The mail you want, but just not right now. Seems like an odd way to talk about email, either you want it or you don’t. For years we’ve been talking about the unwanted types of email, like spam, that have grown to be a pest, but which have largely been dealt with by effective anti-spam services; but now there’s a less distinct line between good and bad as far as our users are concerned. The email that sits in this middle ground has become known as graymail.
More specifically, graymail is email like newsletters, notifications and marketing email. The types of email marketing you are bombarded with receive when you buy something online or use your email address to sign up for something. Normally you are opted-in to these marketing emails unless you manage to spot the often well-hidden opt-out tick box. These emails are initially interesting, but grow tiresome quickly.
You’re unlikely to want them all in your inbox right now, but somewhere else that makes them easier to read later. Many consumer grade email providers offer a way of categorizing graymail, such as Gmail’s Primary Inbox and Promotions tabs.
Graymail isn’t new. The idea was first suggested by Microsoft researchers in 2007, at the now defunct CEAS conference. Graymail, or Gray Mail as it was called then, was defined as messages that could be considered either spam or good. It’s fair to say many end users consider newsletters that they opted-in to, mostly unknowingly, as spam even though they could easily unsubscribe from the sender’s distribution lists.
Graymail is also described by the phrase “Bacn”, (as in bacon). The first use of the term Bacn is thought to have been coined at PodCamp Pittsburgh 2, as a way to differentiate between spam, ham and bacn in your inbox.
The unwillingness of end users to unsubscribe, or understand the problem as being somewhat self-inflicted, has led many enterprise IT teams to look for a solution. As a provider of email security services, Mimecast’s Threat Operations and Spam teams know first-hand how users are inclined to report bacn or graymail as spam email. A large percentage of the email submitted to Mimecast for analysis as spam is in fact legitimate marketing email with valid unsubscribe links.
It has become increasingly obvious that end users will continue to be frustrated by this graymail problem. The most straightforward solution is stemming the flow in such a way that keeps an enterprise inbox free of bacn so legitimate business-related emails take priority. Mimecast’s new Graymail Control provides this capability, by automatically categorizing graymail and moving it off to a separate folder – allowing your end users to review the messages at their leisure and keeping the inbox optimized.
If you’d like to find out more technical detail about how to configure Mimecast’s Graymail Control please visit our Knowledge Base article here.
I was intrigued to see that someone named the fourth week in January, 'Clean Out Your Inbox Week'. This was an initiative aimed at helping employees take control of their inbox and reduce email overload. Ever expanding inboxes are something we all have to deal with at work and home, and many people struggle to manage their inbox effectively…often cited as a major cause of workplace stress.
From our point of view, this is not just an issue for individuals but also a situation impacting corporates and their IT departments. As email inboxes get bigger and data storage costs rise, more and more management resources become sucked into looking after this growing email infrastructure and its mass of unstructured data.
But happily there are solutions to these problems.
Even the most hardened hoarder of emails can be helped. Firstly, if your organization uses a cloud email security service like Mimecast you can significantly cut the spam cluttering inboxes and clogging up costly data storage on the network. The vast majority of email that hits your network is unwanted spam (estimates vary in excess of 70%) and our service stops this even reaching your organization. If you don’t do this, checking and filtering this email wastes valuable IT time and resources unnecessarily.
Once you’re sure what’s in the inbox is ‘real’, next stop is effective filing and archiving. The problem is that for many people storing their emails into an archive is a concern – they are sending the email and its attachments off to a dusty, never to be seen again archive out of their control. Once it’s there, it’s simply too difficult to recover– so these emails stay languishing in the inbox and squatting on the enterprise’s network just in case they need them.
With a cloud archive service like Mimecast’s, we help you get round that problem. The archive is bottomless and sits securely in the cloud, and off the corporate network. So IT managers can reduce their storage burden. For the user, the archive is interactive – they can search, access and re-use all their archived emails forever safe in the knowledge it’s being securely and safely stored indefinitely if they want. When we show IT managers and their users this, we see a major shift in attitude about the archive. The concern about using them proactively to help manage the burden on their inbox goes away. If this archive is then paired with end user productivity tools like our mobile apps, the archive can become invaluable – available to users where and when they want, on their device of choice.
So you can have the best of both worlds. A zero mail inbox and easy, searchable access to every mail you ever received or sent if that is what you want or need. This will be good news to those emailers who made a New Year resolution to finally get off their IT manager’s naughty list.
Spam volumes on the Internet are down on this time last year. Great news, we can all relax and stop worrying about our Junk or Quarantine folders or that missing million dollar order that might he hiding therein.
Brian Krebs wrote a great piece on the take down of the most prolific botnets, which is thought to be the main cause of drought in spam. It's certainly true to say that since the likes of Spammit, Rustock, Coreflood, Pushdo and Bredolab have been knobbled the output of spam has been noticeably less.
Less spam is great news, but I'm worried. I suspect this eerie quiet in our spam and junk folders is a false sense of security, and one that is waiting to draw us into a more evil and harmful place.
Think about it this way. You're a spammer...
Imagine you've been spamming people since 1997, persuading them to buy penny stocks, herbal enhancements and more recently fake AV products. You've been getting frustrated at the shrinking rate of return on your efforts, for the billions of spam messages you send you're only seeing a 0.002% return or even less; mind you, at $30 for a bottle of those fake-little-blue-pills that's still a few million dollars.
Why the decline? Well because we the vendors, are doing a better job of detecting and dealing with spam. Giving customers a 98% anti-spam SLA means we're confident we can keep that junk and rubbish out of their inboxes. The same is true for personal or webmail accounts, providers are simply getting better at protecting users.
Then just when you thought things couldn't get much worse someone shuts down your botnet, or the FBI takes away you hosting provider. Bad day at the office?
This is why I am worried...
Given the business challenges the spammers face today it's no surprise we're seeing a decline in the volume of spam. But are we? The figures we're looking at here are related to spam volumes delivered over SMTP based email, and those have been on the wane for some time. The recent precipitous drop makes me feel uneasy about the spammers new business models. You might be surprised I'm using the word 'business' in relation to spammers - don't be; this is their business, they have offices, employees, health-care plans, support lines and staff retreats just like everyone else.
These business models embrace all the latest social media trends. Spammers are simply jumping on the new mechanisms we're using to communicate, social media gives them everything they need and in many cases an even more targeted audience who are trained to 'like' the same things their peers do.
The deeper impact of this switch to less well evolved communication channels, is that the classic AV and AS protections deployed at the corporate gateway are fast being made redundant. Their rules unenforced, their quarantines empty. The threats they protect against are getting onto the network via other means that in many cases are far less well protected. The point is that the spam isn't going away, it's just changing and adapting to the marketplace; the users might be breathing a sigh of relief when they look at their inboxes, but I can guarantee you they're not doing the same elsewhere - Try tweeting the word mortgage or loan and see what happens.
The old money was SMTP email based spam, but just like everything else in corporate IT consumerization is taking over; spammers & scammers are simply keeping up with the trends.
Standards work is generally conducted in what feels like slow-motion. More than a few highly-detailed conversations last for months or years. To those of us who've spent time in such conversations, it can be big news to learn that big news may be only a few months away. But for maximal, heart-stopping excitement, it should hint at the possibility of some day making real progress against spam.
That's exactly what seems to be happening in the case of DKIM (Domain Keys Identified Mail), an emerging standard for cryptographically linking each message with the sending domain. In conjunction with some future developments, it could take a big bite out of "phishing" -- unsolicited email pretending to come from a trusted institution.
Just a couple weeks ago -- hot off the presses, in standards time -- the chair of the IETF DKIM working group made the dramatic announcement (in the first paragraph) that things are going well. This means it could be as little as a few months before DKIM becomes a Draft Standard -- a misleading term that describes the highest level that successful IETF standards generally attain. (MIME, for example, is a Draft Standard.) I think DKIM will be the first spam-focused standard to complete the standards process.
If you're not accustomed to emptying the ocean with a cup, you can be forgiven if you're breathing normally. But there are dozens of possible antispam measures not yet in use, and they will only work together effectively in the context of a very formal framework -- a set of interlocking standards.
To oversimplify a bit: time favors the spammers because it takes far more computer power to examine a message than to send it. This advantage will probably last as long as Moore's Law does. Eventually, inevitably, we will need to develop a more systematic approach integrating multiple interlocking technologies.
DKIM is, at long last, the first of those pieces. By itself, as its opponents are quick to tell us, DKIM will do NOTHING to stem the tide. But then, while a single rock can't hold off a flood, a wall of them can.
So, it's time to celebrate the near-completion of a decade's work by some very good people. Even though it does almost nothing useful today. With all the energy I can muster, let's hear it for DKIM: Hip-
[Full disclosure: Eight years ago I helped broker the peace treaty that merged DK and IIM into DKIM. And Barry Leiba is my friend.]