Gmail open relay exploit?

A vulnerability report posted to the BugTraq section of the SecurityFocus website suggests that Gmail smtp servers can be abused by spammers. For the moment the exact details of the attack are not being disclosed to give Google an opportunity to respond to these claims.

The report gives a high level description of the vulnerability as follows:

This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers.

Pablo Ximenes claims that this technique can be used to circumvent spam filters that use whitelists and that they've developed a proof of concept attack that enabled them to e-mail out forged messages without any rate restrictions.

MailChannels a finalist for the BCTIA Technology Impact Awards

The British Columbia Technology Industry Association (BCTIA) hands out awards every June at its annual barbecue to recognize companies in the region that have contributed to the advancement of the technology industry here in our corner of the world. I am pleased to announce that MailChannels has been selected as a finalist for the "Best Application of Technology" award, in recognition of our success in stopping spam using our Traffic Control software.

Here's a link to the BCTIA press release.

Customer: "My spam volume is down - is it you guys?"

MailChannels tracks (in real-time) the email flows hitting our customers worldwide. We use this data to establish a fairly comprehensive reputation score for IP addresses we have seen many times - mostly as a method for automatically "whitelisting" IPs which have a long track record of sending good email.
Recently, a customer of ours asked us to prepare some historical data showing the performance of Traffic Control at their site over time. We were somewhat surprised to see that the volume of connections they receive each day has dropped to just a third of what it was last September.
What has caused this drop? We're not really sure, but here are some ideas:

• Spammers have chosen to "blacklist" this customer's servers, because they are noticing the customer is slowing down most spam-bot connections;
• Global spam volume is down by two-thirds (haven't seen this with other customers, so we don't think it's likely the case); or,
  
• The recent demise of a few well-hyped botnets because of Microsoft's ongoing efforts to patch up Windows XP.

What do you think? Why is this customer getting so much less spam?

Post #8 on Why Spam Filters Suck "trickle blog" series

Dealing spammers a blow

ISPs have recently been getting a lot of criticism for traffic shaping P2P file sharers. While we can argue over whether this is excessive or not, they have been doing this primarily for legitimate reasons, to reduce the impact of resource hogging users on the rest of their network.

The same technique can also have a positive impact on email, SMTP traffic shaping essentially puts shackles on email's heaviest users­ the spammers ­who have a voracious appetite for broadband capacity. Slowing down unknown senders causes the greatest harm for spammers who need to circulate their messages as quickly as possible. In fact during peak-load times, 90% of spammers go away after 10 seconds of being put in the slow lane.

Using traffic shaping, senders of spam are literally restricted from delivering packets to the network. This slowing down approach works by shaping the TCP connection and implements in a way similar to that of a network load-balancing device.

Unlike other traffic based spam protection, traffic shaping is not about putting limits on the quantity of emails from a sender (spammers can get around this easily by sending fewer emails per zombie). In comparison, true "shaping" literally slows down suspicious email delivery to a trickle (like 3 kbps) -- effectively stopping spam from flooding in and eliminating processing delays. Then senders with good reputation can be dispatched on a fast connection and given higher service priority.

The result is a clean mail stream of less than 25 per cent its original volume.

Next post: Real world scenarios

Post #7 on Why Spam Filters Suck "trickle blog" series

Slowing things down

The problem is, typical email systems work in a queue. This means that high spam traffic clogs your network and crowds out legitimate mail. Botnets pour messages into your network, and mail servers receive the messages as quickly as they can. Next, the spam filter analyzes and tries to filter out any messages that appear to be spam.

Filters are effective at separating spam from email but do nothing to stop the rising volume of SMTP connections hammering the server. When spam traffic rises, the server becomes overloaded and results in delivery delays for all email, similar to how a backlogged exit ramp can impede the flow of traffic on a highway during peak hours.

Today, Internet facing email servers accept thousands of emails per minute. As spam volume increases, so too does the CPU required to process all that mail. The blunt solution is to scale hardware to keep up with volume but this is a one-to-one cost -- ­ the more volume, the more servers are needed.

The fact is spam filters aren't getting a whole lot more accurate, and it certainly doesn't help that blocking spam is a reactive approach­ -- a sender needs to be identified first before rules or signatures are updated. Filters will always be playing catch up with the spammers.

If you block based on reputation, what do you do when a new spam campaign breaks out and the sender has never been seen before?

What is needed is a way to get rid of the spam and prioritize legitimate mail without having to receive all the messages first or know who the bad senders are before hand.

To use the highway analogy, what if you could put good senders in an express lane and the spammers in the slow lane so that legitimate email can be delivered first?

Next post: Dealing a blow to spammers