Although there are some emerging email authentication standards, such as SPF, SenderID and DKIM, there is no expectation that these can resolve the spam problem. And as there is no real cost involved in sending email, there are few economic incentives to prevent spammers from continuing to ply their trade. Legal restrictions on spammers have been increased, in particular in the USA. But these measures will do little to deter the authors of other dark traffic types. Their actions are already illegal in much of the world, but enforcement remains extremely difficult. The onus remains on businesses to protect themselves.
What Can Be Done?
By its nature, dark traffic cannot be prevented at an Internet-wide level. For its part, anti-spam legislation only acts as a limited deterrent to those intent on dark traffic attacks. The very fact that dark traffic takes on the appearance of legitimate email means that it is not visible to many of the information security measures currently operated by Internet service providers and companies.
The only way to determine whether an email message is legitimate or dark traffic is to compare the addressee with entries in a company’s directory. If the addressee is listed, the email could still be spam, but the vast majority of illegitimate emails, including most of the traffic used for both denial of service and directory harvest attacks, would remain undelivered.
Businesses, however, will be understandably reluctant to hand over their directory details to third parties, even where doing so will improve their information security defences. But businesses can deploy solutions at the edge of their networks that will filter out malformed SMTP packets, denial of service attacks (based on the messages originating from one or a small number of IP addresses) and directory harvest attempts.
Such technology does not replace anti-spam systems based on content filtering, but works alongside them. Conventional spam filtering remains necessary to protect employees’ mailboxes from spam launched against pre-harvested addresses or those bought from a list, as well as for other purposes such as blocking messages with inappropriate content.
Building a layered approach to spam is both efficient and more effective. Two sets of filtering systems greatly cuts the chances of spam messages slipping through the net, but it should also reduce the number of “false rejects” by allowing finer tuning of content-based filters.
But the main argument for deploying scanners at the edge to pick up and block dark traffic is efficiency.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.