Military strategy has been around for as long as humans have been fighting over things and that’s a long, long time. Sun Tzu, who lived sometime between 722-481 BC is considered the world’s first known military tactician. He was a General, Philosopher and a Warrior. His masterpiece, a book of military strategy, The Art of War, has inspired great conquerors like Napoleon as well as modern-day Generals, Sport Professionals and Business Leaders.
Military strategy is about much more than battles, conquest and acquisitions. The wisdom that underlines military strategy is based on core-principles such as simplicity, observation before action, discipline and risk mitigation. All of which apply to the business world and infrastructure security. So I began to wonder, “what would an anti-spam system look like if Sun Tzu were around today to design and manage it?”. Considering the current systems in place I realized that the anti-spam industry already looks as if it’s been influenced by Sun Tzu.
Here are some of Sun Tzu’s key principles from the Art of War and how they are being applied by ISPs and Service Providers to fight spam:
Principle 1: Foreknowledge
“What enables the good general to achieve things beyond the reach of ordinary men is foreknowledge”.
Here Sun Tzu is referring to understanding the enemy’s intentions. ISPs and Filter Providers understand a spammer’s intention and how they operate. The bottom line is, spammers want your money. To get your money, they need to get your attention and to get your attention, they need to get into the inbox of a legitimate account. In my article, A Spammer’s Little Black Book I wrote about how spam affiliate programs work and how the spammer community thinks. ISPs understand this and through years of observation they’ve recognized patterns in spammer behavior and content. Content fingerprinting and reputation-based filters are based on and propagate, the adage, “Know thy enemy”. Reputation scoring is also about “knowing” and being able to differentiate an enemy from a comrade. Which leads us to the next principle…
Principle 2. Fortification and Diversity of Defense
"The clever combatant looks to the effect of combined energy and does not require too much from individuals…"
Sun Tzu was referring to the importance of load balancing when it comes to human resources. This applies to systems as well. An individual piece of anti-spam technology, such as a filter, is not enough. ISPs have employed the power of the people, i.e. feedback from users as well as third-party, managed services. Some examples of this are the “this is/is not spam” buttons, FBLs, DNSBLs & Return Path’s certification program. All of these are examples of diversification and fortification of defense by utilizing the power of human observation, analysis and feedback in addition to software.
Principle 3. Change Your Strategy as the Enemy Changes His
"He who can modify his tactics in relation to his opponent and thereby succeed in winning, may be called a heaven-born captain."
This brings us to phishing. Phishing has been a big problem for a while now but as phishing techniques evolved to become an ever advancing, persistent threat, the industry responded by changing its strategy. In 2012, DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, was launched by a consortium of top mailbox providers and senders. DMARC is now deployed at mailbox providers representing 60% of the world’s mailboxes and has been adopted by 10 of the top 20 sending domains, representing a high volume of daily traffic into receiving networks. Because of this strategic flexibility and response by the industry, hundreds of millions of “enemy” messages were blocked from consumer inboxes. Sun Tzu would be proud.
Principle 4. Lure Him In
"Rouse him, and learn the principle of his activity or inactivity. Force him to reveal himself, so as to find out his vulnerable spots."
Oh honeypots, how we love you….or not. Spamtraps can after all, be problematic for legitimate senders who sometimes make honest mistakes. But like a soldier learns to avoid landmines, legitimate senders who follow best-practices should stay safe. Traps can be designed to catch different types of behavior. There are two types of spamtraps, pristine and recycled. A pristine trap has never been used, so it should never be on a legitimate email list. Pristine traps can be embedded or otherwise concealed within webpages, to make them available to harvesting webbots. A recycled trap is an email address that once belonged to a real person but was later converted into a spamtrap. A legitimate sender can still have recycled traps on their list but indicates a list hygiene issue and can result in blocks or bulking.
Principle 5. Delay
“If you can’t defeat the enemy immediately, delay them.”
Actually it’s Napoleon who most famously practiced the art of delay at the battle of Waterloo when sent a small number of troops to delay the incoming Prussians while his main body of troops faced the Dutch and British troops. It looks like ISPs took a page out of Napoleon’s handbook when they decided to throttle messages and limit connections and throughput.
Principle 6. Know when to Retreat
“If all else fails, retreat.”
Blocking is the ISP’s version of retreating when it comes to defense tactics. ISP Postmasters create internal policies and thresholds, enabling them to clearly define when a sender should be blocked. DNSBLs play a massive role and highlight the collaborative strategic alliances that have evolved on the anti-spam battlefield.
Principle 7. Form Alliances
When I read Tzu’s quote, “If you carry on alliances with strong countries, your enemies won't dare to plot against you.” I was reminded that his vision doesn’t entirely translate to modern society, especially our technological world. Or maybe Sun Tzu simply couldn’t imagine the psychological profile of modern hackers and phishers. This is probably because he lived within a societal structure (Confucianism) with an extraordinary focus on honor. Being a big company and having a well-known brand, will not totally protect you from the bad guys. If anything it makes you more of a phishing target. Black Hats consider it a challenge to attack you, your brand and your customers. Especially if they believe there is something worthwhile waiting on the other side. However, alliances are a huge part of the game on both sides. Hackers, Phishers and Spammers form alliances and have online communities where they work together.
This is why Return Path brought over 80 mailbox providers worldwide to collaborate and rely on its Trusted Cooperative Network, the largest messaging reputation network on earth, to provide insight into emerging threats and immediately stop them. DMARC, a standard for email authentication reporting that was co-developed by Return Path and a coalition of mailbox providers, security vendors, and major brands in social networks, financial services, etc., is another depiction of Sun Tzu’s alliance principle. Hackers may still dare to try, but their attempts will be rendered futile.
To paraphrase the first verse of The Art of War; “The Art of War is of vital importance. It’s a road either to safety or ruin. Hence it is a subject of inquiry which cannot be neglected”. In a way, this explains why at Return Path, we do what we do. We live and breathe “email intelligence” because we understand the nature of the battle. If you’re an ISP we’re here to help you enhance your network performance and defense strategy. If you’re a Sender, we’re here to help you build trust with your clients and ISPs alike.