Category Archives: Servers

Improving MX

In recent months, DMARC has become increasingly mentioned in the news as a way to reduce spam, improve email deliverability and reduce the potential for fraud and phishing.

  • In early 2017, UK National Health Service required DMARC as the default for email services.
  • In July, a US Senator Ron Wyden sent an open letter to the US Department of Homeland Security requesting the agency take steps to protect all Federal agencies with DMARC.
  • In August, the UK’s HMRevenues & Customs announced that it had stopped over 300k phishing emails using DMARC.
  • In October, the US Department of Homeland Security directed Federal agencies to adopt security technologies like DMARC.

With all this attention, businesses are starting to realize that adopting DMARC helps them in two ways:

  • Inbound – using DMARC to screen incoming emails for compliance can limit your company’s exposure to fraud and phishing emails, scams and malware.
  • Outbound – sending email that is DMARC compliant can improve email delivery to your customers and limit the potential negative impacts of 3rd parties that try to use your domain for fraud or phishing.

How does DMARC work for outbound email?

DMARC works in conjunction with two other technologies: SPF and DKIM.  SPF allows you to designate 3rd parties as legitimate senders for your domain.  More on SPF here. DKIM allows you to take responsibility for your email by cryptographically signing your email.  SPF, DKIM and DMARC use DNS records to specify the IP addresses, domains and security keys for your particular configuration.

DMARC requires both SPF and DKIM to function properly.  Once you setup SPF and DKIM you can setup DMARC to get information on how your outbound emails are performing – whether or not emails coming “from” your domain are compliant with the definitions in your SPF and how many of your emails are compliant with DKIM.

With a DMARC record, you specify an email address for aggregate feedback about your SPF and DKIM compliance, an email address for specific forensic feedback related to failed emails and how email that fails compliance should be handled by the recipient – ignored, quarantined or rejected.

How do you improve your DMARC Compliance?

DMARC Compliance is based upon SPF and DKIM compliance rates.  In order to improve your outbound DMARC compliance and therefore your email delivery rates, you must:

Setup DMARC with both RUA and RUF

RUA and RUF designate email addresses where you can receive summaries of authentication and alignment pass/fail and detailed forensic information on failed emails.  As this is the only way to receive feedback, setting up these email addresses is extremely important.

Monitoring your DMARC Feedback

Inbox providers will respond to these RUA and RUF tags by sending summaries.  Unfortunately, the summary digests and forensic details are not quite human readable.  If your outbound email volume is over a few hundred emails a day, you need to consider some way to decode these digests.

Act on DMARC Forensic Responses

DMARC forensic reports provide you with detailed information about the emails that have failed SPF, DKIM and DMARC checks.  You can use this information to investigate threats to your brand or problems with your 3rd party emailers.

Summary

The best way to improve email delivery is to adopt new technologies SPF, DKIM and DMARC. With the right tool, you can keep tabs on your email configuration, understand the threat to your brand, and improve email delivery.

Containerd is essential to Docker Engine. It's been used in Docker since version 1.11. This new open-source version is meant to be used as an open, stable, and extensible base for building non-Docker products and container solutions.

Specifically, containerd can be used to transfer container images, container execution and supervision, low-level local storage, and network interfaces across both Linux and Windows. If this sounds familiar, it should. The Linux Foundation's Open Container Initiative (OCI) was meant to create a vendor-neutral container Runtime Specification and Image Specification.

Even though Docker is not releasing this project under the OCI, the company claims containerd fully leverages the OCI runtime, image format specifications, and OCI reference implementation (runC). Eventually, Docker plans to pursue OCI certification.

"This is the result of months of close collaboration and input from thought leaders in the Docker community," said Solomon Hykes, Docker's founder and CTO in a blog post. He continued:

We think it will unlock a whole new phase of innovation and growth across the entire ecosystem, which in turn will benefit every Docker developer and customer. Docker's focus has always been on solving users' problems first and then spinning out the plumbing projects that address those challenges along the way. We are excited by the support that the containerd project is getting from the leaders in the industry and we know their backing of resources will fuel the growth of this collaborative project.

Historically, Docker has open-sourced its programs after working on them in-house at first. Examples include libcontainer. libnetwork, and  runC, which donated to the OCI.

In the case of containerd, the plan is to make sure it has limited feature scope. The goal is to create a "boring" infrastructure plumbing component shared across all container systems and leading orchestrators. The project will follow a community-defined release process that emphasizes quality over new features and will be branded separately from Docker to avoid undue benefit from a single commercial entity.

Spam hardly needs an introduction. Anyone with an e-mail account knows the acute frustration of being inundated with offers of pills from virtual pharmacists, financial propositions from Nigerian princes and pictures for fetish sites that really, really shouldn't exist. Spam has even gone beyond e-mail: like kudzu, it adapts to clog whatever online inbox you might choose. On Oct. 30, the social-networking site Facebook won a $711 million judgment against the self-proclaimed "Spam King" Sanford Wallace. Wallace, a professional e-mail marketer from New Hampshire who also likes to be called Spamford, used ill-gotten passwords to surreptitiously log into user accounts for the purpose of sending advertisements to their list of friends. But Wallace isn't alone. Despite myriad legal and technological attempts to combat it, spam will cost firms an estimated $130 billion worldwide in 2009 in lost productivity and technical costs, according to Ferris Research.

Though it wasn't called spam until the 1980s — the term comes from a Monty Python sketch set in a cafeteria, where a crowd of Vikings drowns out the rest of conversation by repeatedly singing the name of the unpopular processed meat — the first unsolicited messages came over the wires as early as 1864, when telegraph lines were used to send dubious investment offers to wealthy Americans. The first modern spam was sent on ARPANET, the military computer network that preceded the Internet. In 1978, a man named Gary Turk sent an e-mail solicitation to 400 people, advertising his line of new computers. (Turk later said his methods proved so unpopular that it would be more than a decade before anyone would try again.) In late 1994, Usenet — a newsgroup precursor to the Internet — was inundated by an advertisement for the immigration-law services of Laurence A. Canter and Martha S. Siegel. Despite the ensuing outcry, the lawyers defended their practice, called their detractors anti–free speech "zealots" and wrote a book about the practice titled How to Make a Fortune on the Information Superhighway. Pandora's Box had been opened.

Now spam comprises the vast majority of e-mail messages sent — 78% of the 210 billion e-mails sent each day, according to one estimate. And 93 billion of these manage to get past the technical defenses like spam filters and blacklists. E-mail programs have gotten smarter, but spammers stay one step ahead, using disposable e-mail addresses and sending messages from farms of different computers around the world to avoid being blocked. The garbled text spammers load their messages with to get past e-mail filters sometimes approaches poetry: sites like spampoetry.org chronicle lines like "Confirm you won fund/ You get it without paying/ Urgent attention"

And that's just e-mail spam. The growth of sites like MySpace and Facebook has opened up a whole new subindustry for spammers, who trick users into surrendering their passwords and then use their accounts to plaster advertisements everywhere. Automated spam programs attack instant-messenger conversations too, randomly generating screen names and sending messages in the hopes they'll find someone on the other end. Bloggers aren't safe, either — makers of the spam-filtering tool Akismet estimate that 93% of comments on all blogs are spam; their software has caught more than 13 billion so far.

With so many different technological avenues for spamming, the best solution might be a legal one. In 2003, the U.S. passed the CAN-SPAM Act, which gives the Federal Trade Commission some regulatory power to curb spammers. CAN-SPAM regulations require that any commercial messages provide a means for recipients to opt out, prevent the modification of e-mail headers to hide the identity of a sender and stop the use of e-mail addresses harvested from the Internet without permission. Still, there's a very clear loophole: nowhere in the CAN-SPAM regulations does it say that spammers need your permission to send you an e-mail.

High-profile judgments like the one against Wallace are the exception to the rule; the majority of spammers go undiscovered and unpunished. Wallace, who already had a $230 million judgment levied against him in a case brought by MySpace last year, has already filed for bankruptcy; the judge in the Facebook case referred the Spam King to federal court to face additional charges, which could carry a prison sentence. The penalties combined are by far the largest ever for spamming — Facebook won an $873 million judgment against a spammer in 2008 that is the largest single penalty — but it's unlikely to prove much of a deterrent. With busts so few and far between, the overwhelming majority of spam messages (some estimate as high as 99.8%) don't comply with CAN-SPAM. And trade groups like the Direct Marketers Association are already trying to weaken CAN-SPAM's regulations. Absent new legislation or divine intervention, expect spam to remain the Internet's greatest annoyance.