recipients Messages attempted to nonexistent recipients (invalid recipient or bounce rate) Messages containing viruses or malware Messages judged as spam by handling filters Messages sent to spam trap addresses The most universal input is recipient complaints, often measured as a percentage of complaints to message volume over a period of time. This complaint rate metric is widely used by mailbox providers and service providers as a basic reputation assessment. Beyond the message statistics, inputs tend to be more binary in nature. Assessors might perform various security related tests of the identity s messaging infrastructure, such as open relay or proxy tests, and include the test results as binary pass/fail inputs. Additionally, assessors might require compliance with certain industry best practices related to abuse handling or mailing list hygiene. The output of other reputation systems, such as a third party whitelist or blacklist, might also be included as input to an algorithm. MAAWG Message Sender Reputation Concepts and Common Practices 7
8 Calculation The complexity of assessment algorithms varies greatly across the industry. The simplest are a single metric compared against various thresholds or a checklist of policy-related questions. The more complex algorithms involve sophisticated machine-learning equations with a dozen or more inputs. The exact details of the more complex algorithms are often considered very valuable intellectual property and are kept secret. Regardless of how tamper-resistant they might be, there is always a chance that a malicious actor could learn to manipulate the algorithm to gain a more favorable result if the algorithm details were known. In general, the algorithm compares the individual inputs against various thresholds to determine where the identity falls in the trust or risk spectrum. The assessor sets the thresholds based on its own research and will vary those thresholds over time as further research dictates. When multiple inputs are used, the algorithm combines the individual results to reach a single final result. An algorithm might also give greater importance to some individual inputs in the final result due to a higher degree of relevance, accuracy or reliability. Common Outputs and Recommended Actions The most basic output of a reputation calculation is inclusion in a whitelist, resulting in successful delivery of all messages, or a blacklist, resulting in all messages being blocked. These are very coarse-grained, binary results. The main issue here is that all identities do not fall neatly into the white or black categories. Providing only this very coarse level of output leaves handling filters with a significant grey area to evaluate without guidance. More finely-grained assessment results allow assessors to recommend more specific actions of appropriate aggressiveness to handling filters. In this manner, assessors can subdivide the grey area into various shades of grey and handling filters can achieve a greater filtering accuracy. These actions include temporary blocks of varying duration, varying degrees of content filtering, rate-limiting of varying restrictiveness, etc. In addition to the wide variety of filtering actions that an algorithm can recommend, it may also confer additional benefits beyond successful delivery of identities deemed to have sufficiently high trust and low risk. These benefits often involve the activation of user interface features that mailbox providers would otherwise disable by default to protect the privacy and safety of recipients. Most commonly this includes the rendering of rich media elements (images, video, etc.) and hyperlinks to external resources that are embedded in the message. At the highest levels of trust and lowest levels of risk, the handling filter might even mark the messages in a distinctive manner indicating to the recipient that the messages are safe and trustworthy. Similarly, at the lowest levels of trust and highest levels of risk, messages may be marked in a manner indicating that the messages are dangerous. Current Use Most mailbox providers make use of reputation to some extent in their messaging infrastructure, although the degree of use and level of sophistication varies greatly across the industry. IP addresses are the most commonly used identifier, as it is trivial for a malicious identity to forge any of the other identifiers in a message. However, assessments based on IP addresses can sometimes cause false positives and false negatives as ownership is transferred to a new identity or multiple identities all use the same IP address for message transmission. IP address-based assessments can also be redundant, as a single identity might use multiple IP addresses for message transmission. MAAWG Message Sender Reputation Concepts and Common Practices 8
9 The largest mailbox providers tend to have their own internally developed and operated reputation systems. In those cases the assessor and handling filter are the same entity. The algorithm can be customized so that its output is specific to the provider s filtering strategy and is tightly coupled to its handling filters. In general, the next smaller tier of mailbox providers - particularly North American cable operators utilize third-party filtering and reputation systems, combining and customizing various assessments to implement a strategy appropriate for their particular customers and business needs. Other providers approaches vary more widely, from extremely sophisticated customized machine learning algorithms to black box filtering appliances to filters and block lists tuned by hand daily. Reputation is also used on the sending side of message transmission. Mailbox providers and service providers assess the reputations of their users and clients. The results of those assessments are used to filter outbound mail in order to protect the provider s own reputation as calculated by other providers and assessors. Future Use Authenticated identifiers will come into more prominent use in the future. The use of domain authentication technologies, such as DomainKeys Identified Mail (DKIM), Sender Identification Framework (Sender ID or SIDF), and Sender Policy Framework (SPF) will provide domain-based identifiers that will not suffer from the same issues as IP addresses. The identifiers will be more stable over time and their granularity will be more aligned with their responsible identities. This will lead to both more accurate assessment results and greater opportunities to establish trust. Responsible identities must first deploy these new domain authentication technologies in their messaging infrastructure in order to gain any benefits, but this can be a challenging process. Any such major addition to infrastructure requires the resources to build and then maintain them. Additionally, there is the question of which authentication technologies and with what configurations and policies a given organization should deploy to gain the best reputation possible. Domain authentication will also bring new challenges for reputation assessors and handling filters beyond the required infrastructure changes. A single message may potentially contain multiple authenticated identifiers, each of which may have their own distinct reputations. This raises the question of what actions an assessor should recommend in the face of conflicting reputations. The industry will develop best practices around how to handle these cases over time based on real-world experience, and thus further discussion is left for a future paper on the topic. Trusted third parties are expected to provide identity class or membership data in the future. An identity s class denotes the organization type of the identity, such as an Internet service provider (ISP), university, or financial institution. Membership reveals an identity s affiliation with a group, such as U.S. Federal Deposit Insurance Corporation (FDIC) member banks. While this type of data may not be useful in a binary whitelist or blacklist, it should permit assessors and handling filters to treat different types of identities more appropriately rather than subjecting every identifier to the same assessment criteria and filtering mechanisms. Assessors can also use this raw membership data to confer appropriate amounts of trust along the chain. For example, a government agency might publish a list of all the valid identifiers used by members of Congress or a political party might publish a list of all the valid identifiers to be used by all of their candidates in upcoming elections. The assessor can then include that information in their assessments of the published identifiers without collecting the data directly from the member identities. MAAWG Message Sender Reputation Concepts and Common Practices 9
10 Conclusion Reputation is already a powerful tool for fighting messaging abuse. As more identities adopt domain authentication mechanisms, reputation will become even more powerful as a way to establish greater trust. Message system operators of all types should take steps to monitor and protect their reputation to ensure appropriate delivery of their messages. This may be achieved by monitoring and filtering outbound messages, ensuring the security of messaging infrastructure, receiving and acting on recipient complaints via feedback loops (FBL) from mailbox providers who offer them, and making use of third party reputation assessment and monitoring services. Glossary certification: An assessment of an identity s reputation at their behest. handling filters: A software agent that makes delivery decisions in an internet messaging system. history: The objective statistics of behavior for an identifier online. identifier: A unique online string that refers to an identity. Examples: domain name, address, IP address. identity: A real person, organization, or other accountable entity. reputation: The result of any quality assessment of an identity. reputation assessor: A person, organization, or software agent that calculates reputation. The assessor could be an internal party of either the sending or receiving message service provider or a third party. References DomainKeys Identified Mail (DKIM) Development, Deployment and Operations DomainKeys Identified Mail (DKIM) Signatures Sender ID: Authenticating Sender Reputation in a Large Webmail Service Sender Policy Framework (SPF) for Authorizing Use of Domains in MAAWG Message Sender Reputation Concepts and Common Practices 10
Authentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER
Email Authentication GUIDE Frequently Asked QUES T ION S T OGETHER STRONGER EMAIL AUTHENTICATION Marketers that use email for communication and transactional purposes should adopt and use identification
More informationIntroduction to Antispam Practices
By Alina P Published: 2007-06-11 18:34 Introduction to Antispam Practices According to a research conducted by Microsoft and published by the Radicati Group, the percentage held by spam in the total number
More informationIntroduction. Logging in. WebMail User Guide
Introduction modusmail s WebMail allows you to access and manage your email, quarantine contents and your mailbox settings through the Internet. This user guide will walk you through each of the tasks
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationGetting into Gmail and other inboxes: A marketer's guide to the toughest spam filters
FulcrumTech Email Marketing Results You Can Measure Getting into Gmail and other email inboxes: A marketer's guide to the toughest spam filters What Really Determines Inbox Engagement? Do Internet service
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationOptimization of your deliverability: set up & best practices. Jonathan Wuurman, ACTITO Evangelist
Optimization of your email deliverability: set up & best practices Jonathan Wuurman, ACTITO Evangelist ACTITO Webinar Tour Replays & presentations available at www.actito.com/nl Our mission We help our
More informationbuilding an effective action plan for the Department of Homeland Security
Customer Guide building an effective action plan for the Department of Homeland Security Binding The recently issued directive from the Department of Homeland Security (DHS), Binding Operational Directive
More informationSender Reputation Filtering
This chapter contains the following sections: Overview of, on page 1 SenderBase Reputation Service, on page 1 Editing Score Thresholds for a Listener, on page 4 Entering Low SBRS Scores in the Message
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationEasy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.
Security Solutions Our security suite protects against email spam, viruses, web-based threats and spyware while delivering disaster recovery, giving you peace of mind so you can focus on what matters most:
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationConfiguration Section
8 Configuration Section MailCleaner can be easily customized to fit your needs and your working style. The Configuration menu contains six sections: Interface, Address groups, Address settings, Quarantine
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationBuilding a Scalable, Service-Centric Sender Policy Framework (SPF) System
Valimail White Paper February 2018 Building a Scalable, Service-Centric Sender Policy Framework (SPF) System Introduction Sender Policy Framework (SPF) is the protocol by which the owners of a domain can
More informationCorrelation and Phishing
A Trend Micro Research Paper Email Correlation and Phishing How Big Data Analytics Identifies Malicious Messages RungChi Chen Contents Introduction... 3 Phishing in 2013... 3 The State of Email Authentication...
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationExtract of Summary and Key details of Symantec.cloud Health check Report
SYMANTEC.CLOUD EXAMPLE HEALTH CHECK SUMMARY REPORT COMPUTER SECURITY TECHNOLOGY LTD. 8-9 Lovat lane, London, London. EC3R 8DW. Tel: 0207 621 9740. Email: info@cstl.com WWW.CSTL.COM Customer: - REDACTED
More informationComparing Management Systems that Protect Against Spam, Viruses, Malware and Phishing Attacks
Comparing Email Management Systems that Protect Against Spam, An Osterman Research White Paper Published December 2006 Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone:
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationDeliverability Terms
Email Deliverability Terms The Purpose of this Document Deliverability is an important piece to any email marketing strategy, but keeping up with the growing number of email terms can be tiring. To help
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationEnterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE
VOLUME 1, SECTION 5.7: SECURE MANAGED EMAIL SERVICE 5.7 SECURE MANAGED EMAIL SERVICE (SMES) [C.2.10.8] The Level 3 Team s (SMES) will meet or exceed the Government s requirements for SMES, as defined in
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationFactors that Impact Deliverability
Factors that Impact Deliverability Thank you for joining us. Audio: Select Use Mic & Speakers to use VOIP or Use Telephone to get dial in number and access code. If using VOIP, it is recommended that you
More informationThe Challenge of Spam An Internet Society Public Policy Briefing
The Challenge of Spam An Internet Society Public Policy Briefing 30 October 2015 Introduction Spam email, those unsolicited email messages we find cluttering our inboxes, are a challenge for Internet users,
More informationTRAPS ADVANCED ENDPOINT PROTECTION
TRAPS ADVANCED ENDPOINT PROTECTION Technology Overview Palo Alto Networks White Paper Most organizations deploy a number of security products to protect their endpoints, including one or more traditional
More informationMcAfee Total Protection for Data Loss Prevention
McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure
More informationSession 5311 Critical Testing Programs for Security Operations
Session 5311 Critical Testing Programs for Security Operations Introduction Neil Lakomiak UL Rodney Thayer Smithee Spelvin Agnew & Plinge, Inc. Coleman Wolf Environmental Systems Design, Inc. Testing Programs
More informationFast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009
Fast Flux Hosting Final Report GNSO Council Meeting 13 August 2009 1 January 2008: SAC 025 Fast Flux Hosting and DNS Characterizes Fast Flux (FF) as an evasion technique that enables cybercriminals to
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationCA Host-Based Intrusion Prevention System r8
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS A STAND-ALONE FIREWALL WITH INTRUSION DETECTION
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationThe Mimecast Security Risk Assessment Quarterly Report May 2017
The Mimecast Email Security Risk Assessment Quarterly Report May 2017 The Mimecast Email Security Risk Assessment Quarterly Report May 2017 Many organizations think their current email security systems
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationWHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION
WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION 2 Web application firewalls (WAFs) entered the security market at the turn of the century as web apps became increasingly
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationAcceptable Use Policy (AUP)
Acceptable Use Policy (AUP) Questions regarding this policy and complaints of violations of this policy by PLAINS INTERNET users can be directed to support@plainsinternet.com. Introduction Plains Internet
More informationWithin the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):
Privacy Policy Introduction Ikano S.A. ( Ikano ) respects your privacy and is committed to protect your Personal Data by being compliant with this privacy policy ( Policy ). In addition to Ikano, this
More informationFigure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues
1 Managing the Security Function Chapter 11 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Top Management Support Top-Management security awareness briefing (emphasis on brief)
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationThe data quality trends report
Report The 2015 email data quality trends report How organizations today are managing and using email Table of contents: Summary...1 Research methodology...1 Key findings...2 Email collection and database
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationCyberspace : Privacy and Security Issues
Cyberspace : Privacy and Security Issues Chandan Mazumdar Professor, Dept. of Computer Sc. & Engg Coordinator, Centre for Distributed Computing Jadavpur University November 4, 2017 Agenda Cyberspace Privacy
More informationGLBA. The Gramm-Leach-Bliley Act
GLBA The Gramm-Leach-Bliley Act Table of content Introduction 03 Who is affected by GLBA? 06 Why should my organization comply with GLBA? 07 What does GLBA require for email compliance? 08 How can my organization
More informationElectronic Network Acceptable Use Policy
Electronic Network Acceptable Use Policy 2016-2017 www.timothychristian.com ELECTRONIC NETWORK ACCEPTABLE USE POLICY Electronic Network This Policy is intended to serve as a guide to the scope of TCS s
More informationTERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE
TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE 1. General The term PPS refers to: Professional Provident Society Holdings Trust, (The Holding Trust); Professional
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationTop 10 Deliverability Best Practices. #ActOnSW
Top 10 Deliverability Best Practices Today s Presenter David Fowler Act-On Chief Privacy & Deliverability Officer david.fowler@act-on.net Agenda The Deliverability Ecosystem Top 10 Best Practices Common
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationGlenwood Telecommunications, Inc. Acceptable Use Policy (AUP)
Glenwood Telecommunications, Inc. Acceptable Use Policy (AUP) All customers should read this document. You are responsible for the policy written here, and your account WILL BE DISABLED WITHOUT WARNING
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationMaropost s Ten Step Guide to Arriving in the Inbox
Maropost s Ten Step Guide to Arriving in the Inbox Segmented, Sent, Delivered? Maropost s Ten Step Guide to Arriving in the Inbox Of the more than 450 billion emails sent out every day, over 85% are considered
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationProtect Your End-of-Life Windows Server 2003 Operating System
Protect Your End-of-Life Windows Server 2003 Operating System Your guide to mitigating risks in your Windows Server 2003 Systems after the end of support End of Support is Not the End of Business When
More informationChapter 4. Fundamental Concepts and Models
Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationDigital Messaging Center Feature List
Digital Messaging Center Feature List Connecting Brands to Consumers Teradata Overview INTEGRATED DIGITAL MESSAGING Deliver Digital Messages with Personalized Precision Teradata s Digital Messaging Center
More informationAccount Customer Portal Manual
Account Customer Portal Manual Table of Contents Introduction Dashboard Section Reporting Section My Settings Section My Account Section Billing Section Help Section 2 4 7 15 20 25 27 1 Introduction SMTP
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationImplementation Guide for Delivery Notification in Direct
Implementation Guide for Delivery Notification in Direct Contents Change Control... 2 Status of this Guide... 3 Introduction... 3 Overview... 3 Requirements... 3 1.0 Delivery Notification Messages... 4
More informationGET THE MOST OUT OF YOUR MARKETING Best Practices. 10 November 2016
GET THE MOST OUT OF YOUR EMAIL MARKETING Best Practices 10 November 2016 01 02 03 AGENDA How to get the most out of your emails Content & List Hygiene Customer Service Deliverability Compliance Current
More informationTable of content. Authentication Domain Subscribers Content Sending practices Conclusion...
A User Guide Before sending your carefully-crafted email campaigns, it s important to first understand a few basic ideas and rules of email marketing to ensure your campaigns are successful. To achieve
More informationM 3 AAWG DMARC Training Series. Mike Adkins, Paul Midgen DMARC.org October 22, 2012
M 3 AAWG DMARC Training Series Mike Adkins, Paul Midgen DMARC.org October 22, 2012 M3AAWG DMARC Training Videos (2.5 hours of training) This is Segment 6 of 6 The complete series of DMARC training videos
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationUsing Centralized Security Reporting
This chapter contains the following sections: Centralized Email Reporting Overview, on page 1 Setting Up Centralized Email Reporting, on page 2 Working with Email Report Data, on page 4 Understanding the
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationEvaluating DMARC Effectiveness for the Financial Services Industry
Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC
More informationSECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE
SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 8 9 10 11 12 14 15 16 INTRODUCTION THREATS RISK MITIGATION REFERENCE ARCHITECTURE
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationManaging SSL/TLS Traffic Flows
Some protocols, such as HTTPS, use Secure Sockets Layer (SSL) or its follow-on version, Transport Layer Security (TLS), to encrypt traffic for secure transmissions. Because encrypted traffic cannot be
More informationImplementing Electronic Signature Solutions 11/10/2015
Implementing Electronic Signature Solutions 11/10/2015 Agenda Methodology, Framework & Approach: High-Level Overarching Parameters Regarding Electronic Service Delivery Business Analysis & Risk Assessment
More informationUsing GRC for PCI DSS Compliance
Using GRC for PCI DSS Compliance The ongoing struggle to protect sensitive credit card data will continue to escalate. Increasingly sophisticated attacks have targeted financial institutions of all sizes,
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More informationIP Reputation Exchange security research
IP Reputation Exchange e-mail security research Prof. Dr. Norbert Pohlmann Institute for Internet Security if(is) University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de Content
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationSingle device test requirements for reliable CAN-Based multi-vendor networks
Single device test requirements for reliable CAN-Based multi-vendor networks Peter P. Dierauer By building a system with an open device-level network, the system designer has the option to choose devices
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationMo Metrics, Mo Problems? Our guide to marketing metrics
Mo Metrics, Mo Problems? Our guide to email marketing metrics Number crunching isn t for everyone, so it s not surprising to find many marketers often avoid any kind of in-depth analysis on their email
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More information