Our News

FST Key to Hot FBI Cyber-Terror Issue

Comments by FBI Cyber Crimes Assistant Director Shawn Henry made last October to reporters centered on a noticeable rise in cyber-terrorism and specifically cited "spear phishing" as a rapidly rising threat.

ISR's Forensic Sender Test™ helps UCE control systems combat all types of email identity crimes. Providing FST service in your mail system component or service not only brings tremendous value to your customers, but also affords an opportunity to show initiative on a “hot button” issue.

Contact us to learn more.

The FST Response

Return to The FST API

Required Responses

IPF - IP Legitimacy Group

The IPF value is a single flag set that is included primarily for spam filtering systems to provide logical branching information in algorithms. There are three flags which will have either "0" or "1" for the traditional Boolean true or false values:

  1. Existence of a valid PTR record for the IP.
  2. Existence of a valid A record for the host returned by the PTR.
  3. Match of the PTR's A to the originally provided IP (aka "valid reverse")

Example:

IPF=111

MXF - Sender Legitimacy Group

The MXF value is a space-delimited list of flag sets that correspond exactly to the list of addresses from the Senders parameter of the request. These flag sets can be used by spam filters for logical branching in a similar manner to the IPF results. The FST results are also reported in this group. There are three flags which will have either "0" or "1" for the traditional Boolean true or false values:

  1. The right-hand-side of the address has either a registered mail exchanger or an IP address. If this flag is "0", the address could not be used for reply indicating a near certainty of spam or fraud.
  2. The right-hand-side of the address passed the FST. A "0" value here indicates a spoof.
  3. The right-hand-side is not a widely known target of phishing attacks. If this value is "0" and the preceding value is also "0", the email should be treated as an identity theft attempt.

Example:

MXF=101 000 111

SUM - Summary Group

The SUM value is a single flag set that combines all other results into a quick assessment. This value is the best way to spot identity theft emails without lengthy program logic. There are three flags which will have either "0" or "1" for the traditional Boolean true or false values:

  1. DNS is "clean". A "0" value here indicates a high probably that the source of this email is a worm.
  2. FST finds ALL Senders authentic. A "0" value here indicates at least one sender address presented is not associated with the IP.
  3. All ID theft targets are authentic. A "0" value here indicates that at least one sender is an identity theft target AND at least one send flunked the FST. These do not have to be the same sender in order to present a high risk. For instance, a real email from citi.com would NEVER reference an aol.com address as an alternate sender.

Example:

SUM=000

Optional Responses

If extension names are presented in the Also parameter of the request, each will be found as a name for a value in the response. Any extension that returns a list of responses based on the Senders parameter will generate a space delimited response. The exact implementation of any extension is left largely to the request of the customer within the bounds of this simple framework.

Example:

ipptr=mailvice.mx.qostar.com
ipptra=76.73.228.35 76.73.228.36

Return to The FST API