Since spam has reared its ugly head on the Internet, its antagonists have waged an uphill struggle to block its arrival in inboxes. That battle, though, has remained largely reactive. White Hats expend enormous amounts of energy to extinguish the latest fire set by spammers so that good mail can make it to its destination unsinged. Much of that energy could be saved, however, if spam fighters focused their efforts on what’s good in the email stream instead of what’s bad. They can do that with whitelists.

In its simplest form, a whitelist is a set of email addresses that have been verified as belonging to entities from whom you want to receive email. It’s by no means a panacea. Spammers have been known to spoof email addresses that may well be on a whitelist. Nevertheless, with estimates of the amount of spam on the Internet in the 80 to 95 percent range, concentrating on the five to 20 percent of “good” mail  seems, on the face of it, an easier task than taking up arms against a horde of bad mail.

What some of the things you should look for when adding whitelists to your anti-spam arsenal?

• You’ll want the whitelist to augment itself automatically. You already have enough things to do without adding vetting email addresses for a whitelist to your to-do list.

  When evaluating a solution that automatically creates whitelists, you’ll want to carefully review how it verifies its content. To do that, it will need to vet both the source and sender of email messages.

  Some common source tests are sender system and familiarity tests. Sender system tests examine servers sending email to see if they behave as email servers. That is, they can both send and receive email. Familiarity tests review messages to see if their senders have sent “good” messages to your organization in the past.

  Some common address tests include checking outbound mail to the source of a message, comparing addresses from sources to existing contact lists on your system and requiring a source to authenticate their address through a confirmation request.

  Of course, no matter how efficient an automated solution may be, you’ll still want the power to manually alter the whitelist to correct any glitches in the system.

• You’ll want your whitelist solution to be dynamic. Source and address tests need to be constantly and quickly applied to your email stream. It’s the only way to minimize “false positives” created by the list and to ensure the best experience for your users.
• You’ll want a system that makes it easy for good guys to join. Any system that makes senders jump through hoops to authenticate their identity won’t buy you any good will from them, from your users or from your organization. If your system has a  challenge-response component, you’ll want to keep the challenge message simple and the response simpler.
• You’ll want to make it hard for the bad guys to join the club. Actually, that’s easier than you might think. That’s due to the nature of the spam beast. For example, simple challenge-response measures can be very effective in weeding out bad guys. Why? It requires spammers to give up their anonymity. When you’re doing something illegal, anonymity isn’t something you want to part with very readily. It also adds to their workload. They don’t want to be dealing with individual messages. They’re interested in mass mailings–even though the cumulative effect of those individual messages may be harmful to their mass mail strategy. What’s more, spamming is mostly a one-way street. Spam servers know how to dish out the dirt, but they’re a dead end for incoming email.

Whitelists can be an effective tool for fighting spam in an organization and freeing up resources that get sucked up by more reactive weapons used to combat Internet scat. Just how effective? A study by three Stanford University professors, revealed that whitelists can be very effective. They reported that “we find that almost no spam makes it to users’ inboxes, and less than one percent of legitimate email is mis-classified.”

“It is interesting to note that this is achievable on a simple prototype system with significantly less engineering effort than is devoted to creation of spam filters,” they added. “But this shouldn’t be surprising: like a buddy-list in IM, a whitelist tries to precisely identify the people we communicate with, or who we allow to send us email. Unless we make a mistake, we will not allow a spammer to send us email.”

“We should expect a well-engineered whitelisting email service to behave almost perfectly,” they asserted.

If you haven’t received an email from someone asking you to buy their latest and greatest digital device or some other product that promises to help you lose weight and look younger in twenty-four hours then consider yourself not part of the world population.

We’ve all received these emails either through our email mailboxes or via text messages on our cell phones. And in case you haven’t heard of it, it’s called spamming.

Spamming involves massive distributions of email messages to recipients that number in the thousands to tens of thousands. All the spammers need is for one percent to five percent of the recipient pool to open their spam messages to get their message out there. That one percent to five percent can translate into 20 to 50 persons for a small sampling of 2,000 recipients to upwards of 200 to 1,000 people on the high end sampling of 20,000 recipients. And it doesn’t cost the spammers anything more than the keystrokes needed to send out their burst of emails and the costs associated with the harvesting of email addresses which is another subject altogether.

So how can an administrator protect their enterprise from being the subject of these email spamming campaigns?

Continue reading 6 Best Ways to Stop Spamming

The leaves have barely begun to change their hues, but that doesn’t mean it’s too early to start thinking about email attacks launched by Internet fraudsters during their favorite time of year–Christmas.

Holidays, special occasions and high visibility disasters always prime malicious spam campaigns and keep corporate email filtering systems busy, but Christmas is considered prime time for Web miscreants intent on bringing joy to their underworld and misery to the holiday season of others.

Because exchanging greeting cards is a common practice during the holidays, electronic greeting card scams remain popular. The typical card con will alert a target via email that he or she has been sent a holiday greeting from a mystery sender. The combination of the season–Christmas is the only time many people have an opportunity to catch-up on the year’s happenings with some acquaintances–and the lure of “who could be sending me an electronic card” are powerful inducements for someone to break protocol. The email instructs a recipient to click a link in the message to see the card, a link that leads to a site where a recipient’s sensitive personal information can be stolen or malware downloaded to his or her machine.

Continue reading Never too early to plan for Xmas scams

I’ve been receiving an inordinate number of spam emails lately, which contain mostly images and very little, if any, text. Of course, this is nothing new, but the phenomenon bears a closer look.

There are two reasons a spammer will send a spam message with images. First, the image may give them an opportunity to attempt to circumvent the spam filter. For example, while a spam filter is likely to pick up on the words “cheap Viagra” as a spam message and send it to the junk bin, the same filter may not pick up on the fact that the spammer has sent an image, which does not contain the actual text, but just a .jpeg image of the text.

The second reason a spammer will use images in an email is that they may contain a Web beacon–a tiny, hidden device that sends a message back to the spammer. This beacon will let the spammer know that you have opened the email, and that the address they sent it to is legitimate. As a result, you will find yourself on hundreds of other spam lists.

A ZDNet article today suggests blocking all HTML email completely, and this can indeed be done fairly easily based on the settings in your email client. But speaking as someone who creates and receives a lot of HTML email newsletters that are quite legitimate, there are plenty of people that wouldn’t want to go this route. That an email uses HTML is not necessarily an indicator that the email is spam, as the writer suggests. In fact, almost any type of commercially-produced email is HTML-based.

However, blocking images is worthwhile and will handily address the problem without having to throw the baby out with the bathwater. In most email clients there is an easy way to do this by opting to block images and other external content in HTML e-mail. If you trust the email sender, you can just click a dialog button and see the images along with the text. This eliminates the image problem, while still allowing you to receive your HTML newsletters and other graphically-rich email.