Netblock - Relationship - Domain Theory
Do you make business trust decisions on factors such as how long a company has been in business, knowing their location, how stable they seem, and who partners with them?
The Outbound Index applies this traditional business logic to sorting inbound email, using existing criteria:
- Is this server's netblock secure and stable?
- How long has the sender's domain been around? (For example, if the sender is "joe@example.com," when was "example.com" registered?)
- Does the domain have any kind of relationship to the server this email is coming from?
The simple logic described above is used by the Outbound Index to separate email sent by stable, identifiable senders from email sent by those who operate in the shadows.
In general, illegal emailers hide and move. Legit business emailers, on the other hand, tend to move rarely, and have superior security, stability, and longevity.
If a stable, identifiable emailer makes illegal use of the email system, they can be found and dealt with by the legal system. Such mail can rejected meanwhile because they continue to send from the same IP addresses using the same domain.
The table below illustrates how the Outbound Index discerns a phishing attempt which forges the USBank?.com domain, from a real email from USBank?.com servers:
| Outbound Index query responses |
|
SIQuery: dn=usbank.com ip=81.196.145.78 SIQ-Report: pass=NO score=0 ipscore=0 rship=F longevity=T SIQuery: dn=usbank.com ip=170.135.240.62 |
Two more examples, contrasting an established and clearly identified business vs an unknown:
| Outbound Index query responses |
|
SIQuery: dn=accenturewilm.com ip=67.96.240.150 SIQuery: dn=green-farm17.com ip=66.17.207.75 |
However, some spammers do a pretty good job of looking like a legitimate business sender, and a few legitimate senders accidentally do a good job of matching the habits of spammers. Common examples of this are "special offer" emailers which use throwaway domains/servers, legitimate senders engaging in "non-malicious forgery," and legitimate senders whose users have their email forwarded.
- Special offers. Special Offers can be tagged for rejection or sorting to a Special Offers folder depending on recipient preference. Keeping special offers out of the recipient's inbox maintains business productivity; the recipient chooses when to devote time to perusing such offers.
- Non-malicous forgeries. These messages can be classified as acceptable by the Outbound Index, based on the security, stability, and identifiability of the sending server. For example, jane@example.com sends her daughter a copy of an Expedia.com travel itenerary. The email comes from the smtp.expedia.com server instead of Jane's own smtp.example.com server. "Send my friend this article" websites such as the Washington Post, or eBay's "Ask seller a question", are other examples of "non-malicious forgery".
- Verified And Recipient Authorized. VARA is a simple, workable solution for both anti-phishing and inbound forwarded accounts. A simple VARA test on your inbound server insures delivery of all email from externally forwarded accounts. See details here.
Does the world need to agree on adoption of a single email authentication method?
The Outbound Index already recognizes relationships based on designated sender schemes such as SPF. But more importantly, it can recognize millions of existing relationships between domains and their servers, without penalizing those whose outbound servers can't be adequately described in a DNS TXT record, or who choose not to participate in Sender ID.
Using traditional business sense, the Outbound Index approach is solving the inbox productivity problem for users right now. At the same time, it eliminates the need to engage in an "arms race" with spammers. Instead, the Outbound Index adheres to a methodical process, taking advantage of pre-existing characteristics—inherent to and inseperable from—spammers and legitimate businesses.