We don’t need to remind you where the fountainhead of SMTP trouble resides… think Space Needle. But the eBay/PayPal (ePal) duo has been a close second. ePal’s insistence on dumping a constant flood of HTML-formatted email has created an easy phishing target for every pizza-faced geek on the planet who wants a new iPod.

What could possibly be worse than ePal? How ’bout adding… oh… a zillion Skype customers? More targets for ePal’s email-crazy marketers. That’s bad news for networks, bandwidth, and victims. Good news for phishers and other assorted ne’er-do-wells.

So what can a savvy network manager do to counter the coming wave? At the very least, make sure you’re performing a reverse DNS check on each incoming message. (Virtually all mail servers and network content filters do this).

Next, depending on organizational tolerance, set your content filters to expose/disable embedded HTML links and scripts.

Finally, deploy at least one SMTP authorization scheme at the network border. Which is best? The one that’s easiest to turn on. If you do some research, you’ll find angry, insulting or greedy defenders for each:

  • Certified Sender Validation (CSV);
  • DomainKeys Identified Mail (DKIM);
  • Sender Policy Framework (SPF), and;
  • Sender-ID Framework (SIDF).

While each method has strengths and weaknesses… and they’re classed as experimental… they’re all one heckuva lot better than the coming onslaught of eBay/PayPal/Skype phishing scams.