'Fingerprint' Service Could Stop Some Spam

E-mail provider Everyone.net says it has a new program to protect e-mail users from one by-product of the spam plague: bounced messages.

The firm is announcing an enhanced e-mail protection service called Total Protection 2.0 at the ISPCon conference in Washington, D.C. this week. The new service includes a technology called Email Fingerprint that can stop "bounce storms," in which e-mail users who have had their e-mail address stolen by spammers or e-mail worms receive a flood of returned e-mail messages.

How it Works

Everyone.net calls the new feature a kind of "paternity test" for e-mail messages. The company is adding an extension header to each outbound e-mail message. That header will contain a unique signature, created with a symmetric encryption key and based on information such as the e-mail user's identification, the time stamp for the e-mail and more, says Wayne Lewis, Everyone.net's chief technology officer.

External e-mail servers will typically return the delivery instructions of the original message, called the "header," including the new fingerprint extension, and often a portion of the original message. That allows Everyone.net to search bounced messages for the signature to determine whether they came from an Everyone.net user, or are bogus bounce messages from a spammer, worm, or virus that is spoofing Everyone.net addresses, Lewis says.

"The goal is to stop bounce storms. (With Email Fingerprint) we can say with 100 percent certainty whether an e-mail message (with the signature) left our system," Lewis says.

The new technology is not a cure-all, but will help shield Everyone.net's customers from being inundated with rejection notifications for e-mail messages they never sent, according to Josh Mailman, vice president of sales and marketing.

The Total Protection 2.0 service will be available to Everyone.net's personal, business, and Internet service provider customers, Mailman says.

Ongoing Struggle

Bounced messages are a big problem, according to John Levine of the Internet Research Task Force's Anti-Spam Research Group.

Levine, who runs an antispam service called AbuseNet, receives between 10,000 and 20,000 bounced messages daily. However, he wonders if the Email Fingerprint will reliably let pass legitimate bounced messages, he says.

E-mail server products vary widely in what content remains from an original messages when they issue a bounce notice. It the Email Fingerprint is stripped out or altered by some programs, it could be dropped by Everyone.net's servers, Levine says.

"Bounce processing is an incredible can of worms. There are standards that are not widely adhered to and many vendors who think they are adhering to them are not," Levine adds.

Other researchers and e-mail providers are looking at the problem of bounced messages.

Recently, Earthlink said it will begin testing a plan called Sender Policy Framework (SPF) that also addresses the bounced e-mail problem. Also, America Online said in January that it is testing SPF for outgoing mail.

Both companies are publishing the IP addresses of their e-mail servers in an SPF record in the domain name system. Mail servers receiving e-mail messages claiming to come from those domains can check whether the messages came from one of the registered servers.