33
EMAIL IS NOT DEAD … and it’s safer in the cloud NEXGEN CLOUD 2016
EMAIL IS NOT DEAD … and it’s safer in the cloud
NEXGEN CLOUD 2016
2
INTRODUCTION • Dr. Matthew Grove • Dev Manager for Rackspace
Email Anti-Abuse and Authentication
3
OVERVIEW • Background • Technology • People
4
DATA CENTERS
11 Worldwide
GLOBAL FOOTPRINT
Customers in 150 Countries
PORTFOLIO
Dedicated • Hybrid • Cloud
EXPERTS
6,200 Rackers
REVENUE
Over $2B in Annualized Revenue
FORTUNE 100
"Serving over ½ of the Fortune 100
WHO WE ARE
3,000+ Cloud Experts
5
RACKSPACE EMAIL
HOSTED EXCHANGE OFFICE 365 DEDICATED
EXCHANGE
EMAIL OFFERINGS
6
EMAIL RESELLERS • You can resell our email solutions • Our dedicated reseller support has lots of experience helping resellers • 3000 email resellers, 6000 partners in 150 countries • The technology we use supports private labeling our services
7
100% uptime guarantee, fanatically supported
EMAIL AT RACKSPACE
8
HISTORY • Rackspace Email was previously a private company and the largest
customer of Rackspace • We have always been a trusted alternative to on-prem email • Currently we look after 3.8 million mailboxes in our own multitenant
platform • The Linux systems that protect those 3.8 million mailboxes are my team’s
responsibility
9
RACKSPACE EMAIL
HOSTED EXCHANGE • OFFICE 365 • DEDICATED
EXCHANGE
EMAIL OFFERINGS
10
BACK IN THE DAY • Email was pretty simple, it was safe to host it yourself • Small Exchange environments were common as were Linux and Unix
based setups • The only real worries were uptime and spam
11
NOW THE EMAIL WORLD IS TERRIBLE • Email is now under constant attack • Viagra spam is the least of our worries
12
TOP THREATS IN 2016 • Phishing and malware • Account compromises • Fraudulent signups
13
What changed?
HOSTING YOUR OWN EMAIL
14
EVOLUTION OF EMAIL SECURITY
15
STONE AGE
16
BRONZE AGE $ for h in `server_list | egrep "smtp.*\.mta\.dca1c4" | head -n 10 `; do echo $h; for n in `seq 14 14`; do for i in `seq 1 3`; do echo -n "$n:"$i"x "; sudo ssh smtp1.mta.dca1c4 "grep ’blue pills rg8' /var/log/maillog" | grep "Apr 24 $n:$i" | wc -l; done; done; done
17
IRON AGE
18
21ST CENTURY
19
Fighting bad guys with software
TECHNOLOGY
20
MORE EMAIL MEANS MORE INSIGHT • We see a lot of the attacks and use that data to protect other customers • If we see a customer get owned via an IP we will keep track of that to
protect everyone else • We share anonymized threat data with other providers and in return receive
curated feeds that can be used to bolster the defenses
21
ABUSE SYSTEM Tier 1
Events
Actions
Tier 2
Tier 3
Count
Process
Enforce
22
DETECTING COMPROMISE • Spot the change in behavior
Mailbox
20
7 8 9 10
24 25
5 6
26 27 28 29 30
21 22 23
4
28 29 30
19 20 21 22 23 24
27
Type Count
Spam 20000
Ham 6
Virus 0 31 25
12 13 14 15 16 11
18
2 3 1
26
S T F M T W S
Type Count
Spam 0
Ham 4
Virus 0
17
23
AN EXAMPLE BAD GUY • Sanmao is a SMTP commercial
brute forcer • Has an easy to tell “you got new
smtp” • The naïve approach is try
passwords until you break in using a compromised windows machine
24
BLOCKING BAD AUTH • Track the bad IPs
IP
Type Count
Good 0
Bad 126126
Mailboxes
Type Count
Good 99
Bad 0
25
PROTECTING YOUR INBOXES • DMARC, DKIM, SPF are very important for preventing phish: • _dmarc: v=DMARC1; p=quarantine; pct=100;
rua=mailto:[email protected]; aspf=s; adkim=s; • v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsfEowfDtw07frNS1Axbly0Xyu6wpaWeWSR2kgZCS/c8pBxlrGUG6bILKnXnbFb07hy8epNZzETx1Zp+DJm6YasX8Fh6iws6ahKoQfMIRM+E3Yp7BWh0/19wx3/PKReL9WQDfycQgRHyZdN2azVY0nSQyh6IyAbTmZsW5OQDxEywIDAQAB
26
Fighting bad guys with people
RACKERS
27
THE EMAIL PEOPLE • Dedicated Anti-Abuse developers and engineers • The current team replaced the Iron age systems • We built a modern abuse system • Maintain relationships with other email providers
28
M3AAWG • M3AAWG is the premiere
conference for email security • Members only • Email best practices are
established by members of M3AAWG
29
M3AAWG MEMBERS
30
OUR COMMUNITY • We are a part of the community and work with the other ISPs • Together we all fight the bad guys who are breaking into accounts and
sending spam • Everyone has the same problems
31
RACKSPACE EMAIL SUPPORT • People are the Rackspace difference • We can help you protect your email • The best practices are super hard to implement • Setting up a DMARC record is not easy – we will help you
32
BOOTH 422 Come talk to us about anything email
