Tracking Email Messages with MPP
I want to let you know about an MPP feature called Message Tracking that is quite useful for service providers or anyone that needs to have a compact record of each email message that they process. This feature was introduced in MPP quite some time ago but we never had a GUI interface for it until recently.
The idea with Message Tracking is that MPP will record a small record of each transaction in an SQL database. You can configure the level of detail that is stored, but the full detail is only a few bytes per message. MPP stores all types of information such as message id, remote relay IP, scan state, score of each scanner, message result, parse result and more. The database is very easy to query and very scalable.
MPP Available on DOD Emall
Our partner, Aglow Technologies, a Woman owned small business has successfully placed MPP on the Department of Defense Emall site. This means that anyone in the Department of Defense can enjoy the outstanding antispam protection of MPP and purchase with convenience of online access. Kudow’s to Aglow.
New Antispam Options for Mac OS X
I want to let you know that we have just released MPP with new antispam technology never before seen on the Mac platform. It is only available for Intel Mac’s (10.4 or 10.5) for now but it is significantly better than anything offered on Mac to date. Please check it out here
Backscatter Problems Persist
Backscatter problems are persisting and seem to be the new scourge of spam. They expose a lot of weakness in antispam filtering algorithms and require new approaches to truly stop them. Here’s why:
- Many backscatter attacks do not contain any message content, only bounce notifications. Stopping all bounce notifications or messages from mailer-daemon is dangerous
- Many backscatter attacks come from legitimate email servers so you can block the offending servers at the SMTP level without blocking legit email.
- Backscatter attacks can be extremely high volume and can crush a spamassassin/amavisd installation that is not micromanaged.
At Message Partners we have been working on some approaches to backscatter problems for our customers. The most heavy handed approach, and one that I have been utilizing on our site, is to block all traffic that originates from Mailer-Daemon with this regular expression for header filters: ^From:.*Mailer.*$ . This is annoying because you can’t see legit bounces, but I have taken an analogy from the US Post Office. If you need acknowledged delivery then you must send with delivery notification service. If you send a letter to the wrong address it may take weeks before it comes back to you, if it comes back at all. Anything I really care about I send with some delivery notification. I have decided that this should apply to email as well. If I really care about the email then I should send it with some delivery confirmation, hence, I have rationalized filtering out all bounces. This has ended my backscatter problem for the most part, but many messages do not come from mailer-daemon so the problem still exists, but on a much smaller scale.
We have a more intelligent solution in beta that utilizes our auto black list feature. With this approach a threshold is set that if x amount of messages are received that violate a content rule then all messages from any IP that sends with the same subject will be temporarily blocked. For example, if gmail.com sends me 400 bounces in 2 minutes (which they’ve done), and they all have Undeliverable Mail in the subject, then any message with Undeliverable Mail will be blocked during the block period. This is working pretty well, but not a complete solution by any means.
Some of our engine partners are quickly improving their backscatter detection, but when there is no actual message content they all seem to stumble.
Conclusion — Backscatter remains a problem but MPP is helping with our customers with a solution. In the meantime, administrators should be really careful about the rejection notices that they sent.
Technorati Tags: backscatter, spam, email security, mpp