Today organizations and individuals are bombarded by vast amounts of Internet and email “pollution”. Spam, worms, phishing attacks, spyware, adware, email address spoofing, and other types of network pollutants are ever increasing. For example, in some cases spam can account for as much as 75-80% of inbound email. Tremendous amounts of time, money, and productivity are spent every year attempting to filter out and stop pollutants in inbound email, Today, firewalls, anti-virus, anti-spam, and anti-spyware software, for example, absolutely must be installed and updated frequently if an enterprise's network and computing infrastructure is to remain up-and-running. Unfortunately, the content filtering of inbound email and other Internet communication is a costly, and often ineffective approach toward protection from network pollutants.
One problem related to email pollutants is the inability to determine the authenticity or the identity of the sender of email messages. Email message “from” addresses are easily spoofed, allowing the sender to masquerade as someone else. The sender can attach harmful malware (e.g., worms, viruses, spyware) to the email message, insert hyperlinks to false web pages (e.g., phishing), or others. The recipient of a spoofed email, believing the email is sent by a trusted acquaintance, may open a malware attachment and unleash a worm or virus into the recipient's system, or enter personal information at a false web page, only to have the recipient's identity stolen by the spoofer.
Filtering inbound email involves attempting to identify email messages with potentially harmful content or attachments. Due to the increasing volume, scope and evolution of email pollutants, the current reliance on content filtering to identify these threats continues to be a costly and technological challenge. Network threats are continually bombarding enterprise networks, and continually adapting to get around the filters that are put in place. Filtering inbound network traffic is a never ending process of upgrading to new filtering mechanisms to ward off new threats. Filtering inbound email is therefore reactionary, whereby enterprises must always be reacting to new variations and evolving threats.
Filters of spam and other email content often generate false positives and filter out “good” email. Content filtering inaccuracies can often disrupt the delivery of a legitimate email message by sidelining, quarantining or halting delivery all together. Additionally, the sender of the legitimate email often has no way of knowing whether the email message reached the intended recipient, or was filtered out without delivery. A bounce message may be generated, but bounce messages are often not very descriptive of the circumstances surrounding the bounce. A bounce (also bounce message, non-delivery report, or delivery status notification), is an automated electronic message from the receiving party's inbound message system which notifies the sending party that the message could not be delivered to one or more intended recipients. In cases where email “bounces”, a non-delivery report is generated; however, the reason for the non-delivery cannot be easily determined and the sending party's IT management has no systems in place for reporting the failed email messages. Additional deliverability concerns arise due in part to the fact that email messages often hop through unreliable store-and-forward gateways in route to their destination.
Another problem relates to a characteristic of public Internet application gateways, in that these gateways must receive whatever email or other data are sent to them. As such, corporate email gateways are susceptible to denial-of-service” (DoS) attacks. DoS attacks can come in different forms, such as flooding, but all DoS attacks are intended to force the victim to reset or consume its resources so that they cannot perform the intended service and/or obstruct communication between the victim and those attempting to communicate with the victim. The combination of spoofed or forged email envelopes of spam messages often produces bounce messages which are sent erroneously to the masqueraded victim. These “bounce attacks” can flood an email gateway, interrupting critical business communication.
The reflection of the technical problems arising from polluted incoming email is the damage to enterprise reputation as a result of polluted outgoing email. Polluted email with an enterprise domain name may be sent intentionally or unintentionally from the enterprise network, thereby damaging the reputation of the enterprise. A “bot” or “Trojan horse” may become resident on a computer within the enterprise and begin spewing out polluted email messages. Alternatively, a user with malicious intent inside the enterprise may send polluted email from the enterprise. Whether intentional or unintentional, pollution emanating from an enterprise network damages the reputation of the enterprise, which in turn can adversely impact community image, sales, web page hits, supplier relationships, and the like. That said, today's enterprise must contain outbound pollution originating from their networks to ensure successful deliverability of their outgoing email.
Additionally, the majority of most business communication sent over email is transported in plain text over the public Internet and sometimes through intermediate third-party gateways. There is no guarantee to either the sender or the recipient that the email will not be intercepted in transit.
It is with respect to the foregoing and other problems that embodiments of the present invention have been made.