email quality is a matter of good system hygiene

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Eliot Lear

Senior Consulting Engineer

EMail Quality is a matter of good System Hygiene

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22

Where does it come from?

Bad people will send bad mail

Reputation is both important...

Good people will send bad mail

… and dynamic!

Identity is importantKnow who sent what

Source: Senderbase.org (12:14pm)


There’s a Problem

We suspect increased spear-phishing, which doesn’t show up in the numbers

We can identify and get rid of a whole lot of this stuff.

95% of spam originates from Bots

(the biggest use of cloud computing to date)

It’s even worse than it looks

Source: Cisco Ironport, December 2009


How much of this goes on?

Source: IC3.gov – US statistics


What’s New and Different?

Domain Keys Identified Mail (DKIM)RFC-4871

Identifies responsible domain

Author Domain Signing Practices (ADSP)RFC-5617

Indicates what policy a domain has toward signing

TERENA members are in a unique position to apply a uniform policy (ADSP or not).


What does a real PayPal Email look like?

Return-Path: <[email protected]>Received: from mx1.phx.paypal.com (mx1.phx.paypal.com [66.211.168.231])

by upstairs.ofcourseimright.com (8.14.3/8.14.3/Debian-6) with ESMTP id n9E8KIwI026171for <[email protected]>; Wed, 14 Oct 2009 10:20:39 +0200

Authentication-Results: upstairs.ofcourseimright.com; dkim=pass(1024-bit key; insecure key) [email protected];dkim-adsp=none (insecure policy)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal.ch; [email protected]; q=dns/txt; s=dkim; t=1255508439; x=1287044439; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"[email protected]"=20<[email protected]> |Subject:=20Receipt=20for=20Your=20Payment=20to=XXX |Date:=20Wed,=2014=20Oct=202009=2001:20:17=20-0700| |Message-Id:=20<[email protected] m>|To:=20Eliot=20Lear=20<[email protected]> |MIME-Version:=201.0; bh=q82fwVBPBq26WHflKsNcdbCIf3Vcc5wRznZ9tfI8+8k=; b=OPyR7evc/VcnTZyDZSlYCh9oLm+vmKt8qsocqMrAr7y/kg3P5+DhO3mB UDbhkCvqu+owm45X1te+PxoREXR9aMEuuD20ltP2B5f5JWf/MjICk6zc6 gYv6pY6ZRFKclXFGvtViJwv0LsW8N7uaoiZCAh5mxrjfuJaF+SmNyX23c I=;Received: (qmail 22290 invoked by uid 99); 14 Oct 2009 08:20:17 -0000Date: Wed, 14 Oct 2009 01:20:17 -0700Message-Id: <[email protected]>Subject: Receipt for Your Payment to XXXXX-MaxCode-Template: email-receipt-xclick-paymentTo: Eliot Lear <[email protected]>From: "[email protected]" <[email protected]>X-Email-Type-Id: PP120X-XPT-XSL-Name: email_pimp/CH/en_US/xclick/ReceiptXClickPayment.xslContent-Type: multipart/alternative; boundary=--NextPart_048F8BC8A2197DE2036AMIME-Version: 1.0

Return-Path: <[email protected]>Received: from mail.realinterface.com (mail.cecreal.com [66.101.212.157])

by upstairs.ofcourseimright.com with ESMTP id n9GAJ9h3022332

for <[email protected]>; Fri, 16 Oct 2009 12:19:31 +0200Received: from dynamic.casa1-15-233-12-196.wanamaroc.com ([196.12.233.14]) by mail.realinterface.com with Microsoft SMTPSVC(5.0.2195.6713);

Fri, 16 Oct 2009 06:32:45 -0400From: "PayPal Services" <[email protected]>To: "lear" <[email protected]>Subject: Your PayPal account has been LimitedDate: Fri, 16 Oct 2009 10:18:53 +0000Organization: PayPalMIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_01C6527E.AE8904D0"Message-ID: <[email protected]>X-OriginalArrivalTime: 16 Oct 2009 10:32:45.0859 (UTC) FILETIME=[00099730:01CA4E4C]


Level of Assurance

Cost = cost of the token + inconvenience to the user.

300,000,000 X $25 =

a whole lot of money

How many of these do you want to carry?

How often do you want to use them?

What value is possible?

Pictures courtesy of Alexander Klink, Aladdin, “Greudin”, IBM


Is this privileged enough?


Problems with “Privileged Interfaces”

On a PC, they may never be privileged enough

You can’t take them with you

They are extremely fragile todayRequires synchronization with browser, OS, and blog software


Is All Lost?

There is a substantial web of transitive trust for hackers.

A plethora of web sites does not make for a plethora of passwords.

Lack of email confidence contributes by obscuring problems.

Having an identity provider reduces passwords.

Having few identity providers increases risk concentration.

Privileged UIs are hard

Hardware is expensive

Old Man in Sorrow by Van Gogh


Maybe not so. Conclusions

There exist hardware and software that addresses this space.

Employers and universities REQUIRE federated solutions for ease of authorization.

Many of us separate passwords by sensitivity and purpose. Maybe the same will be true with IdPs.

It took centuries for the current banking ecosystem to evolve.

The last three decades have already been a revolution.

More to come!Courtesy D. Sharon Pruitt


One organization worth mentioning

Mail Anti-Abuse Working Group

A forum for service providers, anti-spam vendors, mailing list service providers, and others

http://www.maawg.org

email quality is a matter of good system hygiene

Documents