Presentation Title Abusing Microsoft’s PostMark Validation Protocol
Presentation Abstract
The problem of ‘Spam’ is acknowledged throughout the entire world. To deal with the problem all major mail servers like Yahoo, Google and Hotmail have invested significant amount of effort and $ into building filters that employ a variety of methods to detect and block spam. When they’ve seen this is not enough, some went on to build whole infrastructures to verify and assign reputation to senders like GoodMail and DomainKeys. Of course senders must pay and undergo several complicated procedures in order to enroll in such programs and very few enroll into such programs after spammers found their way into these systems.
Meanwhile, Microsoft picked up on the works of Adam Back who implemented HashCash (see www.hashcash.org), and in 2004 started working on a protocol named PostMark Validation protocol. They merely picked up Back’s idea and provided a different implementation than HashCash. The idea started off as a non-intrusive protocol specification that Microsoft hoped will be picked up by other mail providers. The protocol came to market in 2008 and was implemented in all Outlook versions and Hotmail mail server. For those who don’t know about PostMark Validation, it is turned on by default in Microsoft Outlook and can be turned off via Tools->Options->Preferences->Junk Email.
The idea is to make the user spend some considerable CPU time computing a solution to a problem. Microsoft argued that an average user can afford to wait for 10-20 seconds before the mail can be sent, while a spammer who sends millions of mails per day cannot, unless he invests hundreds of thousands of dollars in hardware.
While on paper the idea is the perfect solution to fight off spam, in my presentation I will show how severe design problem of Microsoft’s implementation of Back’s idea makes it easy for a potential spammer to send mails in the number of millions with hardware bought for just a few hundred $. It may be noted that both Back’s original implementation- HashCash, as well as the Microsoft’s implementation – PostMark Validation protocol, have this design problem which makes the abuse possible. Still, Back’s overall idea is perfectly viable provided a different design is employed.
About Dumitru
Dumitru is a PhD student at the University of Bucharest, Romania in the field of Cryptography and Data Security and senior Researcher at BitDefender R&D Departmen. He has significant experience in antivirus techonologies and data security acquired in BitDefender and was a speaker at Hack.lu 2008 conference in Luxembourg.