April 21, 2023

Complementing Traditional Email Security Methods by

using Non-Disposable Addresses to Stop Spam and Other Malware

Supplemental Address Management System (SAMS)

2

Fundamental InsightsFundamental Insights

•Two email addresses are better than one

•It’s harder to control spam with a single address

•Bad actors exclusively share your address with other bad actors

•Good actors never knowingly share your address with bad actors

3

Supplemental Address Management Supplemental Address Management SystemsSystems

•Address to Inbox cardinality of “many-to-one”

•Goal is for the greatest percentage of legitimate messages to arrive without being filtered

•Supplemental addresses provide additive and complementary benefits to any other security approach when combined

4

Address-Specific PoliciesAddress-Specific Policies

•Public – No filtering•Protected – Filter•Disabled – Block all

5

Value Increases Over Value Increases Over TimeTime

6

Blended Model BenefitsBlended Model Benefits

•White listing

• Same rate of accuracy

• Off-list incidence reduced by close to promotion

percentage

• Development of the white list becomes a finite exercise

•Content-filtering and Corpus-Driven Models

• Same rate of accuracy

• False positives reduced by close to promotion %

• Corpus can be automatically fed with precision from

other blended model combination(s)

7

SAMS using White ListingSAMS using White Listing

•Near 100% elimination of spam

•Content-independent

•Phishing is not a problem

•Foreign language spam and all graphic spam

are not a problem

•Mistakenly blocked messages are not a problem

•Does not require challenge/response

•Can be combined with content-based

filters

8

SAMS vs Disposable SAMS vs Disposable AddressesAddresses

•Disposable Email Addresses (DEA)

•Low value, short life span substitute addresses

•Use DEAs to keep spam from higher value

addresses (mailbox)

•Supplemental Addresses

•High value, permanent additions to the Inbox

•Use SAs to distinguish legitimate mail from

spam, and to bypass unnecessary stages of

filtering

9

Address MagnificationAddress Magnification

•Address-on-the-fly (AOTF)

•Naming convention used for instant disclosures

•Rate limited over time

•Highly valuable convenience for users

•Automated AOTF

•A second supplemental address for new dialogs

(partial automation)

•New supplemental addresses for each

correspondent when appropriate (full automation)

10

Form Factor

Block messages from this senderTo:      sue.nehomes@ispdomain.net From:   orderconfirm@nehomes.com

Reflexion Control Panel

You received this message because the sender is using the correct supplemental address assigned by Reflexion.

Block messages from this senderStop sharing of this address outside of nehomes.com

To:      sue.nehomes@ispdomain.netFrom:  sales@products.com

Reflexion Control Panel

You received this message because orderconfirm@nehomes.com shared your email address.

Standard Control Panel

Address Sharing Control Panel

11

DatabaseDatabase

•Enterprises

•Users

•Supplemental addresses

•Correspondents

•Message history

•Default values and policies for new

users, addresses

•Collections (groups, roles, departments)

12

SAMS MTA ArchitectureSAMS MTA Architecture

MessageTranslation

Pre-processed

Queue

Other Networks(The Internet)

DeliveryQueue

Out

D

eliv

ery

of

Ou

t

Out

SMTP(w/Security)

ReflexionSecurity

P(s,r)

Rx

Ok?

In

In In

In

Internal E-mail Infrastructure

R2Reject

R3Defer

R1Ok

Ou

t

s = Mail From: transport addressr = Rcpt To: transport addressP(s,r) = Request security status on a message from s to rRx = Security status on a message from s to r R1 = Ok, continue processing message R2 = Reject, do not process the message R3 = Defer, temporarily defer the message back to the sending server

13

Beyond Anti-SpamBeyond Anti-Spam

•Day zero virus benefits

•Novel active and passive defensive

modes

•Context and integration to email for

any application

14

Lessons Learned about Lessons Learned about SAMSSAMS

•Improves performance over time•Very low maintenance•Reduces stress on users and infrastructure•Metrically, more addresses are better than fewer

•Pre-use concern about SAs must be allayed•It’s sticky•Users are not resistant to slight changes in behavior

•In combination with white listing, delivers a pristine Inbox experience requiring very little maintenance

April 21, 2023

Questions?

16

Day Zero Virus Example

Actual Customer Data. The graph shows a surge in undesirable mail due to the onslaught of the Sobig.F virus. The added layer of virus protection from the address-based defense complemented the anti-virus gateway, specifically during the "window of vulnerability" -- the time when infected messages arrive before the update of the AV definition -- when most of the economic damage occurs.

17

Denial-of-Service Example

18

Zero Spam ExampleZero Spam Example

Domain Registration using a Supplemental Address

220

440

660

887

0 0 0 10

100200300400500600700800900

1000

6 12 18 24

Months

Cum

ulat

ive

Mes

sage

s

SpamLegits