Press Release - For Immediate Release
IronPort Study Finds More Than 50% of the Fortune 500 Report Bounce Attacks, Costs Estimated at $5B Annually
IronPort Threat Operations Centers Finds Email Traffic Emergency; Spam "Bounce" Messages Compromise Networks
SAN BRUNO, Calif. - April 24, 2006 --IronPort® Systems Inc., the leader in gateway security, announced today the results of study by analysts at the IronPort Threat Operations Center, addressing the costly and growing issue of misdirected 'bounce' email messages. The study, Internet Email Traffic Emergency: Spam "Bounce" Messages are compromising Networks, was written by IronPort analysts after examining global email traffic patterns using IronPort's unique SenderBase® traffic monitoring network which monitors over 25 percent of the world's Internet traffic. The study is available at www.ironport.com/bouncereport.
Key findings from the study include:
- Bounce messages make up 11 percent of all "hostile mail" -which includes spam, viruses and phishing emails;
- Less than .5 percent of bounce messages make it through to end-users;
- IT help desk associated costs on bounce messaging exceeds US $5B per year;
- More than 50 percent of the Fortune 500 corporations have experienced mail service outages or delays because of misdirected bounces targeting their networks.
Another Insidious Ploy by Internet Criminals
Nearly every email user has had the unnerving experience of receiving a notification from some corporation or ISP saying, "the message you sent could not be delivered because it contained a virus". But, on closer inspection, this notice came from some address that the user has never heard of or never sent mail to. Concerned that their machine has been compromised by one of the many email borne computer viruses, users will often contact their corporate IT support team for assistance. Most of these help desk calls are unnecessary because the message the end-user received was a misdirected bounce, another insidious ploy by criminals polluting the Internet with spam, viruses, phishing and spyware.
An email bounce message is an email notifying a sender that their message was not delivered for some reason. If a sender mistyped a person's address, they may receive a bounce notification telling them that their message was not delivered. Such notifications are integral to how email works, very similar to the return of a postal letter that was not deliverable. However, there is a fundamental flaw in the email protocol itself that allows a return address to be forged. So, any attempt to return a message to a forged return address will result in an unwanted, and often times bewildering, email bounce message being delivered to the unsuspecting email-user whose name was fraudulently called out on the original email's return address.
Bounces are Polluting the Internet--SenderBase Sees through the Smog
Traditional filters look primarily at the content of an email message, but this approach has declined in its effectiveness in the face of new types of threats that employ new tactics. IronPort Email Reputation™ technology broadens the context in which a message is evaluated, improving catch rate and accuracy. Today's more sophisticated threats make extensive use of URLs in an effort to thwart existing defenses. To combat these threats, IronPort has applied the concept of reputation to email's cousin—the Web. IronPort's Web Reputation™ technology tracks over 45 different network parameters to accurately evaluate the reputation of a given website.
Bouncing Away $5B
Email has become the most important form of business communication. Every day, billions of dollars in transactions take place via email. Consequently, a wide-scale outage caused by misdirected bounces can destroy billions of dollars of value in an instant. It is difficult to quantify the cost of the disruption, but not hard to estimate the magnitude in billions of dollars. However, in addition to the soft cost of service disruptions, there are clear hard costs associated with misdirected bounces.
The study published by the IronPort Threat Operations Center measured the volume of misdirected bounces traversing the Internet. These bounce messages make up a shocking 11 percent of all "hostile mail" -which includes spam, viruses and phishing emails. Only a tiny fraction of a percentage of these messages makes it through to end-users. The cost of the associated IT help desk actions exceeds $5B per year.
Secure Bounces
IronPort has developed a unique technology that attacks the problem at its core. IronPort's secure bounce technology will only issue a bounce message to senders with a demonstrated history of trustworthy behavior. This unique technology relies on the sender's reputation score as measured by IronPort's SenderBase Network. SenderBase, the world's largest traffic monitoring network, measures the sending patterns of every sender on the Internet and creates a reputation score. IronPort's C-Series™ email security appliances use this score to determine whether or not to issue a bounce to a given sender.
Restoring Trust to the Internet
Secure bounces using email reputation is just the latest innovation from IronPort around reputation systems. IronPort invented the concept of reputation-based filtering to stop spam three years ago, when it first launched SenderBase. IronPort then used the SenderBase Network to identify virus outbreaks an average of 14 hours ahead of traditional AV technology. IronPort more recently introduced its Web Reputation innovation, tracking the behavior and trustworthiness of webservers.
"Spam, viruses, phishing and spyware are all conspiring to erode the user confidence in the Internet," said Tom Gillis, SVP of Marketing at IronPort Systems. "Our mission at IronPort is to restore the trust in the Internet experience. Our secure bounce technology takes another step forward in this mission, by eliminating the scourge of misdirected bounces."
IronPort's Secure Bounce technology is available now for all IronPort customers worldwide, and is integrated into the latest release of IronPort's AsyncOS™ operating system. More information on secure bounces and IronPort security appliances can be found at www.ironport.com.
About IronPort Systems
IronPort Systems is the leading gateway security provider for organizations ranging from small businesses to the Global 2000. The company has developed a family of security gateway appliances, including the IronPort C-Series email security appliance, and the IronPort S-Series Web Security Appliance. All IronPort application-specific security gateway appliances offer breakthrough performance, and utilize SenderBase®, the world's largest email and Web threat detection network and database. For more information on IronPort products and services, visit: http://www.ironport.com/.
Press / Analysts
If you are a reporter or analyst and want more information on IronPort Systems please contact:
David Oro at (415) 885-9898 or dto@theorogroup.com
Suzanne Matik at (831) 479-1888 or smatick@earthlink.com
