Throttling solutions from IBM and Symantec

This isn’t exactly late breaking news, but Yahoo! posted an article on some new anti-spam technologies, entitled IBM And Symantec Look To The Sources To Try Slowing Spam, which gives a pretty good explanation of how IBM’s FairUCE and Symantec’s appliance-based traffic shaping technologies work. It is worth a read, particularly if you are still under the impression IBM is planning on “spamming spammers.” It is also worthy of a few comments.

The gist of FairUCE is spoof checking. “Return Path:” and “From:” domains are checked against domain registration information; email that doesn’t check out is queued up for a challenge-response. The key to this solution is front end efficiency – if you can’t check registration information (which may include entire Class C’s and more), then the system will eat up too much resources to be cost effective. This may become particularly challenging as IPv6 gains wider use (many more addresses will exist that have to be checked).

On Symantec, appliance-based throttling isn’t a full-fledged solution, but then again, Symantec doesn’t claim it is. Giving email that comes from “high-abuse” IP addresses less bandwidth isn’t much different from blocking DDOS and directory harvesting attacks. And where does the delivery backlog occur? Does the sender receive notification of what is going on, or does the receiver simply start dropping packets?

While neither option will reach widespread adoption for some time, we will just have to wait patiently for the jury vote.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.