Web site gives e-mail senders a reputation

A new Web site aims to help determine whether a specific computer has been sending legitimate e-mail or spam.

The TrustedSource Web site uses data from reputation filters, which are billed as the next big thing in e-mail security. Makers of spam-fighting tools collect data on e-mail senders and use that to assign "reputations" to e-mail sending computers and Internet domains. Those who send a lot of spam get a negative rating and their messages are more likely to be filtered out.

CipherTrust is one of those e-mail security vendors. The Alpharetta, Ga., company has sold more than 4,000 of its IronMail appliances to customers worldwide. CipherTrust is now sharing some of the reputation data it has gathered through those machines with the public through the TrustedSource Web site, the company announced Monday.

The Web site is designed to be a reference tool. Entering a domain name--cnet.com, for example--generates a list of the Internet Protocol addresses of machines that send e-mail for that domain. Users can then drill down and click on each sending address to see if the specific machine has been sending junk mail or legitimate messages.

TrustedSource could be useful for the occasional check, for example when configuring a spam filter or just to learn the reputation associated with a specific domain. It may be more helpful for organizations to identify which systems on their networks are sending e-mail, said Dmitri Alperovitch, a research engineer at CipherTrust. Typically, on a corporate network, only designated e-mail servers should be sending e-mail.

"Often companies don't realize that they have zombie machines on their network that have been sending e-mail," Alperovitch said. Zombie machines are computers that have been commandeered by cybercriminals and used to send spam.

The Web site also provides information on the adoption of fledgling e-mail authentication technologies. There are lists of Internet domains that send e-mail using DomainKeys Identified Mail and Sender ID. Both technologies are designed to improve spam filters and prevent the fraudulent spoofing of e-mail addresses.

TrustedSource can help IT staff implement Sender ID, or to make sure that the implementation was done properly. Sender ID requires a so-called Sender Policy Framework, or SPF, record. This record should list the IP addresses of computers that may send e-mail on behalf of a domain. TrustedSource lists all the IP addresses that are actually sending mail.

In addition to the TrustedSource Web site, CipherTrust on Monday also released two new antispam products, which both use reputation services to filter out unwanted mail:

• The IronMail Gateway 6.0 is an improved version of CipherTrust's e-mail scanning appliance. It offers better enterprise integration, implementation, management and reporting features than its predecessor, according to CipherTrust.

• IronMail Edge is a new first line of defense against bad e-mail. The appliance--designed for large enterprises--scans e-mail at the outer edge of a company's network, preventing unwanted traffic from using up valuable bandwidth.

[jasonemanuelson1]

If people could afford IronPort mail servers

If IronPort would make their servers affordable, then it would be
much more widely adopted, but as long as their mailservers run
in the range of $50,000, then how can normal businesses be
expected to do this?