Aunty Spam's
Slam a Spammer Blog

Home RSS Archives Aunty's CAN-SPAM eBook with FREE pdf! Spam & the Law Conference Add to My Yahoo! Subscribe with Bloglines
SEND A QUESTION OR COMPLIMENT TO AUNTY! BE SURE TO ADD THE .com AT THE END!

April 13, 2004

You Have the Right to Remain Silent.... Fingerprinting Email?

Posted 6 years, 6 months ago on April 13, 2004
You know those pesky bounce notices you get when a spammer forges your domain in a spam run? Hundreds, even thousands, of bounce notices sent by ISPs all over the world, kindly letting you know that the person to whom the mail was sent doesn't exist, is over quota, or is on vacation. Except that you don't really care, because nobody at your site actually sent the email to them. Of course, if the spammer forged an real live email account at your site, your user holding that email address may care very much, as their inbox is flooded with the secondary spam created by all of these bounce notices.

Well, the good folks over at Everyone.net have an interesting idea.

As was reported in InfoWorld today, Everyone.net has developed a technology which they call "Total Protection", which incorporates an aspect known as "Email Fingerprinting". The concept is fairly simple: Everyone.net will be adding a unique "fingerprint" header line to the headers of every single piece of outgoing email - that is email which originates from an Everyone.net server.

This fingerprint is intended to be part of the header set which is returned by receiving systems in their bounce notices. Everyone.net's plan is to care about bounces which contain their unique fingerprint, and to reject or otherwise not care about bounce notices which do not contain the fingerprint as, presumably, those bounce notices were the result of a spammer forging the Everyone.net domain, and were not really the result of email sent by someone through an Everyone.net server.

Nice, in theory, but will it work? Only time will tell, but one has to wonder what happens when receiving ISPs don't follow the generally accepted practices for bounce handling (and many of them don't). Does this mean that if an Everyone.net customer - let's say Joe Customer - sends email to their Aunt Tilly at isp.net, and it bounces because Aunt Tilly has moved on to another ISP, but isp.net doesn't return the fingerprint, that Joe will never know that Aunt Tilly did not receive her email?

And how exactly does this help you?

Well, it doesn't - all it really does is help Everyone.net to lessen the load on their own servers, by allowing them to reject out-of-hand bounce notices that aren't really about mail sent from their system (hopefully). Still, you have to applaud their ingenuity, and one has to wonder whether other ISPs will follow suit, and, if so, whether Everyone.net has already jumped on the patent bandwagon.




The trackback url for this post is http://www.aunty-spam.com/bblog/trackback.php/6/

Re: You Have the Right to Remain Silent.... Fingerprinting Email?

Posted 6 years, 6 months ago by Jeff Dougherty • • • Reply

Another thing that should be discussed is ISP's that "bounce" infected emails. Nowadays, most of the time the return email address is forged so bouncing the infected email really does no good except add to the increase in wasted bandwidth.

Trackback URL : http://www.aunty-spam.com/bblog/trackback.php/6/2/

Re: You Have the Right to Remain Silent.... Fingerprinting Email?

Posted 6 years, 6 months ago by Jeff Partridge • • • Reply

Not to mention that theose thousands of bounce messages end up in someone's over-stuffed mailbox!

Trackback URL : http://www.aunty-spam.com/bblog/trackback.php/6/3/

Re: You Have the Right to Remain Silent.... Fingerprinting Email?

Posted 6 years, 6 months ago by Josh • • • Reply

Sounds interesting.. Try it

Trackback URL : http://www.aunty-spam.com/bblog/trackback.php/6/4/

Add Comment

( to reply to a comment, click the reply link next to the comment )

 
Comment Title
 
Your Name:
 
Email Address:
Make Public?
 
Website:
Make Public?
 
Comment:
 
 
 

Recently

Vote for Whomever You Want...
Gaping Security Hole a Pain...
Make Your C*ck a Hammer...
Nigerian 419 Spam: The Video
No More Free Outlook...

Aunty Spam Provided By ISIPP

CAN-SPAM Teleseminar 5/6/04
CAN-SPAM Teleseminar 5/13/04
Spam & the Law Conference 7/29/04
CAN-SPAM Compliance Pack

Other Blogs & Sites

Fun Anti-Spam Novelty Products
The Spam Blog
Spam Primer
Ask Leo
DadsRights.org




Slam a Spammer
Store!
Powered by bBlog