Incoming Address Verification - Critical Antispam Defense

At Message Partners I work with many customers on antispam defense systems. Many of our customers use our software (MPP), on SMTP filtering proxies and I am surprised how many common it is to have no strategy for verifying incoming email addresses. The cost of accepting email for non-existant addresses is high.

In the SMTP transaction there is a greeting that is followed by the actual data or email. It is desirable to stop as much spam as possible after the smtp greeting, before the actual email data is sent from the remote smtp client. If a remote smtp client tells you in the greeting that it is sending mail to asdf@yourdomain.com and you have no asdf at your site you are better off to reject the greeting than to accept it and then accept the email data. Having a list of valid email addresses in your organization will allow you reject email more efficiently.

SMTP proxies or spam appliances can verify email addresses by checking lists, ldap directories, databases or using smtp verify transactions. SMTP verify is the simplest way to verify messages, however, there are scaling issues for large sites. Having a centralized LDAP directory of all valid email addresses will scale, however, this is difficult for many service providers. Active Directory or other user directories can be queried directly, but for non-msft shops there are good ldap directories to consider.

OpenLDAP is the standard open source directory, but the GUI interfaces tend to me confusing and if you are not an LDAP pro it can be intimidating. Redhat has a directory server, http://www.redhat.com/software/rha/directory/, and a free version called the Fedora Directory Server, that are worth checking out.

Needless Processing - Email to non-existant users should be dropped before the STMP Data transaction, i.e. before the message is accepted. If you process email for non-existant users you are wasting bandwidth, processor and storage resources if you quarantine spam.
In summary, if you don’t validate incoming email addresses you are asking for trouble. If you are using spam quarantine you will fill up your quarantine with bogus emails and pollute your user tables. You are wasting bandwidth by processing junk email to fake accounts and you are wasting storage and processing resources. Centralized directories are a powerful antispam defense and they are worth the effort that they take to establish.

Technorati Tags: spam, antispam, email, ldap, directories, mpp, message partners, isp

Comments

• Recent Posts

  • Privacy Concerns?
  • Should You Disinfect?
  • MPPv4 - Coolest MPP Yet
  • Google Competition? Cuil
  • A New Era for Email Security Appliances?

• Categories

  • MPP Releases and Fixes
  • News and Tidbits
  • Opinions on Email Security
  • Podcasts
  • Spam Wisdom
  • Uncategorized

• Archives

  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006

• Links

• Meta

  • Register
  • Login
  • WordPress
  • XHTML