E-mail fingerprinting attacks bounce storms

E-mail provider Everyone.net is trying to head off one type of spam with an encryption technology designed to create a unique signature for each outbound e-mail message.

The Total Protection 2.0 e-mail protection service zeros in on bounce storms, in which e-mail users who have had their e-mail address stolen by spammers or e-mail worms receive a flood of returned messages.

The service, being launched this week at the ISPCon conference in Washington, includes a technology dubbed Email Fingerprint, which adds an extension header to each outbound e-mail message. That header will contain a unique signature, created with a symmetric encryption key and based on information such as the e-mail user’s ID, the time stamp for the e-mail and more, said Wayne Lewis, Everyone.net CTO.

External e-mail servers typically return the header, including the new fingerprint extension, and often a portion of the original message. That allows Everyone.net to search bounced messages for the signature to determine whether they came from an Everyone.net user, or are bogus bounce messages from a spammer, Lewis said.

The new technology is not a cure-all, but will help shield Everyone.net’s customers from being inundated with rejection notifications for e-mail messages they never sent, according to Josh Mailman, vice president of sales and marketing at Everyone.net

Bounced messages are a big problem, according to John Levine of the Internet Research Task Force’s Anti-Spam Research Group.

Levine, who runs an anti-spam service called AbuseNet, receives around 10,000 or 20,000 a day. However, Email Fingerprint might not reliably let legitimate bounce messages through to e-mail users, he said.

E-mail server products vary widely in what content from original e-mail messages they return when they issue a bounce notice. That variance could mean that Email Fingerprint is stripped out or altered by some programs, causing it to be dropped by Everyone.net’s servers.