Email Permission Keys Adrian E. McElligott. What email have you lost today? -------------------------------------------- What email has your Spam filter.

Slides:

Advertisements

Similar presentations

Eloqua Providing Industry-Leading Management Tools.

Advertisements

Basic Communication on the Internet:

Deliverability How We Get You to the Inbox. +98 % Our Deliverability routinely ranks in the high 90s. There’s another way of saying this: We Get Your.

Permission Keys in five easy steps Adrian McElligott

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

City Sara VonBargen, Sr. Implementation Manager GovDelivery ® & Digital Subscription Management: Better Public Communication.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

Engaging networks can help you to grow your online community Outreach top 10.

Lesson 7: Business, , & Personal Information Management

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

August 15 click! 1 Basics Kitsap Regional Library.

1 Integrating ISA Server and Exchange Server. 2 How works.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

This is the first page of the log in, this is were you enter your unique details.

Overview and capabilities MAY We are online marketing experts We are connecting the dots and delivering results We create powerful online marketing.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com.

What’s New in WatchGuard XCS v9.1 Update 2. WatchGuard XCS v9.1 Update 2  Introduce New Features WatchGuard XCS Outlook Add-in Secur Encryption.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Technology ICT Option: . Electronic mail is the transmission of mainly text based messages across networks This can be within a particular.

1 The Business Case for DomainKeys Identified Mail.

OCR Nationals – Unit 1 AO2 (Part 2) – s. Overview of AO2 (Part 2) To select and use tools and facilities to download files/information and to send.

Unit 9 Communication Services

Module 8: Managing Client Configuration and Connectivity.

This presentation will be all about s, etiquette and software. I will be going through each one of these individually and thoroughly step.

ASP.NET 2.0 Chapter 5 Advanced Web Controls. ASP.NET 2.0, Third Edition2 Objectives.

(or ?) Short for Electronic Mail The transmission of messages over networks.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Marketing Effective way to commutate. Things to remember in marketing 1. IS NOT ONLY ABOUT SELLING 2. IS NOT ONLY FOR THE SOURCE.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Unit 2—Using the Computer Lesson 14 and Electronic Communication.

Living Online Module Lesson 24 — and Effective Electronic Communication Computer Literacy BASICS.

February 2006Colby College ITS Introduction to Entourage 2008.

Can You Hear Me Now? Communication for Teachers Using Microsoft Outlook.

Etiquette – a list of rules that we observe Phishing - sending an to a user falsely claiming to be a legitimate company to scam the user into providing.

Outlook 2007 basics. Create an account An account must be created before sending/receiving . Follow these steps to create an account:

Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.

Module 3 Managing Recipient Objects. Module Overview Managing Mailboxes Managing Other Recipients Configuring Address Policies Configuring Address.

Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.

 When you receive a new you will be shown a highlighted in yellow box where your can be found  To open your new just double click.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Information Security in Distributed Systems Distributed Systems1.

Living Online Lesson 3 Using the Internet IC3 Basics Internet and Computing Core Certification Ambrose, Bergerud, Buscge, Morrison, Wells-Pusins.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Creating and Managing Digital Certificates Chapter Eleven.

NetTech Solutions Troubleshooting Office Applications Lesson Seven.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.

AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?

Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.

Revision Unit 1 – The Online World Online Services Online Documents Online Communication Cloud Computing The Internet Internet Infrastructure Internet.

Advanced Guide to ing. Introduction In this guide you and explain will learn how to use ing in an advanced way. I will go through on.

Windows Vista Configuration MCTS : Productivity Applications.

Don’t click on that! Kevin Hill.  Spam: Unwanted commercial ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged.

Project Management: Messages

Internet Business Associate v2.0

Technology ICT Option: .

Upgrade (Exchange 2013/Office 365)

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Technology ICT Option: .

Adrian McElligott CEO Geobytes, inc. Boston, March 2008

Presentation transcript:

Permission Keys Adrian E. McElligott

What have you lost today? What has your Spam filter lost today?

Are spam filter false positives a problem? … “Sure communication is unreliable – get over it.” But what if we could avoid the… –frustration –time wasted –user support costs –lost of disenfranchised users –the cost of the lost messages themselves? what if, as Spam filter providers, we could avoid the… –professional embarrassment –humiliation –Damage to our brand and reputation, of having our filters mistake’s highlighted to our users?

Easiest lost message to avoid Fear of this type of lost message is the most common reason for a user to frequent their Spam folder. First Contact Replies Solicited Bulk Types of Lost Messages Least Likely to be discovered and manually recovered. Often brings new business Injury to user is great. Often incorrectly reported as Spam Damages user conference in their spam filter Annoying, disenfranchising

The real cost of lost messages New Term: Lost Message RateLost Message Rate Lost messages erode the value of a Spam Filter. Exposing a user to spam in their junk folder is still exposing the user to Spam. If the user is routinely checking their junk folder then the filter is of diminished value.

Introducing Permission Keys Permission Keys (EPK) - are a unique key that is embedded in an address in such a way that it is likely to be retained during normal use, and is therefore available to be extracted at a later date when that address is used to send a message back to the original user. works with the existing Internet infrastructure requires no modification to existing third party processes

What do Permission Keys look like? unique code or key that is embedded in to an address embedded in such a way that it is likely to be retained during normal use of that address works with the existing Internet infrastructure requires no modification to existing third party processes "John Smith " "John Smith

Key (Binary Code) CaseKeys Hybrid combinations Display Name Addressing Plus Addressing Types of Permission Keys

Types of Permission Keys - Tagged Addressing Tagged Addressing, (Plus or Minus Addressing) is appending a key to the local part of an address via standard tagged addressing. most appropriate for ‘typed-in addresses’ – business cards, off-line advertising etc. A typical Plus Addressing key may look something like this: where is the key.

Types of Permission Keys - CaseKeys CaseKeys are a type of permission key that use the CAsE of the LeTTerS that make up an address to embed a unique key into every instance of that address. A typical CaseKey might look like this:

Types of Permission Keys - Display Name Addressing (DNA) A “Display Name Addressing” Key, is a type of permission key that appends or encodes a unique key within the Display Name portion of the address. A typical display name key may look something like this: "John Smith " where is the key.

Types of Permission Keys - DNA/CaseKey Hybrid A DNA/CaseKey Hybrid key is a DNA key with a CaseKeyed representation of the protected user’s address included in both the Display Name part of the address and the “addr-spec address” - it is used in outgoing messages when tagged addressing is not supported. It may look like this – "John Smith typically automatically inserted in to all instances of the protected user’s address in all out-going messages.

Types of Permission Keys - Tagged Addressing/CaseKey Hybrid is a combination of the Plus Addressing and CaseKey methods. It is essentially a Tagged Addressing Key that has been CaseKey encoded. It may look like this – joHN.SmiTH typically manually issued to a user via a user interface for use on web forms

Permission Key Issuing Facilities New Permission Keys are randomly generated and issued from a key issuing facility There are three different types of key issuing facilities, each capable of issuing different forms of keys, and each positioned to reduce one or more types of false positives

The type of issuing facility that originally issued the key The time that the key was issued The address of the recipient, or where the key was published Identify Issuing Event Who How When How Permission Keys Work

How Permission Keys Help Match an incoming with an issuing event Identify messages mistaken for spam Improves User Confidence in their Spam Filter

How Permission Keys help user feedback dependant filters Provides automated “is not spam” feed back to the filter. Reduces User Trust Oscillation.

How Permission Keys Help DNSBL Filters In systems that use DNSBL Permission Keys allow the use of a more aggressive list criterion thereby maximizing the proportion of messages that can be blocked at the SMTP Gateway. Permission Keys in either the SMTP envelop or the message headers can be used to identify legitimate messages before the entire message has been read from the wire.

Why they will use it Permission Keys provide significant benefits to the end user, which include: Dramatically reducing a users exposure to spam. Reclaiming time that is currently lost by the user reviewing their Spam folder and looking for lost messages. Restoring confidence, alleviating fear, frustration and spam related stress. Optionally the user can be alerted each time that a lost message is found – reassuring the user that the system is working and maintaining the perceived value of the system form a user’s perspective.

Permission Keys System Components Client Side Outbound Message Key Insertion Function Spam Folder Monitoring Module Server Side Key Issuing Facility –AJAX Web Service –UI for manual issuing –Key Custodian API GetKey IsValidKey InvalidateKey Access authentication Key Generation Key Storage & Retrieval Reporting

The Global Key Custodian Dynamic Web tags Corporate Spam Filters ISP Network Filters Desktop Spam Filters End User Interface & Support Introducing the Global Key Custodian

Business Model Perhaps the most significant benefit of an Permission Keys enabled system, is that it provides additional identifiable value to the end user – which can be used to generate an addition revenue stream to the service provider.

Business Model Monetization Revenue Sharing, (Subscription / Advertising sponsored) Increase Subscriptions Increased user loyalty Premium service There are a number of different models available to monetize the additional value that Permission Keys provide.

Business Model Urgency The Global Key Custodian Dynamic Web tags Corporate Spam Filters ISP Network Filters Desktop Spam Filters End User Interface & Support For example, if a desktop filter provider implements permission keys in their filter, and then at a later date the ISP implements permission keys in their Network filter, then while each instance would respect and use each others keys, the providers revenue share would go to the desktop provider – as they were the first to issue a key for that user. Under our revenue sharing model, once an address has been associated to a service provide then it can’t be changed.

What is lost costing you? Problems that result from lost messages –Unreliable communication –Misunderstandings –Damage to reputation / brand –Lost opportunities –Lost time –Exposure to spam What would it be worth to your users to solve these problems?

What have you lost today?

The advantage of CaseKeys over just white listing outbound recipients You can expire Permission Keys, and while you can blacklist an address you can’t issue the compromised user a new address. Permission Keys embed the key in the senders address, which propagates when the message is forwarded to a third user. Many users have multiple addresses feeding to the same inbox, so a reply may come from a different address. Permission Key can validate the legitimacy of “First Contact” and “News Letter” messages.

How does this reduce spam? Whenever a user has to check their Spam folder, then they are still being exposed to all of their Spam - only the folder name is different. CaseKeys may well be the difference between a system that users trust and one that they don't - the difference between exposure to all of the Spam, or no Spam.

Q. Does publishing a keyed address result in Spam being falsely white listed? Keys that are published on web pages are set to auto expire. In the event that a Key does fall in to the wrong hands and did result in a False Negative, then the user clicking “Is Spam” would invalidate the Key.

New Term Lost Message Rate (LMR) Is the percentage of legitimate messages that are mistaken for Spam. Traditionally the industry has used the statistical term “false positive” which does not truly reflect the proportion of legitimate messages that the filter is loosing.