Home / Industry

DNS on Defense, DNS on Offense

Spam is a never-ending problem for service providers. Unfortunately criminals can still make money at someone else's expense so they persist in their mindless campaigns. The DNS is an integral part of well-established techniques for handling incoming spam, so unwanted mail doesn't get delivered to inboxes.

The other side of the problem is stopping outbound spam at its source, so it never leaves the network where it originates. Providers are interested in this for a bunch of reasons: if their network hits a blocklist it can prevent all emails from being received by organizations that use the blocklist. This diminishes the provider's reputation in the eyes of their peers — both literally and figuratively! There is also very real damage to the brand and typically real costs associated with support calls from unhappy users, lost customers, and wasted network resources.

Techniques for controlling outbound spam have mostly focused on managing port 25 traffic, but it's also possible to control outbound spam with the DNS. Since most spam today is sent by bot-infected hosts it's straightforward to use the DNS to identify which hosts on a network are communicating with known botnet command and control systems. It's equally easy to block these communication channels so infected systems can't get any instructions, so they can't send any spam. MX queries from infected hosts can also be blocked to prevent spam from being sent, or redirected to a mail gateway where the messages can be handled according to operator policies.

These two simple techniques can eliminate a huge proportion, up to 90%, of outbound spam with minimal false-positives. The impact on the DNS is minimal — and there is no need for additional equipment in the network, such as appliances. Nominum is hosting a webinar on this topic on April 24, 2012. It will provide details on the two techniques summarized above and describe how the solution can be deployed. Real-world data from two ISPs who have implemented this approach will be discussed as well as the advantages and disadvantages of this approach versus other techniques such as port 25 blocking or DPI.

About Nominum

Nominum

Nominum is the innovation leader in DNS software and Internet Activity Applications. The company's Vantio™ CacheServe software powers the Internet for the world's largest CSPs in 40 countries. Vantio™ ThreatAvert software arms CSP's with the power to stop the spread of inside threats such as botnets and DNS-based DDoS amplification attacks that could impact network availability and reputation. Nominum's N2 applications enable CSP's marketing and customer care teams to leverage subscribers' Internet Activity to better engage, build brand loyalty, improve marketing ROI, and open up new business models. Nominum is a global organization headquartered in Redwood City, CA. (Learn More)

Related topics: DNS, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Announces Future Ready DNS

Dyn Acquires Internet Intelligence Company, Renesys

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

Why We Decided to Stop Offering Free Accounts

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Dyn Acquires Managed DNS Provider Nettica

Why Managed DNS Means Secure DNS

SPECIAL: Video Interviews from NamesCon 2014 in Las Vegas

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Dyn Announces Largest Quarter In Company History

Diversity, Openness and vBSDcon 2013

How Does Dyn Deliver on Powering the Internet? By Investing in Standards Organizations Like the IETF

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Announces the Opening of New Data Center in Mumbai, India

15 Facts About .net to Celebrate 15 Million Registrations

SPECIAL: Updates from the ICANN Meetings in Durban

Dyn Building a Lineup of Technical Talent

DCA Registry Services Contribute to Second Africa DNS Forum, Durban, SA

Sponsored Topics