Stopping Spam Before Looking at the Content

When we think of our spam filters, we usually think of a tool that scans through the content of our incoming email messages scouring each for specific words or phrases that are commonly used by spammers.

While this is one way that spam is detected, it is not the only method employed by your anti-spam solution. That is, if your anti-spam solution is any good.

For anti-spam filtering to be reliable, there needs to be a variety of methods used to identify junk mail. Since the bad guys are aware of the many techniques used to identify spam based on the content of the message, they are often able to craft emails that slip through the cracks.

To keep these more savvy emails from getting through, the best spam filters use any number of the following means:

Sender Reputation

Before even looking  at the message itself, spam filters will look at the IP address of the incoming connection and check the reputation of that address. This address is matched against both white lists, that allow the message to come through for further processing, and black lists, that immediately stop a message from any further review.

Other things that more sophisticated filters look at is to see if the sender is known to send a mixture of spam and legitimate email or if the IP address has only recently begun to send emails. In either case, the address can be scrutinized more closely because certain flags have been raised.

Server Profiling

With botnets being the most prolific senders of spam these days, a quick check of the operating system can also provide the anti-spam solution with some excellent information to help stop spam from being delivered.

If the operating system of the email server is one that is commonly used for the consumer market, then it is not likely a legitimate email server. Not many businesses are using Windows XP as the operating system for their mail server.

Greetpause

Whenever a receiving mail server is sent a message it is supposed to reply with an SMTP greeting. This greeting is usually something along the lines of 220 mail.yourdomain.com ESTMP Service ready. Once the sending server receives this message it will proceed to send the rest of the information, but not until it receives this message.

Some anti-spam solutions will pause this greeting on purpose to see if the sender waits to receive the acknowledgement before sending the rest of the information. If the sending server fails to wait, it could be a clue that the message is being sent by a spammer.

Throttling

When a connection raises suspicions, some anti-spam filters will slow down the connection using throttling technology. Because the server connection is so slow, spammers may give up because it is a waste of their resources. Basically, if messages take too long to be delivered then they reach less potential victims. They would be better served by spamming another mail server’s users so they can be more efficient. This technique is often referred to as a tarpit by those in the anti-spam industry.

Note Well

These methods help fight spam because they recognize junk mail before the content even gets looked at. The problem with some of these methods is the fact that they can produce false positive rates that are a bit too high for most people to find acceptable.

For example, a marketing campaign that relies on email can hurt a mail server’s reputation if it is not carried out properly. Legitimate emails sent from that same server can be blocked or subject to excess scrutiny as a result. Believe me, I have worked for a company who was guilty of this on many occasions.

However, these techniques can be extremely effective when combined with a solid content filtering solution as well. Anti-spam solutions that look at the message from multiple different angles are always the best at stopping spam from the average bad guys and as equally effective at preventing spam from the more sophisticated ones as well.

Is your company using any of these techniques to fight spam? If so, let us know how well it is working.

Written by Jeff

0 Comments

  1. Maria Ortiz · September 26, 2012

    All these are very nice and they surely help to increase efficiency but won’t they lead to many legit messages wrongfully labeled as spam? In a sense, it is guilty by association vs guilty by being proven guilty.

  2. Mason Lancaster · September 27, 2012

    One of the first things I look at when I receive an e-mail is the sender. Then I go on with the subject. Usually a lot proceed with the latter, forgetting about the sender. I’ve learned my lesson. I received an e-mail once from my friend’s email. The mail said she’s asking for help because she’s stranded in some country. Fortunately I also logged in to Facebook, so I was able to verify straight from her if the information is correct. Just imagine if I immediately believed the spam simply because it came straight from my friend’s mail, which was hacked by the way.

  3. Alexis · September 27, 2012

    There is actually a very cool technique I’ve learned earlier. I am not the most technical person in the world, so bear with me. Anyway, it’s with Gmail. Though you still get to open the email, but you don’t need to open the attachment or even sign up to whatever fake account (such as in Amazon). When you open the mail, you can look for the drop-down menu next to the reply button. In there you’ll see Show Original. It reveals some information especially IP address, which you can use to check if it’s from a dubious server or not. Hope this helps.

  4. Natalie Newell · September 27, 2012

    I am really hoping that people like the Microsoft Office users would start using cloud once this gets out. I mean it wouldn’t be called the next big thing for businesses and for everyone if it isn’t going to be extremely useful. I personally am happy with these types of cloud services. I feel more confident travelling and creating backups for my copies. However, I’m also realistic. I agree with David. There are still a lot of die-hard fans of the desktop version. They need a lot of convincing before they even decide to believe in cloud services such as this one.

  5. Agnes Freeman · September 29, 2012

    This is actually a very good article, educating people how to avoid, detect, and get rid of spam at the earliest stages. I would also like to recommend reading the sender’s name and subject. You can also activate the review pane, so you’ll be able to read a portion of the e-mail without opening it ever. Normally spam doesn’t have very long messages, so you can easily determine from the review pane if it sounds bogus or not. Also, please do report spam when you see one so the platform’s system can easily filter them out the next time they’re sent.

  6. Mac King · September 29, 2012

    I think one of the best ways to beat spam is to have some form of education. This one is a good start. I’ll share this with my friends and family. I am also hoping there will be more specific tips in the coming blogs soon. Anyway, if I may add my own idea, a good technique I’ve learned is to double-check names, especially if they start using my friends’. It’s a little bit of a hassle, but seriously it doesn’t take a lot of time to give them a call or shoot them an email before you open it.

  7. Gary Scott · September 30, 2012

    If you’re using Gmail, click on Spam. This worked for me a thousand times, though it seems to also place those hardly read mails straight to your Junk Mail. I should know since I also check Junk Mail just to ensure there are no good emails placed there. I also recommend that you do that since it’s unfair for valid emails to end up in the Spam folder. Either way, though, I am proud of Gmail for coming up with this strategy. It’s simply easy to use. No problems at all! I don’t even have to open my mail to use it.

Leave A Reply