A Long Way from Junk Free Inboxes
A Long Way from Junk Free Inboxes
1. In Focus: A Long Way from Junk-Free Inboxes
2. Security News and Features
- Recent Security Vulnerabilities
- News: Yahoo Publishes IETF Draft for DomainKeys
- News: 20 Tips on Securing Outlook in 20 Minutes
- News: Microsoft Identity and Access Management Series
- News: Shavlik Technologies Partners with NetIQ and ENDFORCE
3. Security Toolkit
- FAQ
- Featured Thread
4. New and Improved
- Enterprise-Class Firewall for the Small Business
In Focus: A Long Way from Junk-Free Inboxes
I briefly explained three proposed technologies--Sender Policy Framework (SPF),
DomainKeys, and Caller ID for E-Mail--that might help curb the amount
of junk mail influx most of us receive each day.
Recently Yahoo!, developer of the DomainKeys technology, submitted a
draft to the Internet Engineering Task Force (IETF) that outlines the
basics of the technology. As you'll learn when you read the draft,
which is linked in the related news story, "Yahoo Publishes IETF Draft
For DomainKeys," in this edition of the newsletter, Yahoo! still has
plenty of work to do on DomainKeys.
The developers of SPF technology have also submitted a draft proposal
to the IETF (see the first URL below), and Microsoft has also
submitted a draft proposal for Caller ID for E-Mail.
In essence, DomainKeys technology works by digitally signing email
messages, then attempting to verify digital signatures by
communicating with the domain that allegedly sent the email message.
SPF and Caller ID try to verify the alleged sending domain of a given
email message, but they don't use digital signatures. At the time of
this writing, both SPF and Caller ID try to verify that the mail
headers of a given message haven't been forged (as is the case with a
lot of junk mail) by checking particular DNS records (specially
formatted TXT records) against records written into mail headers.
Although all three technologies provide reasonable ways to verify an
email message's origin, they all contain problems that determined
spammers could exploit. Thus none of the technologies is an end-all
solution for junk mail. However, using all three technologies together
might improve the ability to curb unwanted email.
As was pointed out on the IETF Anti-Spam Research Group (ARGS) mailing
list, even with all three of the proposed technologies in place,
domain operators can further reduce junk mail by adding other
technologies--such as those that ban senders, domains, and sets of IP
addresses--commonly referred to as blacklisting. But even combining
all these technologies won't completely eliminate junk mail.
So far, the only solutions I've seen that can eliminate nearly all
unwanted email are the types that use some sort of challenge and
response system. For example, some solutions require a sender to visit
a Web page the first time he or she sends an email to a certain user.
At the Web page, the sender might have to type in a keyword shown on
the screen or perform some other type of response. Other solutions
might use email to deliver and process the challenge and response.
These solutions are minor inconveniences for most people, but they
often present major problems for sightless individuals.
Even though many thousands of networks and software vendors, including
AOL, Earthlink, Google, Symantec, and Brightmail, have already
integrated SPF and thousands of others are undoubtedly slated to begin
using DomainKeys or Caller ID or both, many people will continue to
receive more junk mail than they care to tolerate. And because even a
combined set of the current and proposed solutions won't satisfy every
network's needs, we'll likely see more solutions become available.
Incidentally, Symantec recently purchased Brightmail for approximately
$370 million. Brightmail provides solutions that guard against spam,
spoofed email, viruses, and more. Given Brightmail's extensive client
base of major corporations, including AT&T, Microsoft, Cisco Systems,
Lucent Technologies, Motorola, and eBay, the deal will permit Symantec
to provide an even more rounded solution for email processing. You can
read about the acquisition at Brightmail's Web site.
Security News and Features
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.
News: Yahoo Publishes IETF Draft for DomainKeys
Yahoo submitted a draft of its proposed junk mail solution,
DomainKeys, to the Internet Engineering Task Force (IETF). The
proposal outlines the concepts and some of the technical
specifications that could be implemented on mail servers to help
verify the identity of the actual domain used to send email messages.
Yahoo anticipates that such identification will help pinpoint people
who send unwanted or illegal email solicitations.
News: 20 Tips on Securing Outlook in 20 Minutes
Windows & .NET Magazine author Paul Robichaux wrote a book, "Secure
Messaging with Exchange Server 2003," which is published by Microsoft
Press. An excerpt chapter from the book, "20 Tips on Securing Outlook
in 20 Minutes," is now available online to help people secure their
Outlook clients.
News: Microsoft Identity and Access Management Series
Microsoft published a new article series, "Identity and Access
Management," which helps explain how digital identity can be
implemented and used to access network resources.
News: Shavlik Technologies Partners with NetIQ and ENDFORCE
Shavlik Technologies announced it has entered into partnering
agreements with NetIQ and ENDFORCE. The two companies will incorporate
Shavlik's HFNetChkPRO patch-management software into their respective
enterprise solutions.
Get the Most Out of IIS 6.0 Performance and Tuning
In this free Web seminar, you'll learn about the Internet
Information Services (IIS) performance-tuning tools, including System
Monitor, Application Center Test, and Log Manager. The Webcast will
show how to use these tools to gather Web server baseline performance
information, optimize performance and memory utilization, and test
performance of applications running on the Web server with different
caching and configuration settings. Register now!
Security Toolkit
FAQ: What's the Account Lockout Status Tool?
A. The Account Lockout Status tool (lockoutstatus.exe) displays
lockout information for a specified user by querying every contactable
domain controller (DC) in the user's domain.
To use the tool, you must be running Windows 2000 Service Pack 3 (SP3)
or later. To install lockoutstatus.exe, perform the following steps:
1. Download the Account Lockout Status tool, then execute the
downloaded lockoutstatus.msi file.
2. Click Next to start the installation wizard.
3. Check "I accept the terms in the license agreement" and click
Next.
4. Click Install Now.
5. After installation is complete, click Finish.
By default, the tool is installed in the C:\program files\windows
resource kits\tools folder. Double-click lockoutstatus.exe. From the
tool's File menu, click Select Target and enter the user whose status
you want to check. You'll see a window, like the one in the figure at
Figure, which displays the user's lockout information.
You can also check a user's lockout information at the command line.
To do so, enter the follow command where the suffix after -u is the
username.
Featured Thread: Blackberry Server behind ISA
(Two messages in this thread)
A reader writes that he needs to use BlackBerry devices from behind
a Microsoft Internet Security and Acceleration (ISA) Server, but he's
having some trouble defining rules for the ports. He needs to open TCP
port 3101 for bidirectional traffic and wants to know how to do it
properly. He created a packet filter with the following
characteristics: IP Protocol: TCP, Direction: Outbound, Local port:
Fixed Port, Local Port Number 3101, Remote Port: All Ports, Remote
Ports: Subdued. However, that approach doesn't work, and he wants to
know what he's doing wrong. Lend a hand or read the responses:
From Chaos to Control: Using Service Management to Reclaim Your
Life
Take control of your workday! If you're supporting 24 x 7
operations by working around the clock instead of 9 to 5, learn how
you can benefit from a sound service-management strategy. In this free
Web seminar, you'll learn practical steps for implementing service
management for your key Windows systems and applications.
New and Improved
Enterprise-Class Firewall for the Small Business
Comodo Trustix announced that its new entry level for the Trustix
Firewall is five users and more. Trustix Firewall gives small and
midsized business the benefits of an enterprise-class
firewall-management solution. You can install and set up the product
in less than 25 minutes. Trustix Firewall's GUI makes the product
easily configurable, saving you money on time, maintenance, and
licensing costs. Trustix Firewall is part of a portfolio of
business-infrastructure solutions, which include Trustix LAN Server
for file sharing, Trustix Mail Server for communication, and Trustix
Web Server for interaction with business partners and customers. Each
product is ready to use out of the box and benefits from the
platform-independent Xploy utility. Trustix Firewall costs $270. For
more information about the product, contact Comodo Trustix on the Web.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column.
