A Look at Past, Present and Future of Email Reputation Systems

“Reputation, reputation, reputation! Oh, I have lost my reputation! I have lost immortal part of myself, and what remains is bestial.”

--Spoken by Cassio, in Shakespeare’s Othello (circa 1602)

Though written over four centuries ago, sentiment behind these words still holds true – you’re nothing without your reputation. Every day, different reputation systems dictate who you are to those who don’t know you. To lenders, you’re a credit score. To insurance companies, you’re a calculated risk. And now, thanks to next generation of reputation systems, you’re an IP score.

For obvious reasons, spammers, phishers and virus writers would prefer to hide their identities. They use countless techniques to disguise themselves with intent of sneaking into your enterprise inboxes, robbing you blind or hijacking your network – or both.

On other hand, those who would fight these senders are well served to know who senders are and what they’ve been up to. To that end, email reputation systems are used to figure out what sort of behavior senders have demonstrated in past and make educated predictions of their future behavior, for better or for worse.

Content Inspection Is Not Enough

Unfortunately, many enterprises rely on an email security solution based solely on message content; understanding source of a particular message never enters equation. While this approach is moderately effective when dealing with messages that contain specific spam identifiers, it is completely ineffective at stopping spam that employs techniques not yet seen.

Email Security with Reputation

A comprehensive approach to email security involves examining both message content and sender history. By evaluating senders based on their past behavior, a more accurate picture of their intentions and legitimacy can be discerned. Has sender engaged in spamming, virus distribution or phishing attacks? If they have, an effective reputation system knows and flags message. Has sender even been seen before? If not, a reputation system should pay close attention to ensure that sender is not a “zombie” machine being controlled remotely by a hacker.

First-Generation Reputation Systems

In “early days” of spam (circa 2001), simple blacklists and whitelists seemed like an appropriate response to nuisance messages that had begun to show up in inboxes around world. Blacklists contain IP addresses of known spammers, phishers and virus senders; whitelists contain IP addresses of senders known to be legitimate. Referencing these lists allowed companies to filter a segment of their total mail flow, briefly curbing onslaught of spam messages. However, their shortcomings were exposed relatively quickly.

The very nature of whitelists and blacklists makes them manual by default. In order for a list to be updated, all messages (both wanted and unwanted) must first be received by an end user and then manually reported to a system administrator. With this sort of end-user reliance, it’s easy to see why glory days of list-only reputation systems were short-lived.

This is last of a five-part series on Maximizing Email Security ROI.

Throughout ages, people have encrypted communications to suit their information security needs.

In 1st century B.C., Julius Caesar didn’t trust couriers who carried his messages to trusted acquaintances. So, he replaced every A with a D, every B with an E, and so on, all way through alphabet. Only those who knew Caesar’s shift-by-three rule could decipher his messages. Over 2000 years later, we’re still trying to protect our messages from prying eyes (If you have not read CipherTrust's white paper on Privacy Architecture, you can download it free here).

In Information Age, email is primary method of communication for businesses around world. While email has become a mission-critical application, it also raises important privacy and security concerns. Sensitive personal and business communications are vulnerable to prying eyes of hackers, industrial spies and others who would love to have access to information not intended for them. Because of these risks, businesses are realizing value of encrypting their email communications to protect vital information while in transit from origin to destination.

Asset/IP protection

Enterprises that fail to adequately protect information in transit across Internet risk revealing their most vital secrets. Each unencrypted email exposes sensitive data – from confidential financial and product information to legal contracts to files that include personally identifying information such as Social Security numbers, birthdates, credit card numbers and bank account numbers.

Failure to encrypt email communication is akin to sending a digital postcard into cyberspace. Sure, there’s a chance that it will reach its destination without crossing a snooping pair of eyes, but there’s also a chance that it won’t. You wouldn’t send a postcard with your vital trade secrets, financial data and customer information on it, so why would you send an unencrypted email containing same?

Compliance and Liability