[SecurityRatty] tag: ferris

One Spam to rule them all!

Sat, 11 Oct 2008 19:37:02 +0000

If we only had a dollar for each spam we recieved, we could end the worlds money crisis!

40 Trillion Spam E-mails This Year

ComputerWorld did a nice story called Spam Filters: Making Them Work relying on the Ferris numbers. However, the lesson we should learn is buried deeper in the details: spam is no longer a nuisance that clogs inboxes, it’s a security issue. The majority of spam messages now try to breach security on the computer reading the message, or redirect the user to a Web site full of malware etc.

Don't Mix MX And CNAME Records

Wed, 10 Sep 2008 04:59:33 +0000

An ambiguity in RFC 2821, which defines how email should be delivered, causes problems for some users, according to Ferris Research. In their first blog on the subject they relate a story of someone (names are expunged to protect the innocent from embarrassment) who decided to configure his DNS with both an MX record (which advertises the mail server) and a CNAME record defining where the web server was. More specifically, the CNAME defined "the-domain-in-question.com." to be "www.the-domain-in-question.com", the IP address of which was defined in a separate A record. After this, Mr. Anonymous's e-mail wasn't consistently reaching the mail server anymore. Some external servers were no longer finding the mail server. The problem turns out to be that when a server has a CNAME record some sending mail servers will attempt to connect to that and not to the server pointed to by the MX record. So in the example, the outside mail was being sent to the web server, which of course didn't respond to it. The problem, says Ferris, is in an ambiguity in RFC 2821. They have a point. The SMTP standard seems to recommend against mixing CNAME and MX records, but it doesn't prohibit it, and it's unclear on how the server should behave when it finds both. Bottom line: Don't mix them.

8 ways to fight spam filter frustration

Wed, 06 Aug 2008 20:00:00 +0000

Spam. It fills our in-boxes, wastes our time and spreads malware -- and it's only getting worse. According to Ferris Research, which studies messaging and content control, 40 trillion spam messages are expected to be sent in 2008, costing businesses more than $140 billion worldwide -- a significant increase from the 18 trillion spam messages sent in 2006 and the 30 trillion in 2007.

Will Retention Policies Go Away?

Wed, 21 May 2008 12:26:50 +0000

If you listen to lawyers talk about it, corporations have every right to establish document retention policies, including the destruction of documents, in the normal course of business. In my interview with Judge John Facciola of the DC Circuit he was clear about this, while pointing out that a document hold over pending litigation changes matters of course. But such policies may be more trouble than they're worth. As David Ferris of Ferris Research argues, the very small, and diminishing cost of storage makes it a tough choice to try to enforce such policies. It's easier and maybe even cheaper to get a policy of retaining everything right than to get your own retention policies right, and to implement them consistently. He actually predicts that most organizations will abandon retention policies. (The blog then inexplicably ends with three bulleted reasons not to abandon them.)