All Nets Worldwide
Outbound Index Home
Member Status:
67.12.100.27
X
|
|
Back to Demo Summary
All Nets Worldwide Outbound Index Home | NEXT DEMO PAGE > > |
Usage Credit Meter:
Member Status: 67.12.100.27 |
61910
X |
|
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
HELP for MY INBOUND QUERIES |
|
After you configure your inbound email servers to query the Outbound Index, this section of the dashboard will display the results of your queries. "My Inbound Server Queries" shows a the number of replies that fell into three categories: Authorized, Unauthorized, or Unknown.
Authorized: The owner of the sender domain has authorized the sending server to send mail with an envelope-from of @senderdomain.com.
Unauthorized: The sender domain is listed in the Outbound Index AND the sending server IP address is NOT one that is authorized by the sender domain owner. OR the sending server IP address is not authorized to operate an outbound email server.
Unknown: The sender domain is not listed and the sending server IP address is not listed.
By default, the time span of this display is today only, from midnight through present moment. (GMT -0500)
Here's how the tallies are created:
|
|
HELP for OUTBOUND FROM MY NETWORKS |
|
"Outbound from My Networks" shows the number of queries associated with the messages coming from outbound email servers on IP addresses within your network, created as inbound mail servers query the Outbound Index.
In other words, those who are receiving messages from sending servers within your networks will query the Outbound Index about those messages. You will be able to see those queries, and thus see what they are receiving. You'll be able to drill down on the "unauthorized" activity on your network, pinpoint the perpatrators, and stop the activity as it is occurring. Counts are displayed for Authorized, Unauthorized and Unknown, from midnight today through the present moment. Authorized: The owner of the sender domain has authorized the sending server to send mail with an envelope-from of @senderdomain.com. Unauthorized: The sender domain is listed in the Outbound Index AND the sending server IP address is NOT one that is authorized by the sender domain owner. OR the sending server IP is not authorized to operate an outbound email server. Unknown: The sender domain is not listed and the sending server IP address is not listed. Here's how the tallies are created:
You can create or alter listings in the Outbound Index about the blocks of IP addresses you control. These listings announce to the world which IP addresses you authorize or forbid to operate as outbound mail servers. [[Link to help for managing your listings.]] Right now, the netblock shown is 68.9.203.226/8, which is the network of the internet IP address associated with the workstation you are using. [[Link to help for managing your listings.]] |
|
HELP for FORGERIES OF MY DOMAINS |
|
"Forgeries of My Domains" shows you how many times each of your domains have been forged today, as reported by all the inbound email servers in the world which are querying the Outbound Index.
Forging incidents shown may have originated from any combination of the following:
Here's how possible forgeries are identified:
Click on your domain names in to see the details behind each attempted forgery. You will see a list that includes the date and time each forgery was attempted, and the forward and reverse DNS of the sending server. You can click on the IP address to obtain contact information on the entity in charge of the the possible forgery source. |
|
HELP for OUTBOUND INDEX LISTINGS |
|
The Outbound Index Listings section shows the first few outbound email servers you have authorized to send mail using your domain in the "from" address. To view the complete list, or add/edit/delete a listing, click on one of the listed servers. If you have not yet listed any of your servers, select "view all or add" to get to the add/edit/delete interface. Your Outbound Index listings announce which servers you want others to accept mail from when that mail uses your domain in the envelope-from. Your listings also instruct others to reject all email claiming to be "from" your domain, but which actually comes from a server not explicitly authorized by you. FQDN pattern listing With best-practice configuration, your Outbound Index listings will be self-maintaining. When you add new mail server IP addresses or move your outbound mail servers, the Outbound Index can automatically pick up your changes. If you are an ISP hosting thousands or millions of domains, the Outbound Index will also be able to automatically recognize new customers and drop lost customers, as long as the host Outbound Index listings have been configured properly. A self-maintaining configuration requires that your outbound email servers have matching forward and reverse DNS. A naming convention which uniquely identifies your outbound email servers is also required. For example, if you use smtpXXX.YY.yourdomain.com, XXX may be a number or letter sequence identifying a particular server, and YY may be a location code. In this example, the only listing needed for the Outbound Index would be smtp%.%.yourdomain.com. The percent sign is the "any number of characters" wildcard. When your domain is the sender domain for a message, and the receiving server sends a query to the Outbound Index, the Outbound Index will look up the forward and reverse DNS of the sending server IP. If the result matches a pattern you have authorized, the Outbound Index responds to the query with the "authorized" indicator. IP address listing You may also list IP addresses of outbound mail servers you authorize to send mail "from" @yourdomain.com. Slash notation is recognized, so you can specify ranges of IP addresses with a single entry (e.g. 65.221.104.0/30). Trusting other domains to send email on your behalf In some cases you may wish to have a trusted third party send email on your behalf. For example, you may want to outsource your double-opt-in emailings to a legitimate bulk emailing service. Or, you may wish to allow certain domains, such as AmericanGreetings.com, to use your domain name when sending messages from their outbound servers. We expect to see companies such as AmericanGreetings.com adjust their practices so that they are not forging the envelope-from, thus ensuring that they are easily distinguished from spammers. Many options are available to them to accomplish similar ends:
In either case, if these third-party domains are listed in the Outbound Index, you may authorize all their servers just by knowing their domain name. There is then no need for you to know their mail server IP addresses or naming conventions, and you won't have to worry about keeping their information up to date. You may forbid the operation of outbound email servers on any IP address that has your domain at the end of the Fully Qualified Domain Name (FQDN). However, the forward DNS for the FQDN must match the reverse DNS record for the IP address. Ficticious Example: Rox Cable forbids all home cable modem users to operate any type of email server. Rox home cable modem IP addresses all have a matching forward and reverse DNS, like 68-29-200-83.ny.rox.net. The ".ny." is different for each state in the US where Rox Cable operates. Their listing in "Forbidden As Mail Servers" would look like this: %-%-%-%.__.rox.net, where "%" is the wildcard for any number of characters, and "_" is the wildcard for a single character. Note that Rox Cable would need a unique FQDN naming convention for the IP addresses containing its own allowed outbound servers; something along the lines of rake01.mta0.rox.net or smtp.ny.rox.net or out99.mx.ny.rox.net.
|
|
HELP for QUERY CLIENTS |
|
The "query client" IP addresses listed in this section are the IP addresses of your inbound email servers. The Outbound Index does not make these listings public in any way. It uses these IP addresses only in an Access Control List for the Outbound Index query servers. The Outbound Index query servers ignore queries from IP addresses not in the authorized Access Control List. In other words, if you want to receive query responses from the Outbound Index, you must list your query client IP addresses here. The next logical step is to configure your inbound email server(s) to query the Outbound Index. After completing the configuration, your inbound email server sends a query each time it receives a mail delivery connection. The Outbound Index query server then responds back with factual information about the sending server and the envelope-from domain. Your inbound email server then chooses to accept unconditionally, reject, or accept and then further scrutinize the email message. Click "Add New Query Client" to add the IP addresses of your inbound email servers. Click on any IP address in your query client list to edit or delete that IP address.
Link: How to configure an inbound email server as a query client Caching: Ideally, your inbound server will be configured with a cache, so it will not send a query each time a mail delivery connection occurs. The local cache will be checked first, and if the sending server and sending domain combination is found in the local cache, the query answer will be read directly from the local cache. Envelope-from: The first query sent to the Outbound Index by your inbound server will be the envelope-from domain plus the sending server IP address. You may also configure your inbound server to send one or more additional queries using from or reply addresses found in the header of the message, if you decide to accept the message. Many factors should be taken into account when you decide how to handle the results of these additional queries. See wiki discussion regarding query responses. Scrutinize: You may choose to configure your inbound email server to use content analysis, challenge response, tar-pitting, rate limiting, flagging, subject or from modification, or other scrutinizing techniques on those emails that do not fit in either the "authorized" or "unauthorized" category. For example, if the source or authorization to send mail for the sender domain is "unknown," further scrutiny is warranted. |
|
HELP for CHECKS & ACTIONS | ||||||||||||||||||||
|
Check: One of many possible tests performed using input data such as the sending server IP address and/or sender domain of an email message.
Action: What result to return, depending if the result of a check was pass or fail. Examples of actions include, but are not limited to: set the query response code to one of [Accept, Reject, Scrutinize, Tempfail], Score or Continue. Default Action: What result to return, if every check completes with an action of Continue. For example, if the process of running checks has not set the response code, the response code specified in Default Action will be set. The default action is the query response you want sent back to your inbound email server in the event that none of the checks had a pass or fail result. In other words, the Outbound Index did not contain any facts about either the IP or the sender domain based on the checks you have specified. These messages would be classified as "unknown." As the email administrator for your domain(s), you control:
You are solely responsible for your configuration choices and their results. We cannot tell you how to configure your Checks & Actions, and we have absolutely no control nor responsibility for how you or your vendors program your inbound email servers to process the query response information. We provide factual information about IP addresses and domains. That is all we do. If you need help with your settings/configuration, or confirmation of your settings/configuration, we are working on setting up a page listing third party experts that are available to advise you. We can tell you what configuration of Checks & Actions some companies have used, configurations which they have stated works well for them: Some users have reported that they like to subject these "unknown" email sources to further scrutiny, which is why we called this action "scrutinize." Some users scrutinize the "unknown" messages using such techniques as content analysis, challenge response, tar-pitting, rate limiting, flagging or subject / from modification.
Here is a list of presently available checks and a description of each: network_allowed: The IP address of the sending server is checked against the database of "forbidden" IP addresses (those which cannot be used on an email outbound server). A reverse DNS lookup is done on the IP, and then a forward DNS crosscheck. If the forward DNS and reverse DNS match, the FQDN is compared to a database of "forbidden" FQDN patterns. For this check, "pass" means the sending server IP address was not on either "forbidden" list, and fail means it was on one of the "forbidden" lists. The "forbidden to operate an outbound server" list could include IP ranges and FQDN patterns of ISPs that have an AUP (Acceptable Use Policy), TOS (Terms of Service), or other contract forbidding customers from operating any type of email server on that ISP service. The organization who has control over a block of IP addresses has the authority for the purposes of the Outbound Index, to specify which IP addresses may not be used on an outbound email server. "Control" is defined as: having an ASN or other assignment of IP addresses from ARIN, RIPE, APNIC, or other NICs recognized by ARIN; or demonstrating reverse DNS delegation; or verifying control of the domain name at the end of the FQDN of IP addresses with matching forward and reverse DNS. domain_exists: A DNS record lookup is performed on the sender domain to verify the existence of the domain. domain_allowed: A series of test are run by this check, each with the purpose of looking up whether the sender domain owner has authorized the sending server IP address. If the sender domain is not yet listed, no action is taken. The result of any subsequent checks will determine the query response. total_score: Optionally, you can set the action to take on pass or fail for each check to Score - and a scoring value. Then set a total_score threshold, and an action to take based on pass or fail of that threshold. New types of checks and actions The structure of checks and actions is designed to be flexible to adding new types of checks and new types of actions. For example, spf_allowed, tempfailing of unknown new ip/domain combinations, anti-phishing checks, identifiability/stability level check. Response codes beyond "Accept, Reject, Scrutinize,Tempfail" are also premeditated. The Outbound Index community discussion wiki has a section for proposing and discussing new check and action functionality. It is our hope that the brain trust of email, DNS, and spam fighting gurus from around the world will disect and examine proposals here from every angle.
| ||||||||||||||||||||
|
HELP for VERIFY CONTROL OF: |
|
The "Verify Control of:" section displays the list of domain names you have verified that you control (green OK next to domain name) or have not yet verified control of (red FIX next to domain name.) Clicking on the domain name makes it the domain for which domain related data on the dashboard is displayed. Clicking on the OK or FIX next to the domain name
Options for verifying your control over a domain include: creating a directory and file with names and content we specify on that domain website, telephone verification through the phone number published on the website of the domain with verification from your company Human Resources department of your authority level, or issuance of an RSA SecurID token with restricted title delivery to the address published on the website of the domain. |
