Browse

Tag: security

Using ARC to work around DMARC’s forwarder issues

Authenticated Received Chain (ARC) is a proposed standard that have been developed to help address issues with DMARC and certain forwarders, such as mailing lists. It defines a standard for how to pass authentication results from one intermediary to another, making this information available to the recipient system. It works even in the case of multiple intermediaries, a.k.a. a chain.

DMARC verifies the sender authenticity, as specified by the RFC5322.From header domain name, using SPF and DKIM. Certain indirect email flows such as mailing lists break this by altering the message, while maintaining the original From header. It causes issues for both senders that publish a DMARC policy, and receivers that verify DMARC. The two large mailbox providers AOL and Yahoo published a p=reject DMARC policy for their domains in 2014, causing some disruption for senders on those domains. It occurred when emailing recipients on mailbox services that verifies DMARC via for example mailing lists. This was, and still is, remedied by ad-hoc solutions.

ARC in itself isn’t a reputation system. The specification doesn’t define how the reputation of intermediates should be tracked, nor how public lists should be operated. In other words, as a recipient mailbox provider you still have to operate such systems in order to make use of the information that ARC provides. DMARC.org announced ARC at a M3AAWG meeting in Atlanta, 2015, where it’s been a frequent topic ever since.

include "authentication.header";
include "authentication.arc";

$chain = ARC::chainValidate();
if ($chain["status"] == "pass" or $chain["status"] == "none")
{
	ARC::seal(
			"201805", "example.com", "pki:arc",
			$chain,
			AuthenticationResults()
				->SPF(["smtp.client-ip" => $senderip])
				->DKIM()
				->DMARC()
				->addMethod("arc", $chain["status"], ["header.oldest-pass" => $chain["oldestpass"] ?? "0"])
				->toString()
		);
}

 

We have just released an implementation for ARC (draft 14) on Github, which supports both verification and (re)sealing. It’s written in Halon script, and we’re using it on our own domain to start with. If you’re interested in taking it for a spin, just let us know.

We attend Security Roundtable in London May 24th

The very successful Security Roundtable meetings, also known as TES meetings, are continuing. This time it brings us to London, Great Britain on May 24th.

The meeting will revolve around DMARC, DANE, email encryption techniques, password protection and SMTP transport protection. This time we won’t be speaking, but Vittorio Bertola, Head of Policy and Innovation at Open-Xchange has assemblied a great line-up. The meeting is an exclusive invite-only event for people working with email infrastructure issues.

Release 4.6 “Curry” – with outbound anti-spam

You probably know from before that Halons scriptable SMTP server enable email providers to avoid blacklisting and increase deliverability. The 4.6 release, “Curry”, contains Cyren’s outbound anti-spam (OAS). In combination with our cluster-synchronised rate limit function, it provides incredibly effective and accurate abuse prevention. Just like their Cyren’s inbound anti-spam, OAS uses a hash-sharing technology called recurrent pattern detection (RPD) that identifies outbreak patterns. It’s designed to detect spam from internal sources rather than external, and doesn’t report/contribute any signatures since it could blacklist your own infrastructure.

With the flexibility of scripting you can determine customer/sender identities accurately even in mixed traffic. This is used as identifier for rate limits based on classifiers such as Cyren’s OAS, delivery failure rate, queue size, etc. By using IP source hashing and alternative IPs for suspicious traffic, deferring obvious abuse and controlling connection concurrency, you can achieve high deliverability with minimal administration.

The 4.6 release comes with many additional features and improvements. It adds SNI support to the TLS functions. The Monaco-based code editor now have additional code completion, built-in documentation, tabs, and a mini-map.

For more information on the release, see the full changelog on GitHub. If you want to try Cyren’s outbound anti-spam, contact our sales team.

Anders Berggren speaker at Driving IT in Copenhagen

Driving IT, on November 3rd in Copenhagen, is a conference that gives a unique insight into the world’s constant changes in IT and development. The host IDA is The Danish Society of Engineers.

IDA Universe wants to strengthen knowledge exchange and personal and development for professionals who engage in technical and science subjects at a high academic level.

One way of doing this is the Driving IT conference, where Halon CTO Anders Berggren will be speaking. His topic is ”The state of email encryption”, addressing the fact that standards such as DANE and MTA-STS are becoming competitive differentiators.

Are you in the Copenhagen area? Get your ticket!

Better spam protection in Mölndal – thanks to Halon

Mölndals Stad (Mölndal municipality) has approximately 5000 employees and 10 000 students. In 2010 the IT department decided that 15 000 inboxes needed a new spam protection.

Anders Westerberg, now Head of IT Security in Mölndal, had built an open-source based solution that worked well. But for Annika Samuelsson, Head of IT development and maintenance, it was clear that they could not go on using a solution that only one person knew how to operate. Together with Anders she investigated possible replacements that could fulfill their wishes, and Halon caught their eye. The Halon software was then newly introduced to the market, and they saw an advantage in the company being open to a dialogue around how the product could be tailored to fit their needs.

The focus was of course on abiding by laws and regulations. Email sent to Mölndal municipality becomes public record and must be archived, even if it’s just spam. Stopping the email before it enters their system saves them that burden, and it’s also the procedure recommended by the organisation SKL (Municipalities and Country Councils of Sweden). Before implementing Halon, Annika and her team handled all spam quarantine, something that is now in the past. With the ”bulk” feature, an email manager will get a report on all blocked unsolicited email.
– The result is very satisfying, says Annika Samuelsson

Introducing Halon was a quick process, and even though most of the work was done in-house they received some help from Halon support staff to do the fine tuning. Since becoming a customer, they have reached out a few times to address spam issues.
– There have been incidents where we get spam that passes through the filter. But it’s always been very easy to get in touch with Halon and resolving the issues. Once it was actually as easy as a misunderstanding on which users that could report spam.

Mölndal municipality are subject to public procurement, and regularly has to compare their system to market competitors. But they have yet to find a product that solves their problems as effectively and smooth as Halon.
– We feel very comfortable with what Halon provides us, and we would definitively 
recommend it to other governmental businesses.

Download Mölndals Stad Case Study as pdf document.

Time-of-click protection against ransomware, malware and phishing

Time-of-click protection adds an extra layer of security to protect email users from accessing malicious content. Attacks including malware, ransomware and phishing are becoming more common and more sophisticated with every day, along with users keeping more sensitive information. 

With an additional time-of-click protection, Halon will classify links in email every time it’s clicked, before allowing or denying the user to visit it. This means that if the scammer waits two minutes or two months with infecting the site, the user will still be protected when he or she chooses to click the link. It’s the extra layer of security that won’t allow you to visit infected websites by way of a link in an email protected by Halon.

Features

  • On-premise or hosted cloud
  • Front/backend architecture for high availability
  • Multi-tenant with companies and users
  • Supports branding
  • Multiple detection engines
    • CYREN
    • Sophos
    • Google Safe Browsing
    • ISITPHISHING.org
    • Spamhaus
    • SURBL
    • URIBL
    • PhishTank
  • Optional click history
  • Black/whitelisting

Time-of-click protection is an add-on to Halon SMTP software, and we recommend that you extend your license to include it. Pricing is set per user, with volume-based discount. If you are already a Halon customer, contact your sales representative, or send us an email for your quote.

Dude, where’s my email?

Ensuring high deliverability in email is no walk in the park. As a high-volume sender of email, there are many things to take in consideration, especially with cybercriminals keeping a fast pace in innovation.

Make no mistake, deliverability is of highest importance to anyone sending email, let alone the high volume senders. When you get the information from your servers that a certain percent of sent emails were accepted by the receiving servers you still have no idea what happened after that. No confirmation of emails actually reaching inbox means they might just as well be laying in the spam folder. The SMTP transaction is logged as ”250 OK” as long as the server didn’t reject the email. To make matters even worse, different ISP’s may treat email differently, putting more responsibility on the sender to do their homework as neat as possible.

Pay attention to encryption, as it no longer is as security measure only for the selected few, but becoming the standard. TLS/SSL and DANE are your friends and will keep your information private.

Be protective of your IP addresses reputation, they can make or break your deliverability. ISP’s acts as proxies for recipients, meaning they will take reputation very seriously. Take in consideration that sending unsolicited email may harm your IP reputation, and authenticating your email with SPF, DKIM, and DMARC will help keep out scammers who are most often ahead of ISP’s and senders technology.

Email Security Roundtable in Zürich, Switzerland

To email hosting and service providers in or around Switzerland, we kindly invite you to join an intimate group of Cloud and Telco VIPs for an exclusive Email Security Roundtable to introduce you to the Trusted Email Services (TES) initiative. Date: Thursday, September 21, 2017, hosted by Open-Xchange.

TES was launched as an industry e ort to raise awareness around email security threats and promote the deployment of innovative technologies to address them, including encryption and DNS-based mechanisms such as DNSSEC, DANE and DNS filtering. The discussion will deliver an insight into how internet service providers and software companies adopting TES guidelines and best practices can secure and qualify their services, comply with recent legal requirements (GDPR) and establish enduring customer relationships.

Interested in participating? Please contact Jonas Falck at [email protected] .

Beware of ransomware, read the cyberthreat report

Cyberthreats are real, with ransomware Petya being the latest example, following WannaCry and Locky. Take some time to read this high-quality report made by security technology company Cyren, courtesy of Halon.

Download Cyren Cyberthreat Report (pdf)

Table of contents:

  • The Rise of Ransomware
  • Ransomware by the Billions
  • Locky: Understanding 2016s Most Prolific Malware
  • How Ransomware Works
  • Evading Detection Through Adaptation
  • Ransomware-as-a-Service
  • Companion Ransomware: Two-Malwares-in-One
  • The Locky of 2017? Look Out for Jaff
  • The WannaCry “Ransomworm”
  • IT Manager Surveys in the US and UK: Ransomware is a Reality
  • An Interview with the Researchers Tracking Ransomware
  • Stopping Ransomware: Best Practices
  • Creative Ransom Demand
  • Cyren GlobalView Threat Trends Q1 2017

 

Download Cyren Cyberthreat Report (pdf)

Halon and Spamhaus in email security partnership

We are excited to announce that Halon now provides official integration with Spamhaus Technology anti-spam & threat data feeds (IP & domain blocklists). Both companies worked together to ensure that this new functionality would be simple to deploy while also scaling all the way from smaller systems to large ISP’s with millions of users and complex email flows.

We asked Simon Forster of Spamhaus Technologies to describe what benefits he sees in this collaboration:
“Spamhaus is looking forward to partnering with Halon to make email communications even safer for their clients. Coupled with Halon’s powerful scripting capabilities, it means clients can now prevent over 95% of spam and malware from getting into user’s mailboxes, without having to accept any data. Service Providers can instantly recover the cost of bandwidth, servers & storage typically lost to accepting and processing spam.”

The solution can also be used to block outbound spam which typically has links to fraudulent sites. Halon CTO Anders Berggren is equally excited:
“We’re thrilled to collaborate with the Spamhaus Technology team. They are the most recognized name in IP & domain blocklists. This partnership furthers Halon’s mission to offer the highest performing and most comprehensive messaging platform. Halon enables service providers to build innovative, secure and very cost effective email solutions, and Spamhaus is a great addition to our platform.”

Did you know this about spam?