previous page: Anti-SPAM Techniques: Sender Policy Framework (SPF)
page up: Anti-SPAM, Anti-Phishing and Anti-Viruses Techniques
next page: Anti-SPAM Techniques: Transparent SMTP proxy

Anti-SPAM Techniques: Reputation Control


This article is a part of the series on undesired email (spam, phishing, viruses, etc.). The material covers the Poisons and the Remedies.

By Stas Bekman.

Published: May 15th 2006

Anti-SPAM Techniques: Reputation Control

Since whatever new techniques were invented to circumvent spam were either successfully defeated by spammers or weren't accepted by the Internet users, new solutions keep on coming up. The very recent idea (circa 2005) is to implement reputation control to control undesired email.

The idea is quite simple and parallels can be easily found in our non-electronic society. You start with no reputation (neutral score) and you attempt to send an email, the receiving party accepts your email and analyses it and assigns you a score. If your email is found to be legitimate -- your score improves, if not - you score is reduced. As you send more email your score stirs away from the neutrality towards the positive or the negative direction. When you cross a certain point in the positive direction (legitimate mail) further messages from you are whitelisted (accepted without extra checks), when you cross the line on the negative side (undesired email), your emails are automatically rejected.

It's up to the implementers to decide how to go about the score generation. They could use any and all of the techniques presented in this article. In addition other inputs can be used, such as: the email volume, user complaints, failed unsubscribe requests and many more. The more information you can collect about the sender the better score is assigned. Different metrics could be combined using different weights.


Here are some vendors supporting this technique (including open-source solutions):

The Habeas SenderList (http://www.habeas.com/en-US/Receivers_SenderIndex.php)
(Commercial) a massive email reputation database with information on over 60 million email sending IP addresses and domains and includes volume and complaint data.

IronPort Reputation Filters (http://www.ironport.com/products/reputation_filters.html)
(Commercial) provide the outer layer of spam protection for your email infrastructure. As the first line of defense on the IronPort email security appliances, Reputation Filters dispose of up to 80% of incoming spam at the connection level

F-Secure Email Firewall (http://www.f-secure.com/products/appliance/email-firewall.shtml)
(Commercial) a core component of the F-Secure Messaging Security Gateway, the Email Firewall provides the SMTP-level, perimeter security features demanded by today's enterprise, creating an impenetrable shield around your messaging systems. Proofpoint's MLX Dynamic Reputation (TM) technology and SMTP traffic control features work together to protect your network from all types of malicious connections.


IronMail Connection Control (http://www.ciphertrust.com/products/connection_control/)
(Commercial) (from CipherTrust)

MX Police (http://mxpolice.com/)



Please notify me if you know of others.

Related Links

And here are some pointers for additional information on the subject:


The Digital Identity Big Bang (http://www.alwayson-network.com/comments.php?id=10193_0_3_0_C)
Coming To You Any Year From Now

Wikipedia on Online identity
More information about Reputation control

Cleaning up a bad e-mail reputation (http://news.com.com/2102-7355_3-6065558.html?tag=st.util.print)
-- an overview of some of the players in the email reputation industry.

the Reputation Gang (http://reputationgang.org/)
The Reputation Gang is a small group of industry participants who are interested in applying reputation to the problems of spam and phishing in email.

Wikipedia on Digital identity

Wikipedia on Reputation management

Reputation-Based Mail Flow Control (http://www.ironport.com/pdf/ironport_c60_rep_based_paper.pdf)
from IronPort (pdf)

Fighting Spam with Reputation Systems (http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=346)
Leveraging the power of communities and reputations can be an effective weapon against spam.



Continue reading about other Remedies or jump to the email-related Poisons section.

previous page: Anti-SPAM Techniques: Sender Policy Framework (SPF)
page up: Anti-SPAM, Anti-Phishing and Anti-Viruses Techniques
next page: Anti-SPAM Techniques: Transparent SMTP proxy