Skip navigation

More About OS Haste; BATV

I received another reader perspective on OS release frequency that I'll share with you this week, then I'll briefly share some information about Bounce Address Tag Validation that I think will interest you.

The reader pointed out that many companies upgrade OSs at the same time they upgrade hardware. The reasons he cited for doing so are that sometimes it's more cost-effective to buy the OS through an OEM (typically along with the new hardware) and that many companies lack the centralized management required to upgrade OSs on old hardware in an efficient manner. A shorter OS release cycle doesn't matter that much to companies who synchronize hardware and OS upgrades.

His points make good sense, especially given that Windows Vista will require more powerful hardware than many people have available in their network environments. So some companies that want to take full advantage of Vista will no doubt upgrade to new hardware and Vista at the same time.

Last week, I learned about a new email technology called Bounce Address Tag Validation (BATV), which is designed to prevent SMTP bounce abuse. Spammers sometimes use SMTP bounce to deliver email messages to their targets. To do so, a spammer addresses a message to any fake address and sets the From address to the real intended recipient. Then the spammer sends the email message to a third-party mail server. That mail server sees that the message isn't destined for a known user at a known domain hosted by the mail server and bounces the message back to the From address, thereby unwittingly delivering the spam message for the spammer.

Malicious attackers also abuse SMTP bouncing, but they send a huge volume of email so that the victim mail server or its network bandwidth is overwhelmed.

BATV is designed to prevent these attacks. It uses a specially encoded From address that can be authenticated. Because a mail header, which includes the From field, is sent before the message body, a mail server can authenticate a message from its header before accepting or rejecting the bulk of the message. Screening out bad messages effectively reduces the load on a mail server and the overall network bandwidth.

Another great advantage of BATV is that because each mail server would perform its own From address encoding, BATV can be implemented on a per-server basis without any restrictive dependencies, such as third-party databases, peer-to-peer data sharing, or recurring service access fees.

BATV is an Internet Engineering Task Force (IETF) draft proposal that began in late 2004. You can read the proposal, which of course includes the technical specifications, at the IETF Web site at the URL below. If you're interested in the technology, check with your mail server software provider to see if it supports BATV.

http://tools.ietf.org/html/draft-levine-mass-batv-02

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish