Automated Emails: Are You Launching a Denial-of-Service Attack on Your Own Company?

Did you know that more than half of corporate email traffic may be caused by something other than employees? That matters, because as companies migrate to cloud computing, a flood of misdirected automated messages is starting to break key business applications - and no one may even know about the problem until after it happens.

It’s not humans who are the source of the messaging traffic, nor are the messages necessarily malicious, like infected client machines generating email traffic at the whim of a botnet controller. No, these emails are sent out by the very software that organizations already own, creating and sending automated messages at an enormous clip.

Email’s Historical Roots

The problem has its roots deep in the history of the servers we use today, a time when bearded men with pocket calculators worked to connect their machines together. The concept of sending one message to many people that we take for granted in the form of email today wasn’t around until 1979, when developer Eric Allman put together Delivermail for ARPAnet, the precursor to the Internet we know today.

Delivermail would eventually become Sendmail, one of the most pervasive mail transfer agents (MTAs) on the Internet today, and regarded as the dominant standard of messaging in all of the Unix and Linux systems that comprise the Internet and many data centers today.

The history lesson is relevant, because the ready availability of the open source Sendmail tool made it a perfect candidate to use for any software that needed to communicate with another piece of software or human being. Sendmail, and other MTAs, became the de facto standard way to communicate data from application to application.

If an accounting application had to communicate a change to the invoicing application, email would be the messaging medium used. No humans would be involved in the process -the message would be delivered and dealt with by code alone.

No Longer Sustainable?

But according to Glen Vondrick, CEO of Sendmail, that approach is becoming increasingly painful for companies who are moving their applications from local domains to the cloud.

Vondrick’s company, a commercial vendor for Sendmail technology, is seeing more calls coming in about applications inexplicably breaking after migrations to a cloud environment. The cause? Long-forgotten Sendmail commands that send out routine messages but don’t receive proper responses, thus shutting down a particular function or causing the Sendmail engine to continuously generate messages until something is received - a mail storm that can drag down system and network resources. Recipient programs often act in the same way when they don’t get the messages they’re expecting.

A Staggering Problem

“It’s staggering in some ways,” Vondrick said of the volume of messages involved. A large commercial bank might have tens of thousands of systems affected by these automated messaging applications.

It’s not just cloud computing that can break communications between such apps, either, Vondrick added. Out-of-sync timestamps and simple network topology changes can also throw off these apps' messages. Cloud computing just shines a brighter spotlight on the problem.

Vondrick estimates that more than 50% of all messaging traffic is generated automatically, which means the machines' messages outnumber the human messages. And since applications can generate hundreds of messages per second, if something goes wrong, a mail storm can create a denial-of-service-like attack on a company’s own servers.

"Real" Email Now a Minority

These findings mirror those of a Incapsula study released last March that claimed 51% of the entire traffic on the Internet was from non-human sources. Incapsula also claimed that a third of all traffic was coming from malicious sources, ranging from Web scrapers and comment spammers all the way up to full-on attacks.

To address the non-mailicious but still potentially dangerous messaging traffic within corporate networks, Sendmail is working on a Rogue Email Application Control tool that can identify all messaging traffic on a given network and see what’s coming from where.

But the problem goes beyond knowing what messages are running around an organization. The deeper issue is the forgotten legacy applications running on many corporate systems. These long-lost apps perform some unknown but still vital function within the daisy chain of your organization’s workflow. Before you can change your environment, you have to know exactly what’s running where - and why. Looking at otherwise-invisible automated message traffic is one way to track down those forgotten apps, and a useful tool for admins to get their own houses in order.

Properly managing traffic on corporate networks can save a lot of time and resources down the road. You just have to know where to look.

 

Image courtesy of Shutterstock.