email quality is a matter of good system hygiene
DESCRIPTION
EMail Quality is a matter of good System Hygiene. Eliot Lear Senior Consulting Engineer. Where does it come from?. Bad people will send bad mail Reputation is both important... Good people will send bad mail … and dynamic! Identity is important Know who sent what. - PowerPoint PPT PresentationTRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Eliot Lear
Senior Consulting Engineer
EMail Quality is a matter of good System Hygiene
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Where does it come from?
Bad people will send bad mail
Reputation is both important...
Good people will send bad mail
… and dynamic!
Identity is importantKnow who sent what
Source: Senderbase.org (12:14pm)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
There’s a Problem
We suspect increased spear-phishing, which doesn’t show up in the numbers
We can identify and get rid of a whole lot of this stuff.
95% of spam originates from Bots
(the biggest use of cloud computing to date)
It’s even worse than it looks
Source: Cisco Ironport, December 2009
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 44
How much of this goes on?
Source: IC3.gov – US statistics
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 55
What’s New and Different?
Domain Keys Identified Mail (DKIM)RFC-4871
Identifies responsible domain
Author Domain Signing Practices (ADSP)RFC-5617
Indicates what policy a domain has toward signing
TERENA members are in a unique position to apply a uniform policy (ADSP or not).
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 66
What does a real PayPal Email look like?
Return-Path: <[email protected]>Received: from mx1.phx.paypal.com (mx1.phx.paypal.com [66.211.168.231])
by upstairs.ofcourseimright.com (8.14.3/8.14.3/Debian-6) with ESMTP id n9E8KIwI026171for <[email protected]>; Wed, 14 Oct 2009 10:20:39 +0200
Authentication-Results: upstairs.ofcourseimright.com; dkim=pass(1024-bit key; insecure key) [email protected];dkim-adsp=none (insecure policy)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal.ch; [email protected]; q=dns/txt; s=dkim; t=1255508439; x=1287044439; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"[email protected]"=20<[email protected]> |Subject:=20Receipt=20for=20Your=20Payment=20to=XXX |Date:=20Wed,=2014=20Oct=202009=2001:20:17=20-0700| |Message-Id:=20<[email protected] m>|To:=20Eliot=20Lear=20<[email protected]> |MIME-Version:=201.0; bh=q82fwVBPBq26WHflKsNcdbCIf3Vcc5wRznZ9tfI8+8k=; b=OPyR7evc/VcnTZyDZSlYCh9oLm+vmKt8qsocqMrAr7y/kg3P5+DhO3mB UDbhkCvqu+owm45X1te+PxoREXR9aMEuuD20ltP2B5f5JWf/MjICk6zc6 gYv6pY6ZRFKclXFGvtViJwv0LsW8N7uaoiZCAh5mxrjfuJaF+SmNyX23c I=;Received: (qmail 22290 invoked by uid 99); 14 Oct 2009 08:20:17 -0000Date: Wed, 14 Oct 2009 01:20:17 -0700Message-Id: <[email protected]>Subject: Receipt for Your Payment to XXXXX-MaxCode-Template: email-receipt-xclick-paymentTo: Eliot Lear <[email protected]>From: "[email protected]" <[email protected]>X-Email-Type-Id: PP120X-XPT-XSL-Name: email_pimp/CH/en_US/xclick/ReceiptXClickPayment.xslContent-Type: multipart/alternative; boundary=--NextPart_048F8BC8A2197DE2036AMIME-Version: 1.0
Return-Path: <[email protected]>Received: from mail.realinterface.com (mail.cecreal.com [66.101.212.157])
by upstairs.ofcourseimright.com with ESMTP id n9GAJ9h3022332
for <[email protected]>; Fri, 16 Oct 2009 12:19:31 +0200Received: from dynamic.casa1-15-233-12-196.wanamaroc.com ([196.12.233.14]) by mail.realinterface.com with Microsoft SMTPSVC(5.0.2195.6713);
Fri, 16 Oct 2009 06:32:45 -0400From: "PayPal Services" <[email protected]>To: "lear" <[email protected]>Subject: Your PayPal account has been LimitedDate: Fri, 16 Oct 2009 10:18:53 +0000Organization: PayPalMIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_01C6527E.AE8904D0"Message-ID: <[email protected]>X-OriginalArrivalTime: 16 Oct 2009 10:32:45.0859 (UTC) FILETIME=[00099730:01CA4E4C]
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 77
Level of Assurance
Cost = cost of the token + inconvenience to the user.
300,000,000 X $25 =
a whole lot of money
How many of these do you want to carry?
How often do you want to use them?
What value is possible?
Pictures courtesy of Alexander Klink, Aladdin, “Greudin”, IBM
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 88
Is this privileged enough?
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 99
Problems with “Privileged Interfaces”
On a PC, they may never be privileged enough
You can’t take them with you
They are extremely fragile todayRequires synchronization with browser, OS, and blog software
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1010
Is All Lost?
There is a substantial web of transitive trust for hackers.
A plethora of web sites does not make for a plethora of passwords.
Lack of email confidence contributes by obscuring problems.
Having an identity provider reduces passwords.
Having few identity providers increases risk concentration.
Privileged UIs are hard
Hardware is expensive
Old Man in Sorrow by Van Gogh
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1111
Maybe not so. Conclusions
There exist hardware and software that addresses this space.
Employers and universities REQUIRE federated solutions for ease of authorization.
Many of us separate passwords by sensitivity and purpose. Maybe the same will be true with IdPs.
It took centuries for the current banking ecosystem to evolve.
The last three decades have already been a revolution.
More to come!Courtesy D. Sharon Pruitt
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1212
One organization worth mentioning
Mail Anti-Abuse Working Group
A forum for service providers, anti-spam vendors, mailing list service providers, and others
http://www.maawg.org
13© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Thanks! Questions?
1414© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID