NordVPN Promotion

Home / Blogs

What Next for Email Service Providers?

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

It’s been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events suggests all the ESPs whose clients were compromised were themselves compromised first. (That’s how the crooks knew who to attack.)

The Online Trust Alliance published some guidelines, that offer mostly good advice. So what should ESPs do now?

First, this is a situation that needs to be fixed, not glossed over. There’s nothing shameful about a business being attacked by bad guys; that shows you’re successful enough to be worth attacking. What’s shameful is not protecting oneself and one’s customers against future attacks that will certainly come. Claims like “only one of our customers was phished” give the message that an ESP doesn’t take the problem seriously, and is a sitting duck for the next round of compromises.

It seems likely that most if not all of the attacks are from the same group of people, so the more that ESPs share data about the attacks with each other and with law enforcement, the better the chance of tracking them down. (If you’re with an ESP that hasn’t arranged to share attack data, have someone from your security department drop me a line and I’ll make some introductions.)

Beyond that, ESPs need to both limit the damage from the current attacks and from future ones. That means both making it hard to break in and detecting and mitigating breakins when they happen. Valuable data needs to be treated as though it’s valuable. That means limiting access to it, and logging access by both internal and external users. Encrypt databases so that if a backup falls off the proverbial truck, there’s no compromise since the data is useless without the key. (And don’t put the keys on the same backup as the data.)

Compromised customers have been tricked into installing keyloggers, hidden malware that sends a copy of everything the victim types to the attacker. ESPs can and should alert the customer and ensure that they remove the malware, but the unfortunate fact is that removing malware is hard, and users who can be tricked once can often be tricked again. (This doesn’t imply that the customers are dumb—who’d have expected a spreadsheet that appears to be about employee benefits to include an embedded Flash application that exploits a Flash security hole?) Changing the customers’ passwords doesn’t help, since the keylogger will steal the new password the next time the customer logs in. But there are ways to make it harder for keyloggers to steal passwords. One is to use a variable password. Rather than having the user type the whole password each time, pick three positions at random and have them type those three letters. Stealing those letters won’t help if the next login asks for different ones. Or use an external security device, which could be a keyfob that generates a security code, or the client’s mobile phone, to which the ESP texts a one-time password on each login. These techniques should be familiar to anyone who banks online.

The next layer of defense is to detect and stop spamming from client accounts. A simple and fairly effective technique is to look at the URLs in the body of outgoing mail, see if any of them are listed in URL blacklists such as SURBL and the Spamhaus DBL, and if so, lock the account until the ESP can review and fix the mail. It can also be useful to run outgoing messages through widely used anti-spam packages like Spamassassin to check for unusual scores. (Even if the mail turns out to have been sent by the customer, something is seriously wrong if it contains blacklisted URLs or triggers Spamassassin’s spam detectors.)

Beyond that are a variety of tests for suspicious behavior, such as a client uploading a large new list and sending mail to it, or the rejection rate of a client’s mail suddenly increasing.

Yes, all of these will cost ESPs money. ESPs live in a narrow zone between their clients who want to pump out vast amounts of mail and want 100% of it delivered instantly (dream on), and recipient networks who accept and deliver it for free, Every smart ESP knows that their goal is to send mail that the recipients want, and to avoid annoying the recipients and their mail managers as much as they possibly can. Spam is annoying, spam sent from previously benign sources is really annoying, since it tends not to be filtered well. So now that ESPs are on notice that the data they hold is valuable, and the damage to them from its misuse is so great, I hope they understand what they have to do.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Smart Hard Drives Alex Tajirian  –  Apr 29, 2011 5:25 AM

Another solution comes from Toshiba through a hard drive that is smart enough to lock down data—or even automatically erase it—if anyone who isn’t supposed to access the device tries to, according to Computer World. The drive allows you to set select data on the drive to be encrypted, and you can set different mechanisms for triggering a wipe.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

NordVPN Promotion