According to a variety of online sources, unsolicited email – otherwise know as spam, is responsible for up to 90 percent of all email messages sent and received. A pair of high profile spam lawsuits and prosecutions are shining a spotlight on the tactics used by spammers and the efforts of legitimate email providers to thwart them.
In the first case at hand, a Detroit man is accused of fraud and money laundering charges after he admitted to earning over $3 million by sending millions of unsolicited email messages to inflate the price of certain Chinese stocks and then selling the stacks at a profit. The defendant in the case, Alan Ralsky, is described by the prosecutors as ”one of the most prolific spammers in the nation”. Mr. Ralsky is accused of using not only illegal email spamming means such as botnets, but also many legal means of tricking email recipients such as: placing false and misleading headers in the email messages, using proxy computers to disguise the email’s source, and using falsely registered domain names to send spam – thereby implying that the emails were legitimate. You can read further details on the case here.
The second case involves an International spamming ring that the Federal Trade Commission and the Federal Bureau of Investigation recently announced was considered to be the world’s largest spam operation. The spammers were sophisticated both technologically and financially, operating simultaneously from multiple locations around the globe.A report published by the New York Times, detailed how the the group was sending out ”extraordinary amounts of spam”. According to SpamHaus Chief Information Officer, Richard Cox, the group was simply overwhelming in the sheer volumes of unsolicited emails sent, ”At one point these guys delivered up to one third of all spam.”
According to published reports, The Federal Trade Commission filed a temporary restraining order and complaint against two defendants in the United States District Court of the Northern District of Illinois for ”deceptively marketing a variety of products through spam messages, including a male-enhancement pill, prescription drugs and a weight-loss pill”. The messages sent by the spammers advertised the sale of prescription drugs, and claimed that they originated from a ”bona-fide, U.S.-licensed pharmacy that dispenses FDA-approved generic versions of drugs such as Levitra, Avodart, Cialis, Propecia, Viagra, Lipitor, Celebrex and Zoloft.” FTC investigators claim that the defendants do not run a licensed pharmacy and the drugs they sold were shipped from India and received no federal approval from any regulated food or drug agency.
So no matter what the steps enacted by legitimate email providers, the proliferation of unsolicited email continues unabated. As soon as email detection and blocking software is updated to filter out unwanted messages, spammers use new and highly creative methods to circumvent the filters. This creates an ever escalating game of chess, where spammers flood email messages into the system, and spam filters work to keep them out. So what can a small business or personal user do to protect themselves from spam? We asked a team of web hosting and email experts to weigh in on the subject. Here is what they had to say.
Hans Kind, CEO with FlyingServers International and an expert in web hosting and online security suggested, ”Use a good spam filter, either software or hardware based. Protect your e-mail address by not providing an email address on any user forums or other online community sites. If you need to provide a valid email address, either use a non-business email address, or if you are able to create multiple email addresses, create a specific email address for that forum or community.”
Daniel Foster is an owner and founder with business hosting firm 34sp.com, an had ideas on reducing spam, ”Make sure your antivirus and antispam software is up to date and kept current. You should also have an email package which includes spam and virus filtering from your provider, so that you never end up getting spam in the first place. For unwanted e-mails from known contacts, most e-mail clients support blacklisting. This will allow you to add the sender’s address to a list and will stop you receiving any e-mail from them.”
Jim Garrity is the Director of Infrastructure with large dedicated server web host, HostMySite.com, and suggests the following, ”I would take a two pronged approach to protecting yourself against spam as outlined below.
Step 1. Look at commercial Spam filtering services like Google’s Postini, Barracuda Spam Firewall, MXLogic’s Email Defense, or SpamAssassin. Most of these products focus on content-based email filtering, thereby quarantining suspected content from employee mailboxes. The following contents of an email are analyzed to determine spam likeliness.
IP Address verification through Spamhaus or another DNS blacklist identifier. Also, URI blacklists are used to compare legitimate mail. The URI blacklist lists domains which are found in clickable links contained in the body of spam messages (Wikopedia, http://en.wikipedia.org/wiki/DNSBL#Terminology)
SPF (Sender Policy Framework) record lookup â€“ Companies provide the list of IP addresses and subnets that are allowed to send email on the companiesâ€™ behalf. SPAM programs will search for SPF records for mail to determine legitimacy.
Body of email which could include image based content, phishing content, viruses, spoofing and spyware information
Bayesian email comparison and filtering algorithms, which is a method which looks at the statistical comparison of email messages received to determine if words, phrases, or images are legitimate or not. This is used by the aforementioned providers above in reducing spam.
Step 2. Email mailbox filtering
If you cannot Whitelist your email, take the opposite approach. In combination with your spam filtering service provider, develop a blacklist for senders that are spamming you. Configure your mail client and spam service provider with this information so that the message gets deleted in your inbox or before it reaches your inbox.
Only allow email into your inbox from users in your address book (called Whitelisting).
George Roberts is the founder of web hosting trade show, HostingCon and CEO at Interjuncture Corp., which provides the Easy Antispam email protection service. Mr Roberts had these ideas for reducing unsolicited email, ”One of the easiest things to do to reduce the amount of spam you receive is to not publish your email address publicly on the web. Many spammers scrape email addresses from websites to include in their database. In my view, it’s best to let an email security service provider block all unwanted mail before it even hits your network.”
Regarding emails that look legitimate but may originate from a malicious source Mr. Roberts added, ”The best way to protect yourself against spoof and phishing emails is to not click links directly from emails. It is much better to go directly to the website of the business purportedly sending the email to determine whether the message sent was legitimate.”
No one expects that spam will go away anytime soon, despite the best efforts of authorities to prosecute spammers, and the valiant efforts of email filtering software to block the messages. So take the advice of our experts and protect yourself against spam proactively as best you can. Also remember not to click on any links – whether in an email or at a website – that you don’t trust and know to be legitimate.
This content was written by Derek Vaughan and appears courtesy of the hosting experts at 34sp.com.