ietf-asrg
[Top] [All Lists]

[Asrg] Supplemental addresses (was: Indirection as a useful tool)

2006-02-06 09:34:17
Danny Angus wrote:
It may be that the idea of indirection between logical recipients and email
addresses has some place in the ingredients of a complete solution.

I have spent the last few years working out the operational concerns of an 
email security application that employs multiple addresses (which I call 
"supplemental addresses") for each protected inbox.   I'd like to contribute to 
the discussion by explaining how I see supplemental addresses being of a 
benefit to the overall anti-spam space. 

The use of supplemental addresses is not, in and of itself, an anti-spam 
method.  By separating messages into physically separate address spaces, 
supplemental addresses expand the context that one can derive about a message, 
starting with, "what address was it sent to?".  Another question that can be 
answered is, "who did I originally give the address to?", which leads to 
answering, "how did this sender get my address?".  There are other things that 
can be uncovered from knowing which supplemental address was used per message.

But here's what makes supplemental addresses really interesting.  When you 
combine the use of supplemental addresses with pretty much any other anti-spam 
model, it tends to preserve the strength of the model while greatly reducing or 
even eliminating the negative side effects that pretty much every model 
contains.

To understand this better, I'd like to present an important premise that we 
originally believed was true, and after a few years experience have found to be 
true in practice, that sets the stage for why supplemental addresses contribute 
to spam defenses:
        
                "Legitimate contacts never knowingly share your email address 
with spammers, and 
                spammers only share your address with other spammers, never 
with legitimate contacts."

If access to my inbox can be fractionated so that sources of spam use addresses 
which are different from sources of legitimate messages, then those 
supplemental addresses receiving spam can be subjected to anti-spam defenses 
and, more importantly, addresses that receive only legitimate messages can be 
completely spared from spam defenses (and their endemic shortcomings).

I recently did an assay of our users and calculated that after a few weeks of 
use, 90%-97% of all legitimate messages arrive on supplemental addresses that 
are not protected in any way from spam (sent to a "public" address), but 
overall spam prevention is active on those addresses that have spam sent to 
them.  So the net spam relief is the same with or without supplemental 
addresses.

So, combining supplemental addresses with a traditional content filter would 
still block the same number of messages as the filter alone, but since 90%-97% 
of legitimate mail is not subjected to the filter, the overall rate of false 
positives endemic to that filter would be decreased by almost an order of 
magnitude.  The same filter, but almost 10 times fewer false positives.

Likewise, combing supplemental address with white listing has the net effect of 
continuing to block all spam, but with 90%-97% fewer instances of challenge 
response (if you are using C/R in the white list scheme).

This effect holds up with every security model that I've considered.  
Supplemental addresses constitute a generic approach that, when combined with 
other anti-spam technologies, improves the overall performance metrics of the 
other technologies.  I think the use of supplemental addresses is becoming more 
commonplace.

I hope that my particular way of viewing the role of supplemental addresses 
helps in the discussion.


Joe McIsaac
Reflexion Network Solutions, Inc.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg