Protective Addresses: New Identity-Based Method for Defeating Spam
WHAT IS THIS TECHNOLOGY?
Email is the most heavily exploited threat vector for malware. Spam, once thought of primarily as a nuisance, now has a far more insidious purpose of propagating viruses, Trojans and spyware, often for identity theft.
The failings of traditional means of thwarting email-borne malware are well chronicled, particularly their reactive nature, which enables spammers to stay perpetually one step ahead of spam blockers. The result is today’s never ending point-counterpoint situation, with spammers testing new techniques against the very offerings that companies buy for protection. As eloquently argued in a Hurwitz & Associates white paper (“Anti-Virus is Dead,” copy attached), traditional malware defenses are fundamentally flawed.
New proactive techniques are required to shift the balance of power in favor of legitimate email users. Reflexion’s unique Address-on-the-Fly™ (AOTF) technology finally does just that through the use of Protective Addresses, “Two Factor Whitelisting,” and user control panels. With AOTF, email users enjoy unparalleled granular and proactive control over access to their inbox.
To avoid detection, spammers routinely forge (“spoof”) the From address of their emails. This practice exploits a gaping loophole in the original specifications for email, which cannot be fixed now without severe risk of disrupting the delivery of legitimate mail. As a result, today spammers hijack the computers of unsuspecting users to send email with From addresses that are simply made up or harvested from legitimate senders.
Traditional techniques for thwarting spam include practices such as compiling lists of From addresses that are always to be blocked (called blacklisting or block listing) and examining message content to block messages with offending words or spammer patterns (called content filtering, Bayesian filtering and heuristics). Because filtering is an imperfect technology, it sometimes blocks legitimate messages. This problem is addressed by developing lists of From addresses which are always to be delivered (called whitelisting or allow listing). Of course, if a spammer uses an address on the recipient’s white list, the payload is then assured of delivery, and the user is right back where he or she started, with spam in the inbox.
Reflexion addresses the problem of email malware with a new and simple technology that effectively blocks email from unwanted senders while assuring the delivery of email from legitimate senders. This technology, which is blended with traditional defenses, automatically enables email users to employ multiple addresses (“aliases”) for a single inbox, and in so doing, to build much more effective whitelists based on To-From address pairs. We refer to these aliases as Protective Addresses, because of the benefit they provide for the user’s inbox, and we refer to the overall technique as “Two Factor Whitelisting,” because delivery requires both a valid From address and a valid To address. With Two Factor Whitelisting, the spammer can no longer spoof the From address and expect delivery -- he must use precisely the From address matched to the target recipient’s To address, which he is unlikely to know or guess. As a result, when spammers spoof the From address, they are actually dramatically reducing the odds that their payload will ever get delivered.
Reflexion’s Address-on-the-Fly™ (AOTF) technology illustrates one use-case of Protective Addresses. AOTF empowers email users to declare a special purpose address when registering on a web site, posting a message on a bulletin board, or disclosing an address in print or in conversation. An AOTF takes the form of one’s primary address (or a primary substitute for even greater protection) plus a suffix to the immediate left of the @ sign. For example, Jane Doe, with an address of firstname.lastname@example.org, might register with NetFlix using the address email@example.com. When NetFlix sends an email to confirm Jane’s registration and payment, Reflexion’s system recognizes the incoming To address as the first use of an AOTF, pairs the NetFlix From address with Jane’s special purpose To address, automatically adds this address pair to Jane’s whitelist, and applies the default security policy that Jane has specified for AOTF disclosures (which may or may not permit address-sharing). For any subsequent use of the AOTF by a sender other than NetFlix, the system automatically queries the address policy database and controls inbox access accordingly. If Jane has “locked down” use of the address pair, any spammer that spoofs a NetFlix From address will be denied delivery unless he somehow knows the corresponding To address; as a corollary, any NetFlix sender that uses the right To address will be assured delivery, regardless of how racy the title might be. This approach totally undermines spammers’ number one delivery technique.
As noted above, Reflexion’s service permits the association of various security policies with an AOTF. This is important because it enables a user to either permit or prevent some degree of address sharing. Let’s say Jane gives her Mother the address firstname.lastname@example.org. Jane can be confident that her mother is only going to share this address with other family members and close friends, not with spammers, so she can choose not to apply any restrictions on the address, and all of her family members can be assured of delivery. (Jane almost certainly wouldn’t permit such latitude for a commercial address disclosure.) However, if security is breached for one of Jane’s family members, such that this AOTF falls into the hands of a spammer who is then able to achieve delivery, Jane can tighten security on the address to only permit delivery of email from senders who have previously used the address, thereby denying delivery for the spammer and every subsequent new sender. This process creates a trusted community of senders on an address, whose members can continue to use the address without concern.
As implied in this scenario, AOTF technology enables one to detect when an address disclosed to one party is then used by another party, indicating either an address-sharing or address-harvesting event. Address sharing alerts are communicated using a control panel that is attached at the bottom of every incoming email. The control panel identifies the envelope address of the sender and the specific address to which the message was sent. It also provides a simple means for the user to change his or her access policies for a specific sender or the specific address.
For example, let’s say Jane disclosed the address email@example.com for communications with her bank. If she receives an email to this address from any sender at a domain other than Bank of America, she will know that either the bank shared her address or the address somehow “leaked” from the bank’s systems. To carry the example one step further, if Jane receives an email on this address from a sender claiming to be Wells Fargo Bank, she can easily identify the message as a likely phishing attack. In general, if the To-From address pair is valid (True), Jane can have a high degree of confidence in the legitimacy of the message; if the address pair is not valid (False), she has an obvious indication that the message may be fraudulent.
The ability to detect address sharing gives Jane a way to determine if her online correspondents are adhering to their privacy policies. With this capability, she may be aware that one of her correspondent’s systems has been compromised even before they are. Furthermore, this technology enables Jane to understand which address disclosures lead to the spam that she receives, and empowers her to then apply more stringent security policies to eliminate that spam.
Enhanced whitelisting is gaining recognition as a powerful approach to dealing with security issues in general. For example, whitelists of applications and executables are now being used to secure end points on the network. Reflexion’s Address-on-the-Fly technology, with Protective Addresses, Two Factor Whitelisting and Control Panels, brings the same power to access control for email inboxes.
Conclusion: By using AOTF, email users gain the following advantages:
1. Proactive, granular control over access to their inbox.
2. Protection for their primary email address, through the use of alternative addresses for high-risk
3. Awareness of the address disclosures that lead to spam, which can then be eliminated.
4. Awareness of parties that share their address with other senders.
5. The ability to use disposable addresses for short-term purposes.
6. A simple means of identifying phishing attacks.
7. A simple means of organizing related communications on a single address.
Reflexion Networks, Inc.
18 Commerce Way, Suite 3750
Woburn, MA 01801
CLICK HERE to download "Hurwitz Anti-Virus is Dead" whitepaper and CLICK HERE to download "Protective Addresses" whitepaper