Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Topics

 

Email Spam

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Email Throttling

What is Spam

Whitelists and Blacklists

 

 

Email Authentication using Recipient Verification

 

Spammers dispatch spam emails to millions of email accounts. A common spammer technique is to send email to unknown accounts in the hope that a user exists. For example if I wanted to spam lots of accounts, I would attempt to spam common names and domains such as HarryPotter@domain.com, and if this is not a valid account, I would attempt different variations such as H.Potter@domain.com, HPotter@domain.com, and so on. Hopefully for the spammer, one of these accounts will be a real and live account.

Another problem similar to the above is directory harvesting attacks where spammers learn whether a recipient is a valid account, usually gathering such information and selling this on.

These can become a serious issue for a company. If your email security was to process every email for none existent users, this can very quickly bog down your email security resources as well as taking up bandwidth.

To counter attack the problem, a feature known as recipient verification was introduced. How recipient verification works is, before an email is accepted for further spam checks, the email filter will check if the recipient of the email is actually for a user that exists within its organisation. If the email exists, then the message will be accepted for further processing, and if the recipient does not exist, the email is dropped. This is an extremely powerful feature, and usually drops over 50% of email, which is why it proves to be widely popular feature with anti-spam vendors.

There's various ways to check if a recipient in an email is actually a real user via different recipient based authentication checks using protocols and authentication databases such as LDAP, Radius, SMTP, IMAP and POP3. LDAP is the most popular option. Many companies already have an Active Directory database, so is all that is needed is LDAP configured on the email anti-spam solution to be able to verify users on the database.

Further Reading

Wikipedia's guide to email authentication