180 likes | 350 Views
5 September 2014. Supplemental Address Management System (SAMS). Complementing Traditional Email Security Methods by using Non-Disposable Addresses to Stop Spam and Other Malware. Fundamental Insights. Two email addresses are better than one
E N D
5 September 2014 Supplemental Address Management System (SAMS) Complementing Traditional Email Security Methods by using Non-Disposable Addresses to Stop Spam and Other Malware
Fundamental Insights • Two email addresses are better than one • It’s harder to control spam with a single address • Bad actors exclusively share your address with other bad actors • Good actors never knowingly share your address with bad actors
Supplemental Address Management Systems • Address to Inbox cardinality of “many-to-one” • Goal is for the greatest percentage of legitimate messages to arrive without being filtered • Supplemental addresses provide additive and complementary benefits to any other security approach when combined
Address-Specific Policies • Public – No filtering • Protected – Filter • Disabled – Block all
Blended Model Benefits • White listing • Same rate of accuracy • Off-list incidence reduced by close to promotion percentage • Development of the white list becomes a finite exercise • Content-filtering and Corpus-Driven Models • Same rate of accuracy • False positives reduced by close to promotion % • Corpus can be automatically fed with precision from other blended model combination(s)
SAMS using White Listing • Near 100% elimination of spam • Content-independent • Phishing is not a problem • Foreign language spam and all graphic spam are not a problem • Mistakenly blocked messages are not a problem • Does not require challenge/response • Can be combined with content-based filters
SAMS vs Disposable Addresses • Disposable Email Addresses (DEA) • Low value, short life span substitute addresses • Use DEAs to keep spam from higher value addresses (mailbox) • Supplemental Addresses • High value, permanent additions to the Inbox • Use SAs to distinguish legitimate mail from spam, and to bypass unnecessary stages of filtering
Address Magnification • Address-on-the-fly (AOTF) • Naming convention used for instant disclosures • Rate limited over time • Highly valuable convenience for users • Automated AOTF • A second supplemental address for new dialogs (partial automation) • New supplemental addresses for each correspondent when appropriate (full automation)
Standard Control Panel Reflexion Control Panel To: sue.nehomes@ispdomain.net From: orderconfirm@nehomes.com Blockmessages from this sender You received this message because the sender is using the correct supplemental address assigned by Reflexion. Address Sharing Control Panel Reflexion Control Panel Blockmessages fromthis sender Stop sharing of this address outside of nehomes.com To: sue.nehomes@ispdomain.netFrom: sales@products.com You received this message because orderconfirm@nehomes.com shared your email address. Form Factor
Database • Enterprises • Users • Supplemental addresses • Correspondents • Message history • Default values and policies for new users, addresses • Collections (groups, roles, departments)
Beyond Anti-Spam • Day zero virus benefits • Novel active and passive defensive modes • Context and integration to email for any application
Lessons Learned about SAMS • Improves performance over time • Very low maintenance • Reduces stress on users and infrastructure • Metrically, more addresses are better than fewer • Pre-use concern about SAs must be allayed • It’s sticky • Users are not resistant to slight changes in behavior • In combination with white listing, delivers a pristine Inbox experience requiring very little maintenance
5 September 2014 Questions?
Day Zero Virus Example Actual Customer Data. The graph shows a surge in undesirable mail due to the onslaught of the Sobig.F virus. The added layer of virus protection from the address-based defense complemented the anti-virus gateway, specifically during the "window of vulnerability" -- the time when infected messages arrive before the update of the AV definition -- when most of the economic damage occurs.