IronPort Study Finds More Than 50% of the Fortune 500 Report Bounce Attacks, Costs Estimated at $5B Annually

Market Wire, April, 2006

IronPort® Systems Inc., the leader in gateway security, announced today the results of study by analysts at the IronPort Threat Operations Center, addressing the costly and growing issue of misdirected 'bounce' email messages. The study, Internet Email Traffic Emergency: Spam "Bounce" Messages are compromising Networks, was written by IronPort analysts after examining global email traffic patterns using IronPort's unique SenderBase® traffic monitoring network which monitors over 25 percent of the world's Internet traffic. The study is available at www.ironport.com/bouncereport .

Key findings from the study include:

** Bounce messages make up 11 percent of all "hostile mail" -- which
   includes spam, viruses and phishing emails;
** Less than .5 percent of bounce messages make it through to end-users;
** IT help desk associated costs on bounce messaging exceeds US $5B per
   year;
** More than 50 percent of the Fortune 500 corporations have experienced
   mail service outages or delays because of misdirected bounces targeting
   their networks.

Another Insidious Ploy by Internet Criminals

Nearly every email user has had the unnerving experience of receiving a notification from some corporation or ISP saying, "the message you sent could not be delivered because it contained a virus." But, on closer inspection, this notice came from some address that the user has never heard of or never sent mail to. Concerned that their machine has been compromised by one of the many email-borne computer viruses, users will often contact their corporate IT support team for assistance. Most of these help desk calls are unnecessary because the message the end-user received was a misdirected bounce, another insidious ploy by criminals polluting the Internet with spam, viruses, phishing and spyware.

An email bounce message is an email notifying a sender that their message was not delivered for some reason. If a sender mistyped a person's address, they may receive a bounce notification telling them that their message was not delivered. Such notifications are integral to how email works, very similar to the return of a postal letter that was not deliverable. However, there is a fundamental flaw in the email protocol itself that allows a return address to be forged. So, any attempt to return a message to a forged return address will result in an unwanted, and often times bewildering, email bounce message being delivered to the unsuspecting email user whose name was fraudulently called out on the original email's return address.

Bounces are Polluting the Internet -- SenderBase Sees through the Smog

Traditional filters look primarily at the content of an email message, but this approach has declined in its effectiveness in the face of new types of threats that employ new tactics. IronPort Email Reputation(TM) technology broadens the context in which a message is evaluated, improving catch rate and accuracy. Today's more sophisticated threats make extensive use of URLs in an effort to thwart existing defenses. To combat these threats, IronPort has applied the concept of reputation to email's cousin -- the Web. IronPort's Web Reputation(TM) technology tracks over 45 different network parameters to accurately evaluate the reputation of a given website.

Bouncing Away $5B

Email has become the most important form of business communication. Every day, billions of dollars in transactions take place via email. Consequently, a wide-scale outage caused by misdirected bounces can destroy billions of dollars of value in an instant. It is difficult to quantify the cost of the disruption, but not hard to estimate the magnitude in billions of dollars. However, in addition to the soft cost of service disruptions, there are clear hard costs associated with misdirected bounces.

The study published by the IronPort Threat Operations Center measured the volume of misdirected bounces traversing the Internet. These bounce messages make up a shocking 11 percent of all "hostile mail" -- which includes spam, viruses and phishing emails. Only a tiny fraction of a percentage of these messages makes it through to end-users. The cost of the associated IT help desk actions exceeds $5B per year.

Secure Bounces

IronPort has developed a unique technology that attacks the problem at its core. IronPort's secure bounce technology will only issue a bounce message to senders with a demonstrated history of trustworthy behavior. This unique technology relies on the sender's reputation score as measured by IronPort's SenderBase Network. SenderBase, the world's largest traffic monitoring network, measures the sending patterns of every sender on the Internet and creates a reputation score. IronPort's C-Series(TM) email security appliances use this score to determine whether or not to issue a bounce to a given sender.

Restoring Trust to the Internet

Secure bounces using email reputation is just the latest innovation from IronPort around reputation systems. IronPort invented the concept of reputation-based filtering to stop spam three years ago, when it first launched SenderBase. IronPort then used the SenderBase Network to identify virus outbreaks an average of 14 hours ahead of traditional AV technology. IronPort more recently introduced its Web Reputation innovation, tracking the behavior and trustworthiness of webservers.