You Have the Right to Remain Silent…. Fingerprinting Email?

The Internet Patrol default featured image
Share the knowledge

You know those pesky bounce notices you get when a spammer forges your domain in a spam run? Hundreds, even thousands, of bounce notices sent by ISPs all over the world, kindly letting you know that the person to whom the mail was sent doesn’t exist, is over quota, or is on vacation. Except that you don’t really care, because nobody at your site actually sent the email to them. Of course, if the spammer forged an real live email account at your site, your user holding that email address may care very much, as their inbox is flooded with the secondary spam created by all of these bounce notices.

Well, the good folks over at Everyone.net have an interesting idea.

As was reported in InfoWorld today, Everyone.net has developed a technology which they call “Total Protection”, which incorporates an aspect known as “Email Fingerprinting”. The concept is fairly simple: Everyone.net will be adding a unique “fingerprint” header line to the headers of every single piece of outgoing email – that is email which originates from an Everyone.net server.

This fingerprint is intended to be part of the header set which is returned by receiving systems in their bounce notices. Everyone.net’s plan is to care about bounces which contain their unique fingerprint, and to reject or otherwise not care about bounce notices which do not contain the fingerprint as, presumably, those bounce notices were the result of a spammer forging the Everyone.net domain, and were not really the result of email sent by someone through an Everyone.net server.

Nice, in theory, but will it work? Only time will tell, but one has to wonder what happens when receiving ISPs don’t follow the generally accepted practices for bounce handling (and many of them don’t). Does this mean that if an Everyone.net customer – let’s say Joe Customer – sends email to their Aunt Tilly at isp.net, and it bounces because Aunt Tilly has moved on to another ISP, but isp.net doesn’t return the fingerprint, that Joe will never know that Aunt Tilly did not receive her email?

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

And how exactly does this help you?

Well, it doesn’t – all it really does is help Everyone.net to lessen the load on their own servers, by allowing them to reject out-of-hand bounce notices that aren’t really about mail sent from their system (hopefully). Still, you have to applaud their ingenuity, and one has to wonder whether other ISPs will follow suit, and, if so, whether Everyone.net has already jumped on the patent bandwagon.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

4 thoughts on “You Have the Right to Remain Silent…. Fingerprinting Email?

  1. I have a feeling that everyone.net is looking at this only because it will benefit them. I have used their service for sometime and have found that SpamShield Lite, which they make available to users for spam control, does not work correctly on their servers. I have tried via emails to site administrators and everyone.net to correct the problem over many weeks, but they refuse to take any action . In a nutshell, you can specify in SpamShield Lite that email from a particular domain or email address be blocked, and it still passes through to the in-box. In addition, the “block all email except from approved senders” functionality does not work.

    In my opinion, not only does everyone.net allow spam, it apparently promotes it. They have certainly shown no interest in correcting the problem and it should not be that difficult to correct. It is not a case of fuzzy or Bayesian logic, but simply a pass or not pass based on domain name or email address, and SpamShield Lite has that functionality. It just isn’t implemented. It would appear that it has been intentionally turned off because they have a vested interest in seeing that the user continues to receive spam.

  2. Not to mention that theose thousands of bounce messages end up in someone’s over-stuffed mailbox!

  3. Another thing that should be discussed is ISP’s that “bounce” infected emails. Nowadays, most of the time the return email address is forged so bouncing the infected email really does no good except add to the increase in wasted bandwidth.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.