• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Cisco Covets Anti-Spam Role

Posted on: Wednesday, 27 July 2005, 03:00 CDT

Cisco appears poised to initiate more action in the anti-spam arena, having just jumped into a standards fray where the industry's top hardware vendor normally wouldn't be found.

"Since all this [spam] traffic is running on Cisco networks in large part, many customers often ask, 'Why can't Cisco do something about it?"'says Sanjay Pol,senior vice president and director of Cisco's AntiSpam Initiative."The less trust people have of the Internet, the worse it is for Cisco and our customers."

Last week, Cisco joined Yahoo, Sendmail and PGP Corp. in submitting the DomainKeys Identified Mail (DKIM) specification to the IETFDKIM results from Cisco andYahoo merging separate e-mail verification technologies with similar attributes, which both companies had worked on for more than a year.

DKIM is a signature-based e-mail authentication proposal meant to curb unsolicited commercial e-mail, as well as phishing messages.While the Cisco/ Yahoo anti-spam move is getting notice, it is still just another in a litany of efforts in the industry to standardize a way to stop unsolicited e-mail.

DKIM, which relies on cryptography to authenticate a senders identity will likely follow the same path as the Sender ID proposal that Microsoft and others submitted to the IETF last year, according to Paul Hoffman, director of the VPN Consortium, a vendorneutral organization that promotes the development of VPN technology Sender ID was not ratified as a standard by the IETF, as was hoped by its proponents, but given "experimental RFC" status. "That's exactly what's going to happen to DKIM. That's not to say DKIM would be a failure from an IETF perspective, but that it's not at all clear the technology is valuable or worth doing," Huffman says.

Part of the problem is that there's uncertainty whether any form of e-mail authentication will stem the tide of spam. Supporters say sender authentication will help fight phishing because senders will no longer be able to make their e-mails look like they've been sent by a valid company However, these proposals won't directly curtail spam because plenty of spammers don't hide their identity

"No one should think these technologies, even if implemented perfectly by everyone on earth, will solve the spam problem," says Matthew Prince, CEO of anti-spam consulting firm Unspam."But if the worst spammers on earth are the ones who pretend to be from a legitimate online business and instead are : stealing account information . . . then these technologies are good at addressing the first line of the problem."

Because it involves encryption, DKlM is a more robust approach than Sender ID, but also more difficult to implement, Prince adds. Sender ID has suffered from differences in the way the protocols it includes are implemented, causing compatibility problems that led some companies to rip it out and search for new solutions, Prince says. DKIM will likely capitalize on this opportunity

Cisco insists that DKIM and antispam efforts are not geared toward making money, for now.

"Our efforts have not been about creating a product," Cisco's Pol says. "It has been about providing some thought leadership in the industry and to protect the Internet from more abuse. Is there a way to tie [Cisco's anti-spam efforts] back to product? It's a little bit far out and it's too early at this stage to talk about any product plans."

Regarding the DKIM technology which will be available this month as an open source mail server plug-in,"there is no intellectual property for us to hold onto," Pol says.

Past comments from top Cisco technology executives indicate that spam is a hot issue for Cisco's customer base and that stopping such nuisance traffic at the router and switch level is a problem Cisco engineers are examining closely

In a November 2004 interview, then-Cisco CTO Charles Giancarlo said network hardware will take on more gateway-like functions as it evolves.

"Anti-virus, anti-spam, anti-worm, anti-whatever will be fundamental components of the functions of the network," said Giancarlo, who earlier this month was promoted to head of development at Cisco. "This means routers and switches and whatever elements we have in that network infrastructure."

Another recently promoted top technologist at Cisco also says spam could be taken on by network hardware.

"We have a lot of application security for Port 80 misuse, but we have to look beyond Port 80,"says Jayshree Ullal, senior vice president of Cisco's newly formed Data Center, Switching and security Technology Group. She was formerly in charge of Cisco's security Technology Group.

"That's something we are looking to get into in the future. The next step is not just deep packet inspection but also deep manipulation of HTTP engines, SMTP engines, [instant messaging] engines - that type of stuff.You can leverage more of this technology for inspecting and stopping traffic such as spam," she says.

Observers say Cisco's quest for adding new features to routers and switches could lead it to an anti-spam focus in its products.

"Cisco's initiative is that they're moving toward looking deeper into the packet," says Frank Dzubeck, president of Communications Network Architects.

This deep-packet inspection and routing technology falls in line with Cisco's recent Application Oriented Networking effort for routing XML-based messages and its advanced intrusion detection and prevention technologies around its Network Admission Control initiative for locking out virus-infected PCs.

"If they're looking that deep into packets, why shouldn't they be able to filter out unwanted traffic?" Dzubeck says.

"Eventually you'll see all antimalware go into the router^' including spam-prevention technology says Zeus Kerravala, an analyst with The Yankee Group."If you can put it in the router and get it before it comes in, that will stop some of the problem. It won't solve everything, but it's like living in a gated community: You have the gate around houses, but still have locks on front doors."

Getting network companies involved in anti-spam could be good and bad, says one user.

"It's not an easy line in the sand,"as to where e-mail security enforcement should reside, says Jim Wilson, network services manager for the city of Henderson,Nev, which runs an all-Cisco network. "Normally I'd say leave [anti-spam development] technology to the application companies and smaller vendors that can do that well." But as network hardware and applications become more intertwined, Cisco gear could play a larger role in spam prevention than in the past, he adds.

The spam perspective

Opportunities and challenges for Cisco in combating spam:

* The Radicati Group estimates that 62% of the 86 billion messages sent per day are spam. This costs large businesses around S134 per year, per employee in lost productivity and spam prevention.

* IDC estimates that the market for anti-spam services, software and hardware will top $1 billion worldwide next year,

* With an estimated 80% installed base, Cisco routers move a majority of e-mail traffic across corporate and service provider networks.

Copyright Network World Inc. Jul 18, 2005

Source: Network World

More News in this Category