For those of you who haven’t heard of Loggly, Loggly is cloud based service for complete application intelligence for app developers.  Loggly uses log data to collect, analyze, troubleshoot and monitor your applications. They are a heavy user of Amazon’s Web Service hosting, and recently experienced a truly stellar outage of massive proportions. You can read about that on a Loggly blog post here which I encourage you to do. However, I am not here to talk about lessons learned about hosting and availability, and putting eggs in consolidated baskets. Nor am I planning to talk about on premise versus hosted, and the perceived dangers of the cloud. It’s what happened to Loggly and how they went unaware of the impending freight train heading their way that I want to discuss, because there are some great lessons to learn from that little subset of their blog post.

Here’s the bit that prompted this post:

Originally we stated we had not received reboot notices from Amazon, but the truth is that (4) of the staff here, myself included, received two separate vague notices, one from about 10 days ago, and another from 3 days ago, which stated ‘some or all’ of our instances were scheduled to be rebooted.  These notices were found in our spam folders on Gmail, placed there with a very large red notice reading: “Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.”

In summary, AWS did send notice in advance, but those notices went unread. One of my favourite John Wayne movies is “Big Jake” and one of my favourite quotes comes from that movie. It is quite appropriate here, if somewhat shortened for context.

Anything goes wrong, anything at all…your fault, my fault, nobody’s fault…it won’t matter

And the fact is that it won’t matter at all that AWS notifications to Loggly got flagged as spam and therefore filed in the next best thing to the bit bucket. It doesn’t matter that Loggly is using Gmail, which strikes me as somewhat strange for a business, though perhaps they meant Gmail for Domains. It also doesn’t matter at all that whatever AWS sent in those email notifications, it caused some spam filter somewhere to flag the messages as spam, and even worse, as a potential phishing message. What matters is notice of reboots were sent, they weren’t read, and full outage resulted. Oops.

So here’s where I think the fix lies. With Amazon. NOT THE BLAME, just the fix, and this is the lesson I want us all to take away from what happened to Loggly and with the perspective that as a service provider, we should do better for our customers.

1. Establish a single email address to send out service notifications from.
2. Ensure it is monitored and checked regularly for replies, NDRs, etc.
3. Encourage customers to use a D/L for our notifications that helps ensure key personnel within our customers’ orgs receive all notifications.
4. Monitor the popular DNSBL services to make sure we’re not listed by mistake.
5. Follow up on any NDRs to make sure customers are able to receive notifications.
6. Test that by making new customers receive and acknowledge they have received a test notification email.
7. Make sure that the email address is properly formatted and from your domain.
8. Use valid SPF and DKIM and ensure that alert emails are sent from a compliant system.
9. PGP or GPG sign all messages sent from this account to provide further authenticity.
10. Keep links and additional content that could be misinterpreted as spam to a minimum.
    Okay the above make a lot of sense, and are probably already being done by most of you, but here’s where we as service providers should take things to the next level.
11. Maintain an email account on the popular services (Hotmail, Gmail, Yahoo, AOL, etc.) and send notifications to those accounts regularly to test for deliverability.

That last step is where I think Amazon should take a closer look, and any of us who are service providers should too. I like Gmail, and I trust Gmail, and if they find something in an email that makes them flag it as a phishing message (indicated by the Loggly blog post when they copied the “Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information”) then there is something in that email that set off all the alarms, failed the sniff tests, and was probably just a bad idea not really adding any value to the notification. Maybe the source address was different from the reply to (and in a different domain) or maybe the notification had links to a number of obsfucated URLs. Whatever the reason is, if I had seen a message in my spam folder that was flagged like that, I would have ignored it too.

When we, as service providers, need to notify our users of important things, like maintenance windows, changes to our terms of service, our outages, we need to make darn sure that users get them.

What about you? Have you ever missed a key notification because it fell victim to a false positive, or do you have any better ways to keep communications open with your customers?

Lessons Learned from the Loggly Outage

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Spam is a serious problem for anyone who is tasked with managing an organization’s email services.

Annually, spam costs US businesses between $42 million and $50 million in lost productivity and other costs. And it’s not just large corporations that feel the sting when it comes to spam. It is estimated that a company with five employees will lose $16,180.40 and 8.125 work days of pro­duc­tiv­ity per year because of spam. A com­pany with 25 employees could stand to lose $80,902.00 and 40.62 work days per year due to having to deal with spam.

Anti-spam software and appliances are certainly a necessary part of keeping inboxes as spam free as possible. Unfortunately, convincing senior management to spend money on spam filtering solutions can be difficult, especially when budgets have tightened up.

Training your fellow employees on how to recognize and deal with spam is another tactic that should be used in the fight against spam. For the most part, education helps keep the after effects of spam at bay however it is up to your co-workers to apply the knowledge passed on to them. Dollars and time can be spent building a solid knowledge base, but if what is taught isn’t put into practice then it may have all been for naught.

While both tactics mentioned here should be the foundation of any anti-spam solution, there is one area that is often overlooked when it comes to keeping email systems free of spam and viruses, and that is your company’s website.

Coordinating With Your Web Development Team

For many smaller companies, the same people who manage the corporate web presence are the same people who handle the email systems, networking, security and all other IT tasks. For anyone in this situation, the steps listed below can be much easier to implement.

Unfortunately, for those who work in larger organizations, a bit of salesmanship may need to accompany any suggestions when it comes to changing the company website, even if it means a reduction in spam.

These tips, and the support provided, should help any email administrator convince the web development team and management that changes need to be made to have better success in keeping user email boxes spam-free.

Remove text based email address from your website

No one will argue that a company’s web presence needs to have the necessary contact information so that people can easily get in touch with your company.

Unfortunately, posting email addresses as text on your website will invariably lead to those inboxes being spammed. A simple script run by spammers scans websites for email addresses and adds them their database for future mailings.

The solution? Turn your text into an image. Using an image on your site listing your contact information makes it easy for your visitors to see, but keeps it hidden to automated harvesting tools. Not only does it keep email addresses safer, but phone numbers and mailing addresses as well.

Use a verification tool on your contact form

Using a verification tool isn’t new. Many websites use a CAPTCHA system on their websites. CAPTCHA, however, poses two problems. The first is that spammers have tools that can read CAPTCHA code with a high rate of success. The second is that your visitors often have trouble reading the same codes at the same rate of success.

Using other forms of verification, such as puzzles or simple mathematical problems, have much higher success rates at not only stopping spam, but also at allowing your visitors to easily contact you without the frustration of having to re-type CAPTCHA codes that they can’t read.

Keep comment spam to a minimum

Most companies have seen the benefits of a corporate blog. And those who have one in place have certainly seen the spam that quickly builds up in the comment section.

To fight comment spam, most blogging software uses the rel=”nofollow” attribute so that spammers don’t get any benefit when it comes to the search engines from the comments left on other’s blogs. However not every blog uses these applications.

Other techniques that can help keep the levels of comment spam lower would be to use the Akismet plugin if your blog runs on WordPress or to use a verification tool for anyone leaving a comment.

And how does this help fight email spam? Because it is another step you can take to keep your company’s website off of the radar when it comes to spammers.

Is Your Website a Magnet for Email Spam?

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Small and medium-sized businesses face many of the same threats that large companies do when it comes to their email systems. Some of the common problems that email administrators face are:

• Spam delivered via email
• Viruses and malware delivered via email
• Email messages that contain inappropriate content
• Information leaks.

So in addition to steps taken to secure the company’s network and desktops, a strategy to secure the organization’s email system is also a necessity.

Yet while small and medium sized businesses face the same threats as their larger counterparts, they rarely have the same resources to fight back.

Of course the first step for any organization, regardless of size, is to make sure that they have a reliable spam filter in place.  More often than not, a content filter will be part of this solution as it makes finding illicit email messages much easier.

For some, this is where most email security strategies stop. For those who do put additional measures in place to help mitigate the threats facing email, now is a perfect time to review these policies to see if they effectively protect your email from attack.

1. Review your archiving system

One of the most commonly overlooked aspects of email security is the archiving system that stores email messages in the event that they need to be accessed at a later date.

Look over your current archiving (or backup and recovery) solutions and policies to make sure that they are consistent with industry and regulatory requirements. Also, ensure that they are in line with your company’s culture.

2. Review malware protection

Enterprise anti-malware solutions make definition and signature updates easy to maintain. If your company has a solution in place that pushes updates out to desktops, remote computers and mobile devices, then make sure everything is running the way it should be.

One thing that organizations fail to check for is newly added devices, especially mobile devices. Check to make sure that every computer that connects to your network and email is properly secured by your anti-malware solution.

It is also important that you, or someone in your organization, review any software or appliances in place to fight malware, spam and other attacks to see if they are still relevant. As threats evolve, it is important that the tools used to fight them are up to date as well.

3. Review email policies for relevance

At one time email was considered the biggest threat when it came to information leakage. With social media, mobile communication devices and instant messaging becoming more infused into business it is important that the policies used to govern communication are relevant with the communication tools used in your organization.

Review policies with every department to see how communication tools are used and identify where they are vulnerable. Once this is determined, you can work with these tools to best secure them from the specific vulnerabilities they present.

4. Update computer systems

Making sure that your anti-malware and anti-spam tools are up-to-date is part of the solution, but not all of it. You still have to make sure that everything that connects to your network and runs your software is updated as well.

Desktop and laptop operating systems should be up-to-date and fully patched. The same should be said for your server operating systems.

Once these are current make sure that a schedule and policy is put in place to keep your software current.

5. Educate again

Educating users is always part of an effective security strategy but, like everything else, training has an expiration date.

When was the last time your users were trained on how to identify and address email threats like spam, phishing scams or malware? Is the information they were provided with current or is it so outdated that you still reference the Michelangelo virus?

If you have made changes to any policies, or plan to after reading this, then your training needs to be updated to reflect them. While you are at it, you should also make sure that any other information you are passing along to your co-workers is relevant as well.

In any organization, there are too many variables so no one can say that their email system is 100 percent secure. However, taking the time to eliminate as many possible vulnerabilities as you can will certainly bring the level of risk down significantly.

5 Tips for Better Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Email marketing continues to be one of the most successful ways to spread the word about your company and what you have to offer. After all, if it wasn’t so successful then spammers would simply turn their efforts elsewhere.

But in the world of email marketing, there is a fine line between running a clean, effective campaign and coming across as a spammer.

As email administrators, it is up to us to make sure that emails get delivered. Unfortunately taking too aggressive of an approach when it comes to email marketing can make our jobs more difficult, and not only with making sure marketing emails arrive at their destination. When marketing efforts blemish the reputation of the organization’s domain, any emails being sent can be flagged as spam.

To keep your company’s reputation intact with spam filters and DNS blacklists someone from the IT department needs to work with the Marketing department and lay down some basic ground rules for the use of email. This conversation needs to include the following policies:

1. Make sure the Marketing team understands the CAN-SPAM Act

I have worked with companies before who have had the most noble of intentions when it comes to email marketing but had no idea that some of their tactics were not only unethical, but illegal.

Your Marketing team has to understand that, not only is it required by law to make it easy for the recipient to opt out of future emails, but you have to honor these requests before any future emails are sent.

Conducting a brief training for the Marketing team is all well and good, but it usually isn’t enough. Make sure that someone reviews your company’s email strategy, messages and list to make sure that everything is above board before the campaign is started.

2. Make sure that the email list is collected properly

The one mistake most people make when delving into email marketing is to simply buy a list of email addresses. Usually, this will yield a few positive results and encourage this practice even more.

Unfortunately this can also get you into trouble.

While most of the people whose email address is part of a bought list opted in to receive mailings somewhere along the line doesn’t mean that they want to hear from you.

Odds are they signed up for something without knowing that their address would be sold over and over again. By sending unsolicited email to them, they immediately form a negative impression of your business, but worse than that they could report the sending domain as a spammer. If enough complaints are registered your company could wind up on a blacklist that prevents any legitimate messages from being delivered.

Part of your email marketing policy needs to include rules for how your company plans to acquire email addresses, and that plan has to make sure that a double opt-in method is used.

3. Be careful when you outsource email marketing

One way to get around the strict policies that the IT department puts into place is to simply outsource a mass email campaign. Sure it may keep Marketing and IT from butting heads in the board room, but this is rarely a wise solution.

To begin with, not every company that provides email marketing services uses the most legitimate practices when it comes to sending emails on your behalf. Some turn to offshore servers and companies to blast your message, but location is often something that the spam filters account for. Especially if the sending organization is based in one country yet all of their marketing emails originate from somewhere else.

Another problem that some encounter with the less than legitimate email marketing services is that the reply to address doesn’t always match up. Nothing screams spam more than a message sent from an address that doesn’t contain the correct domain name in the address.

Of course not every company that provides email marketing services is ignoring the law or best practices, but if your organization chooses this route then someone from the IT department should be around to ask the right questions before a contract is signed.

3 Things You Need to Know About Email Marketing

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Have you checked the spam flowing into your organization lately? Microsoft has, and it has reported its findings in its Security Intelligence Report for the first half of this year.

The report, which is based data collected from 600 million computers worldwide, noted that pharmacy spam remains a favorite of junk emailers. An analysis of telemetry data from Microsoft customers who process tens of billions of messages a month using the company’s Forefront Online Protection for Exchange (FOPE) shows that 28 percent of all spam is non-sexual pharmacy junk. By comparison, sexual pharma spam is at the low end of the spectrum at 3.1 percent.

Behind pharma junk are non-pharmacy product ads (17.2 percent), 419 or “Nigerian” scams (13.2 percent), financial services (8.9 percent) and gambling (6.1 percent).

In the past, the report noted, some spammers tried to evade content filters by sending messages composed entirely of one or more images. This tactic appears to be losing favor among junko artists, as only 3.1 percent of the spam blocked by FOPE during the first half of the year was image spam, compared to 8.7 percent in 2010.

Microsoft researchers also found fewer “spikes” in spam activity during the period than in the past. Typically, volumes for a spam category spike as junksters mount short-lived, large-scale campaigns for it. Month to month volume changes were much more gradual during the first half of 2011, they discovered, except in one category: fraudulent university diplomas. That’s usually a very low volume type of spam, but in February it spiked to four percent of all spam. A similar spike occurred around the same time in 2010.

While the kind of junk spammers are flinging at organizations remains similar to the past, the amount of it has decreased significantly, according to Microsoft. From July 2010 to May 2011, the amount of spam blocked by FOPE plummeted from 89.2 billion to 21.9 billion messages. Microsoft attributed the volume declines to two botnet takedowns: Cutwail, in August 2010, and Rustock, in March 2011. “The magnitude of this decrease suggests that coordinated takedown efforts such as the ones directed at Cutwail and Rustock can have a positive effect on improving the health of the email ecosystem”, its report said.

FOPE is stopping most spam at the perimeter of the organization’s using it, the report noted, which frees up resources that would be consumed by more-intensive anti-spam methods. From 85 to 95 percent of incoming messages are blocked at the network edge each month, while the remaining five to 15 percent must have content-based rules applied to them. However, over the last year, the report showed the amount of edge blocked spam steadily declining, from 95 percent in July 2010 to around 85 percent in June 2011.

Much of the world’s spam is delivered through botnets, networks of compromised computers that respond to spammers’ commands remotely. During the first half of the year, Microsoft researchers found some interesting jockeying for position among the nations hosting spambot IP addresses.

While India remained at the top of the heap, with around 11 percent of all spambot IP addresses, and Russia remained strong with around a 7.7 percent share, some newcomers broke into the top five ranks from the first to second quarter of the year. Korea, for instance went from a 2.9 percent share to 8.4 percent to claim second place. Meanwhile, Vietnam jumped from four percent to 7.3 percent and Indonesia increased from 2.4 percent to 5.6 percent.

What Spam Is in Your Inbox? Microsoft Breaks it Down

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

When the U.S. CAN SPAM Act was passed eight years ago, critics of the measure doubted it would put a dent in the flow of Internet junk mail. They were right, but few would have predicted that many spammers would use the law as a subterfuge for their pesky activities. They do that with “snowshoe spam.”

It’s called that because it exploits the principal used by snowshoes to prevent their wearer from sinking into deep snow. They do that by distributing a walker’s weight over a larger area of snow. Snowshoe spam keeps junk e-mail from being sunk by a system’s spam defenses by spreading the spew across multiple IP addresses.

That can be particularly effective against an email system’s volume filters. Those filters monitor the origin of email. If a large volume of email with the same content is coming from an IP address, those filters will start blocking the email and treat it as spam. By using multiple IP addresses, spammers can keep the volumes on any single IP address low enough to submarine the thresholds used by the volume filters.

Another distinctive feature of snowshoe spam is that it’s designed to appear to conform to CAN SPAM, the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. That act requires email marketers to include an unsubscribe mechanism and a postal address in their solicitations, as well as bars the use of forged headers and requires messages to be sent from a marketer’s own network.

Spammers have found is easy to “game” the law, however. They include unsubscribe links, as the law prescribes. Some, though, have the links lead to virtual dead letter boxes on the Internet where they can be ignored. Most honor the links, however, because they know very few people will use them. That’s because most organizations advise their employees not to respond to such links. Doing so, they warn, verifies an email address to a spammer, making it more valuable to them.

They include postal addresses in their spam, too. Those are usually post office boxes, which allow the spammers to preserve their anonymity.

They meet the other requirements in the law by registering hundreds or thousands of static domains. That gives their messages true headers but the domains can be easily disposed of. They also lease hundreds of IP addresses to meet the “own your network” requirement. That also allows them to move from one range of IP addresses to another should a range be blocked by spamfighters.

Unlike illegal spammers, who distribute malware and pedal black market prescription drugs with their junk mail, snowshoe spammers tend to make their money from affiliate programs where they’re paid on a pay per click or pay per action basis.

In recent months, some large illegal spam operations have been taken down by law enforcement authorities. Earlier this year, for example, Microsoft and U.S. Marshals took down the Rustock network, which at the height of its operation infected 1.6 million computers worldwide and gorged the Net with 30 billion spam messages a day. And in April, the FBI began dismantling the Coreflood botnet, which had infected 2.3 million PCs.

While those high visibility raids appear to have an impact on worldwide spam levels—cbl.abuse.com reports that spam volumes have dropped from 2800 messages per second in October 2010 to 800 a second in September 2011—snowshoe spam levels continue to climb and will continue to do until CAN SPAM is amended to address the problem.

Junk Mail Law Contributes to Expansion of ‘Snowshoe Spam’

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Not only is email the most common form of business communication, but it is also an important tool when it comes to compliance, record keeping and covering yourself.

So when a report comes out that claims that email delivery rates are 81% relying on electronic messaging for so many things can easily be called into question.

According to a study from Return Path, worldwide delivery rates for email communications hasn’t improved since 2009. The study also showed that 7 percent of all messages were classified as spam and 12 percent never reaching their destination.

For North American email users, the numbers are a bit better. An 86 percent deliverability rate is up 4 percent from the 2009 study and 6 percent are flagged as spam with 8 percent getting lost in the “mail”.

But despite the growth, 14 percent of all messages still aren’t reaching their destination successfully. That email could be the acceptance of a proposal, an important message to a client or customer or simply a happy birthday message to a loyal employee. Regardless of the content, when you send an email you expect that the recipient will get it. And when this breaks down it can cost your business money.

Why don’t emails ever find their way?

There are many reasons why an email never reaches its destination. These are some of the most common:

Hardware/software failure

Servers fail and software becomes corrupted and outdated. Without fault tolerance built into an email system when things go down, both incoming and outgoing messages can be lost. Archiving can help with some messages, but only those that your company has attempted to send or you have already received.

If your organization is like every other than making sure your email system is always running is of vital importance.

Poorly configured clients

One of the draws to using a cloud based email provider is that much of the configuration responsibility lies with the provider. Since they are in house experts everything is usually set up properly.

However if your company is using email software clients then your IT staff is likely tasked with making sure things are set up correctly. In this scenario, a typo in the IMAP, POP or SMTP server address can lead to failure.

Likewise, an employee without the proper training or knowledge can cause some serious problems when it comes to setting up the client correctly.

However the most likely configuration errors will occur when it comes to mobile devices. Employees who set up their personal smart phones and tablets to send and receive business email may make a mistake leading to messages being tossed around in never, never land.

Blacklisting

Ironically, one of the most successful means of growing your business can have a huge impact on your email.

If you find that your company’s messages are being flagged as spam, check with your marketing department. Have they recently launched an aggressive email marketing campaign? Maybe they have just started sending out newsletters via email?

Email marketing, if not done properly, can easily lead to your domain being blacklisted as a source of spam.

Overly aggressive spam filters

Putting a spam filter in place sounds like a good idea. After all, who doesn’t want to stop spam from making it to our inboxes?

Yet sometimes we can have too much of a good thing.

When it comes to spam filters, having a solution that is too aggressive may actually flag emails that are legitimate and harmless. If messages you want to receive contain a heavy concentration of words, phrases or symbols that are common to spam, an untrained filtering solution might flag it causing a false positive result.

To avoid this it is important to use a spam filter solution that you can trust but also one that your staff has been effectively trained to manage.

Statistics show that more often than not, you can rest assured that your email message will reach its destination with no problems. However it always makes sense to do whatever you can to help get your messages delivered and make sure that any legitimate emails coming into your organization find their way to the appropriate inbox.

Has Your Email Lost Its Way?

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Whether you are gathering research for marketing, trying to support a project or just making a point the use of statistics always helps build a stronger argument. The following list of statistics were put together regarding email and fall under a variety of subjects such as general email, email marketing and, of course, email security.

1. In 2009 there were 1.9 billion email users worldwide. That is projected to grow to 2.5 billion users by the year 2014.
2. In 2010 there were an estimated 2.9 billion email mailboxes. 730 million of them are business email inboxes.
3. There was an estimated 294 billion emails sent every day in 2010 totaling over 90 trillion emails sent every year, or 2.8 million emails sent every second.
4. The average number of emails sent by a typical business user each day is 43. That same user receives an average of 130 emails each day.
5. Of those 294 billion email messages sent every day it is estimated that 90% of them are spam or malicious.
6. The average corporate employee spends 25 percent of their work day on email related tasks. This is compared to 14 percent spent on face to face meetings and 9 percent spent on the phone.
7. The amount of spam is increasing at a rate of 20 to 25 percent every year.
8. 74% of all adults online state that email is the preferred method of communication.
9. A Yahoo! survey found that one third of all people would rather clean their toilets than clean out their email inbox.
10. The average size of an email message is 75 KB which is about 7000 words in plain text.
11. The average size of a spam message is less than 5 KB in size.
12. The average user spends about 1 hour and 47 minutes using email.
13. One third of all people aged 18 to 34 check their email when they first wake up.
14. 62 percent of people admit that they regularly check work email over the weekend and 50 percent admit to checking work email while on vacation. 78 percent of this is done using mobile devices.
15. Lost productivity due to dealing with spam costs businesses approximately $897.86 per user every year.
16. 26 percent of Small and Medium Sized Businesses will suffer around 30 minutes of unplanned downtime every month when it comes to email services.
17. In 2008 there were 158 billion marketing emails sent by US retailers and wholesalers. By 2013 that number is expected to grow to 258 billion.
18. 91 percent of all spam contains some sort of link.
19. 18 percent of all spam makes use of a URL link shortening service.
20. Out of the 76 billion spam messages sent with a Bit.ly shortened URL, 168,000 where clicked at a rate of .0002 percent.
21. 64 percent of all spam messages are related to a pharmaceutical product. Other popular topics include Casinos at 7 percent and watches at 6.5 percent.
22. 1 in 284 emails contain malware.
23. 1 in 445 emails are phishing attempts.
24. Only .7 percent of spam comes from free webmail services like Gmail or Hotmail.
25. 1.1 percent of spam were forged to look like they were sent from legitimate webmail accounts.
26. Botnets account for 88.2 percent of all spam sent to your inbox.
27. A single bot sends approximately 77 spam emails per minute.
28. In 2010 there were over 339,600 different malware strains identified in emails that were blocked as being malicious.
29. In 2010 Italy intercepted the highest percentage of spam at 93.5 percent.
30. The continent responsible for sending the highest percentage of spam in 2010 was Europe at 39.3 percent.
31. Before it was brought down, Rustock was responsible for 47.5 percent of all spam, or 44.1 billion spam messages sent out every day.
32. The second most productive spam botnet in 2010, the Grum botnet, was responsible for 9 percent of all spam equaling 7.9 billion messages a day.
33. Roughly 93 percent of all spam in 2010 was sent in English. 5.7 percent of these messages were considered to be unknown.
34. Only 33 percent of all spam messages sent to Brazilian email addresses was sent in Portuguese.
35. In 2010 Outlook was the most popular email client with 36.71 percent of the market share. Hotmail was second with 16.23 percent.

35 Interesting Statistics About Email

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

The primary role of the email administrator is to make sure that emails sent from your company are successfully delivered, and emails sent to your coworkers are received. Of course there are quite a few other responsibilities that the average email admin has to address as well and one of them is to prevent spam from being delivered to the inboxes of your colleagues, but how often do you think about spam being sent from the accounts you are responsible for?

For email administrators that have a solid security team in their corner usually find that clients relaying spam is a rare occurrence. Yet what is an email administrator to do when a company’s email marketing efforts get their domain blacklisted?

Email Marketing Is Here To Stay

According to a study by Marketing Sherpa, marketers see email marketing as a viable way to build brand awareness, increase web traffic and increase sales. And as trends like newsletter marketing increase in popularity you can expect those responsible for spreading the word about your company’s products or services will still rely heavily on mass emails.

While email marketing is a highly effective method of communicating with customers, it can present a problem for mail administrators if these campaigns are not carried out in conjunction with those responsible for the organization’s email system.  That problem is being labeled as a spammer.

Real Life Example

This example can be taken from any number of SMEs, and it has probably happened to quite a few readers out here as well.

Working for a small start-up with about 20 employees, I found myself in the position of wearing multiple IT related hats, running the company’s Exchange servers being one of them. One day when checking my email I noticed a large number of undeliverable emails. Upon looking into it further, everyone in the company was seeing the same thing and everyone was being warned that their emails were labeled as SPAM by certain DNS Blacklists.

Not seeing any type of SPAM relays or illicit outgoing traffic, I began cleaning up the mess by getting our domains removed from the DNSBLs and clearing our name with other filters. Looking into the cause of the problem I found that the people responsible for our marketing had taken it upon themselves to set up an open source mass mailing solution, bought multiple email lists and started blasting these people with emails on a continuous basis. They meant no harm, but they had effectively damaged the reputation of the company, brought down our email system and irritated a large portion of those they were marketing to.

The Solution

If bulk email marketing is here to stay then those responsible for email and those responsible for marketing have to be on the same page. In the example above, the marketing staff got the approval of the CEO and moved forward without my knowledge. Had I known that they were planning to undertake a bulk email campaign I would have been able to recommend the following:

• Be careful when buying email lists.

Most email lists for sale are overused and stale, that is why they are so cheap. The best option for mass email marketing is to use a double opt-in list. This works by having the recipient sign up to receive emails from your company and then you send them a confirmation email as well. If your marketing department goes against this advice and is insistent on purchasing, or renting, an email list then make sure they work with a reputable company. Not only will they have a more targeted list but you will have less of a chance that recipients will complain about your messages being spam.

• Clean up your email lists frequently.

One of the things I noticed was that while the email provided for a way to opt out, those who wished to be removed weren’t. When people ask to be taken off a list make sure that they are removed right away.

• Craft email messages appropriately.

Remind the recipients who you are and that they chose to receive emails from you. Also, make sure that whoever is writing the messages understands how things like all capital letters, poor spelling and grammar and certain words can trigger a spam filter.

• Consider using a third party.

There is no sense in risking your domain being listed on the DNS Blacklists. By having a third party service handle your mass email marketing you avoid your IP address being associated with SPAM.

• Keep it legal.

In small companies, not everyone is up to date on laws regarding SPAM. If your marketing people are going to undertake a mass mail campaign, you may be the closest thing to an authority on the subject. Be available as a resource to help them keep email messages in compliance or at least be able to guide them towards the necessary information.

Marketing communications provide a great deal of value to your customers and your company. They bring in revenue and help businesses grow. The key is to find a balance between regulating outgoing email and allowing the marketing team to do their job effectively.

Email Marketing and the Email Administrator

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

When your e-mails are flagged by the spam filters as legitimate spam, it can be bad for your business as communication gets derailed, especially if you are expecting an important email.  To avoid losing an important client or work getting prolonged due to e-mails not being read, you need to ensure your messages always reach the intended mailboxes.

It seems that the spam filters sometimes automatically move messages tagged as “illegitimate messages” into the spam inbox section.  You can actually prevent this from happening by composing a good message that will pass the spam filters.  The spam filters generally work by employing a scoring system.  If an e-mail message gets a high score, the higher the chances of the message arriving at the spam folder and eventually being deleted without being read.  To get over the spam filters, you need to know some dos and don’ts so you can guarantee that your important messages will appear in the proper mailbox of the recipient.

1. Control the excitement in your message
   Spammers usually use words and phrases that will excite the readers.  On top of the list are offers of large sums of money and amazing breakthroughs.  Money back guarantees and offering the same products that cost less can be part of legitimate offers but will definitely trigger spam filters to give the message a high spam index score.  You need to avoid using all uppercase in your text and putting more than one exclamation point at the end of a sentence.  Find out spam keywords that most spam filters are looking for such as “Affordable,” “Bargain,” and “Free,” among others.
2. Plain text is still better
   E-mails can be sent either as a plain text or as an HTML page.  Most of the time spam filters are strict with e-mails that are in the HTML format and will most probably be sent to the spam folder unless you use good coding procedures in your HTML.  In conveying the desired message, plain text format is still more suited.  You should know that there are more recipients who prefer to receive e-mail correspondences using the plain text format.
3. Avoid including attachments
   Most spam contains attachments that are destructive.  Sending e-mail messages with inappropriately named attachments will trigger spam filters all the time.  As much as possible, put the content of your attachment inside the body of the message and provide links rather than attach a file to your message.
4. Always check your sender score
   There is actually a sender score that determines the reputation of your e-mail address as a sender.  Businesses that often launch e-mail campaigns are the ones that get affected more with the sender score rather than an average personal or business account.  You need to check your sender score as often as possible for you to be able to repair the damages if there are any.
5. Avoid sending spam
   Those who market things by way of e-mail even to those people who did not subscribe to the mailing list will often be blacklisted.  Getting your e-mail account and domain name off a blacklist list is quite difficult.  Make sure that you send e-mails to those who want to receive e-mail from you.   Spam filters will flag your messages no matter what is inside your message.
6. Use black fonts over coloured fonts
   Even though black-coloured fonts seem a bit boring, they are safe from spam filters.  More often than not, coloured fonts excite most spam filters and will likely move your messages to the spam folder.  If the consequence of having a more stylish message will make your message be tagged as spam, then it is not worth it.  Black text can also be professional and looks clean.
7. Make it a point to test your list of recipients
   If you intend to send a message to a large mailing list, test your message by including your e-mail in the recipient list.  You can create e-mail accounts specifically just for testing if the message gets through the inbox or the spam folder.  As much as possible, test your message using your test accounts on different machines with different platforms to be able to see if there are problems with a specific operating system.  There are also e-mail clients like “Microsoft Outlook” that you need to check.  Testing your message is a necessary step especially if you are sending important e-mail correspondences like newsletters to a huge list.
8. Avoid using the word “test” in your test email
   When you use test accounts and test messages, you need to avoid using the word “test” in your e-mail in the subject line and in the body of the message to ensure that your message will not trigger the spam filters.  Most spam filters include the word “test” in their watch list.
9. Make your subject very specific
   Most often, messages get flagged as spam by spam filters due to the way the subject was written down.  Make your subject line as specific as it can be without divulging important details.  Spam filters know that spammers will not put details in the subject line.  For example, if your message is about a reminder about an important meeting, the subject that says “Important Meeting Tomorrow” is acceptable but it will be much better if you include a little detail like the time and place for the meeting.
10. Hire professional online marketers
    If your messages always end up on the spam folders of your recipients even if you apply the necessary precautions, it can be a big problem for your business.  It is important that you get professional help from experienced online marketers.  Before any damage is done to your online marketing campaign, it is important that you receive professional advice as well as pinpoint the cause of the problem.  Online marketing companies usually know how to salvage the reputation of your marketing campaign and eventually your company’s name.

10 Ways to Make Sure your Emails Never End Up in the Spam Folder

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Email marketing is still one of the most effective ways for a company to get the word out regarding a new product launch, a discount or sale, or simply to keep in touch with their existing clients and customers.

Spammers take comfort in the fact that many upstanding businesses still rely on good old fashioned email marketing because it helps reinforce the legitimacy of marketing emails. The more comfortable people feel with marketing emails, the greater the likelihood that they will fall for spamming or phishing emails as well.

As an email administrator, nothing can be worse than to find out that your emails have been tagged by one or more of the DNS blocking lists, or DNS blacklists, as a sender of spam. Believe it or not, many small and medium sized businesses suffer from this very problem when they undertake a mass email marketing campaign. Users start to complain that they can no longer send emails to people on their contact list, sales staff finds it impossible to contact their leads and worse – the president of the company has his or her email returned. All because something led the blacklists to believe that your servers were sending spam.

Getting your address removed from the DNS blacklists is not an impossible task and can usually be done by following the instructions provided by the Internet Service Provider or primary blacklist that you are on. Staying off the blacklists is another thing altogether.

Keeping yourself and your company off the DBSBLs is obviously a better approach than reacting to the possibility of having your emails stopped. Clearly, the time spent cleaning up your company’s image with the blacklists is money lost so working to keep your reputation clean is your first priority.

These techniques should be taught to your users to help prevent your domain from being scrutinized. It is a good idea to work with the marketing department or any outsourced marketing agencies that your company works with to make sure that they understand a) the policies you are putting in place and b) why you are putting these policies in place. The more understanding they have, the greater the chance that they will buy into these recommendations.

1. Do not allow employees to use business email for personal use

Your corporate email policy should address this as well. If it doesn’t then your organization may need to take a second look at its IT and email policies as a whole.

The reason why personal use of email should be disallowed is because too often people forward chain letters that ask others to forward these messages as well. These messages often contain items that can be flagged as spam and the continued forwarding can trigger certain blacklists as well.

2. Reduce the number of identical emails you send at a given time

Spam filters and blacklists look for identical messages sent to multiple recipients because that is what spam is. Let users know that mass mailings should take place over time with ample time in between mailings.

3. Make the body of the email look less like spam

Image only emails or messages that contain multiple attachments can easily arouse suspicion. The same can be said for long lists of URLs in the body of the message. Explain to users that email’s primary purpose is to communicate. If the message doesn’t look like real communication it doesn’t look good.

4. Avoid writing like spam

In the workplace you should always take care to write emails like a professional. Writing in all caps is not only unprofessional but it also triggers the spam filters. So does a great deal of poor grammar.

Terms used in your email may also cause the blacklists to take notice. Pornographic or pharmaceutical terms may be reasons for the filters to take a closer look. They also keep an eye out for casinos and the terms: free, mortgage, cash and money.

This goes for your subject lines as well as the message itself.

5. Be proactive

Ask important businesses contacts to add your email to their company’s white list. This is a common practice nowadays. Also, make sure to keep your computer and network clean from infection as malware can be responsible for sending spam without your knowledge.

Like any other policy, there will certainly be people who don’t understand why they have to follow them or wonder why your company finds it necessary to put them into place. As an email administrator, it is your job to help users understand why some of these steps are necessary to protect not just the company as a whole, but each individual’s livelihood as well.

5 Simple Rules to Stay Off Email Blacklists

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Whether conducting directory harvest attacks against servers, or just slamming them with a dictionary list of possible recipients, spammers frequently use automated scripts that use SMTP commands, but don’t behave like SMTP servers. These scripts can be as basic as opening a telnet session to TCP port 25 on a server, and running through the commands defined in RFC 821  to send emails, including just the basic HELO, MAIL FROM:, RCPT TO:,DATA:, SUBJECT:, and QUIT. Frequently these scripts just execute the command as fast as the system can run through the commands, instead of waiting for the appropriate responses to come from the servers.

One effective way to help servers resist these sorts of efforts is to implement tarpitting. Named for the geological feature of lakes of naturally occurring asphalt (bitumen) where unlucky animals can wander in, become trapped in the sticky tar, and never escape, tarpits in networking are systems configured to trap misbehaving network connections by slowing down responses to a crawl. The ideal with an SMTP tarpit is that a system can respond normally to proper communications from another SMTP server, but when a threshold is tripped by a spammer, the server slows it responses down to the point where the spammer’s script at best fails, and at worst, is slowed down to the point where more time is wasted trying to send email than in actually forwarding the junk. In this post, we’ll see how to manage this in Exchange 2010, though most enterprise class mail servers also support this feature, or can be extended with SPAMD or commercial appliances.

SMTP tarpitting was first added to Exchange with 2003’s service pack one, and is on by default in both Exchange 2007 and Exchange 2010. In Exchange 2003 SP1, you can enable this with a registry key. Browse to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters
and then create a dword called TarPitTime. Configure a decimal value in seconds. 0 means this feature is turned off. 5 is a good starting point (Exchange 2010 defaults to this;) though your mileage may vary, so monitor your inbound queue to ensure that legitimate email is not backed up too much.

As mentioned above, tarpitting is turned on by default in Exchange 2010, and the default value is 5 seconds. Tarpitting is engaged when a sending system issues the RCPT TO: command and specifies an address that does not exist on the system. A receiving system is supposed to respond with a “550 5.1.1 User unknown” message when this happens. Without tarpitting, this response occurs immediately.

Directory harvest attacks can run through an extensive list of common aliases and names, looking to see which generate 5.1.1s and which generate “250 2.1.5 Recipient OK” responses. If you believe that yous system is the target of these attacks, and the tarpitting value is not long enough, you may want to increase the value. This will not prevent directory harvest attacks, but it will slow them down, and make the time and effort it takes a spammer greater.

You can configure this value using the Exchange Management Shell. Launch an administrative Exchange Management Shell, and enter this command.

Set-ReceiveConnector –Identity name –TarpitInterval <EnhancedTimeSpan>

where name is the name of your ReceiveConnector and the time is specified as hh:mm:ss, where h = hours, m = minutes, and s = seconds, which is kind of funny since the maximum value is ten minutes. When you set the value to 00:00:00, you disable the tarpitting interval.

When adjusting the tarpitting interval, keep the following in mind. Setting a value of 00:00:00 turns off tarpitting completely, making spammers’ jobs easier. You don’t want to be that guy. However, setting a value too high can slow down legitimate mail. Make small adjustments in the tarpitting interval until you find your sweet spot.

Slow spammers to a crawl with SMTP tarpitting

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Remember the movie ‘Castaway’ starring Tom Hanks about how a man becomes stranded on an island and has to relearn some of the most basic survival skills such as making firing, building shelter, improvising clothes and footwear, doctoring and most importantly finding food?

At the beginning of the island scenes the castaway tries casting a fishnet in the hopes of catching fish but is able to only catch a few small sardines. The movie then fast forwards and we find that the castaway has evolved his food hunting skills and is now able to catch a much larger fish using a single throw of a spear.

In the email security world this is very much like what has happened with regard to email phishing attempts on large organizations. In the beginning, these attacks were similar to the casting of a wide net, a mass email distribution to as many individuals in the organization as possible in the hopes of catching a small percentage of recipients thus gaining access to private yet valuable information that was later used to cash in on the unsuspecting recipients.

Just as our novice fisherman in the movie was able to evolve and learn new skills which allowed him to catch a bigger fish in a lesser amount of time and energy so has our phishing community also evolved to catch a bigger fish in a shorter amount of time and with more accuracy within a large organization using targeted attacks now known as “spear phishing”.

Traditional phishing tactics involved the use of fraudulent emails and fake web sites which were set up to enlist the details of your identity – name, address and credit card numbers – in the hopes of running your credit cards up to their limits. Spear phishing is a more targeted approach and includes emails sent to specific groups of individuals who meet specific criteria such as high ranking members of an organization.

There are several safety measures that companies can take to prevent employees’ identities being stolen. Such safety measures include:

1. If you do not know who the sender is then do not open the email.

This is a most effective method to preventing someone from stealing your identity. If you do not recognize the name of the person or company who has sent you the email then, very simply, do not open the email. Most of the time emails that are opened end up being replied to because the recipient has opened the email and most likely inadvertently mistook the originator’s email address as a valid or legitimate sender.

2. If you are thinking about replying to the email then at the very least make sure you investigate the background of the sender and their company.

Once an email has been opened it will have a higher chance of being replied to and contain personal information. Recipients of suspicious emails should try to contact the company of the purported origin. Investigate phone numbers, addresses and even go so far as to contact the local Better Business Bureau.

3. Do not click on any links or icons in the email.

Oftentimes a spear phishing attack will include links or icons in their emails with the obvious intent that a recipient would unsuspectingly click on those links or icons and then unknowingly downloads, and in some cases launches, an application that is itself modeled after the Trojan horse attacks that should be well known by all system administrators by now. But with these new links come applications which are not destructive but exist as parasites which remain on the now exposed system capturing keystrokes and then uploading that information to a remote site where the data is then mined for usernames, passwords, credit card numbers and other valuable information.

4. Report any suspicious emails.

For example, I have received several emails over the years from different spoofers who have purported to represent Paypal. Instead of immediately replying to these suspicious emails I opted to contact the real Paypal company using customer service phone numbers or known (saved) email addresses from them. After a while I knew where to send (forward) suspicious emails. I would forward these suspicious emails to such addresses as spoof@paypal.com or to complaint-response@paypal.com. You should always remember to provide the date and amount of any money that is being requested of you.

Always file complaints with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov/default.aspx.
“The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). IC3′s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. “– as listed on the IC3 web site.

5. Implement filters which will scan for phishing attacks.

   For instance, Microsoft has a filter, SmartScreen, which is a feature of Internet Explorer 8 that is designed to protect you from fraudulent websites. It runs in the background and analyzes websites and will ask you if you really want to go to a particular website. The websites you visit are checked against a list of suspected phishing websites that is kept up to date. A red warning notification will be issued if the filter matches a website against its list. File downloads are also checked for your safety.

5 Tips on how not to become a Spear Phishing Victim

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

If you haven’t received an email from someone asking you to buy their latest and greatest digital device or some other product that promises to help you lose weight and look younger in twenty-four hours then consider yourself not part of the world population.

We’ve all received these emails either through our email mailboxes or via text messages on our cell phones. And in case you haven’t heard of it, it’s called spamming.

Spamming involves massive distributions of email messages to recipients that number in the thousands to tens of thousands. All the spammers need is for one percent to five percent of the recipient pool to open their spam messages to get their message out there. That one percent to five percent can translate into 20 to 50 persons for a small sampling of 2,000 recipients to upwards of 200 to 1,000 people on the high end sampling of 20,000 recipients. And it doesn’t cost the spammers anything more than the keystrokes needed to send out their burst of emails and the costs associated with the harvesting of email addresses which is another subject altogether.

So how can an administrator protect their enterprise from being the subject of these email spamming campaigns?

Well, here are six best ways to protect your enterprise end users from spammers.

1. Warn your end users not to use their corporate email addresses when responding to forums or newsgroups in public mainstream forums.

Studies have shown that users who post on public internet sites using their corporate email addresses are more likely to receive spam messages than those users who do not post on public web sites and public forums. As an administrator it is a good practice to remind corporate users of email policies intended to protect not only the end users from spam but also the company.

2. Discourage or block out web sites that are not related to work-related matters.

Internet web sites that are not related to normal working day to day activities can be blocked through the use of firewalls and protocol filters. Such sites might include adult web sites and other sites which promote the use of illegal products. But having filters set up to block those sites from being used by employees computers can help to decrease the time spent on such sites and at the same time increase employee productivity.

3. Require end users to modify their email signatures so as not to give out their email addresses with complete domain names.

Spammers use “bots” that are little chunks of code whose only purpose is to crawl around the internet web sites – specifically HTML web pages – in search of email addresses.

There are a lot of scripts out there – usually four to five lines of code – that can easily be downloaded and modified with the appropriate corporate email addresses such that your internal email addresses are only exposed when the web page is browsed. This prevents a “bot” from pulling email addresses directly off of your corporate web sites and protects any of your corporate customers from becoming the subject of spammers who crawl your web site.

Another ploy administrators can use to hide their corporate email addresses is to literally write out their email addresses as in asking interested parties to send email to “myname at companyname dot com”. Use this format instead of the “mailto:“ link normally used on HTML web pages.

And if you want some payback you can always employ the use of software which will create fake email addresses and URL links that go nowhere whenever spambots are discovered.

4. Discourage the use of email service providers – and hence public email addresses – that corporate users are allowed to use in the enterprise environment.

Public email service providers such as Yahoo!, AOL, Hotmail, et al. are targets for the spammers. Just limiting the number of public email accounts that an employee uses in the corporate world for communications can significantly reduce the number of spam mail messages they receive.

5. Don’t flame.

It is a better strategy to just walk and ignore the spammers. All you’re really doing when you send back negative email to spammers is engage them for future discussions. And it really is a waste of valuable time that should be used for work or other activities. A corporate email policy should also include an edict on not responding to spam.

6. Use spam blocking software.

   There is a lot of software available which can prevent and limit the number of spam emails that a company receives. Such anti-spamming software can be used to separate the spam email messages from the rest of the valid email that is normally received in day to day operations. Some packages include firewall like protection from specific domains known to send out spam.

Lastly, file complaints with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov/default.aspx.

6 Best Ways to Stop Spamming

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Sometimes spam, viruses, and other malware filtering at your email gateway isn’t enough. It’s important to keep your host anti-virus signatures up to date, and if you don’t have anti-virus protection at your firewall or on your network at the Internet gateway you should seriously consider it.

Here’s why these items are critical. Some recent malware attacks have used malware embedded in video and audio streams as a transfer. They can gain an initial foothold, so to speak, by managing to get a link to your users in a spam email. If your spam filter doesn’t block the message, a link in the email appears to be a video or audio link, but in fact the destination contains a trojan that is embedded in the content stream.

This method of attack isn’t exactly new. For example, the ZLOB Trojan began making rounds in 2005, and began gaining traction in 2006. Some attacks with it simply involved downloading other viruses or malware. Using a video link, however, for users that have their ActiveX controls set to download codecs automatically means that those users with poor virus protection would automatically download the virus and become infected.

Now, most of us won’t have this problem, right? Surely you and your users would, at a minimum:

1. Have host-based as well as network/perimeter-based anti-virus protection.
2. Keep your anti-virus signatures up-to-date for all your systems.
3. Not have your browsers set to automatically download and install ActiveX controls or codecs.
4. Have users trained, understanding not to install random codecs or ActiveX controls themselves.
5. Have in place strong anti-spam protection that may block messages from domains likely to send these messages.
6. Have perimeter security measures in place that detect and block or intercept malicious content as it appears.
7. Have users trained well on the risks of clicking unknown links, or going in search of suspicious content.
8. Have a proxy or firewall with content filtering in place, with a policy that prohibits visiting or traffic from certain domains known to be sources of malware.
9. Keep your systems patched with the latest security patches from your OS vendor and from your application vendors.
10. Frequently review your security protections and rules in place, and carefully consider before making changes allowing more permissive use and access to and from protected resources.

The most security conscious of us and those that keep current with security risks and trends in security technology may think that all of this is old news, that of course they won’t have any problems–and they may be right. I hope so. However, new small businesses and new business Internet users are appearing all the time. As these businesses grow and expand, they may have transition periods where their deployed technology changes and of course upgrades will happen sometime. At those times, extra vigilance is required. If you are brought on board during a transition period as an email administrator, network administrator or security administrator, be aware that such risks are heightened.

While the attempt to execute malicious code via a codec installation may seem to be old hat, consider that new vulnerabilities appear frequently. Consider that Windows Media Player can play streaming content, and couple that with the recent vulnerability MS09-047, Microsoft Windows Media Playback Memory Corruption Vulnerability. This vulnerability can permit remote code execution. Exactly the sort of vector needed by the sender of the spam we started this discussion with. A maliciously crafted Windows Media Format file pointed to by a link in a spam email. Granted, this vulnerability and other like it have been patched, and if you are up-to-date on your patches it isn’t actually a threat.

Where this can become a problem (and as far as I know it isn’t with this vulnerability) is when the patches interfere or conflict with mission critical applications and can’t be applied, and when system updates (unfortunately including some antivirus and security patches) that may require reboots can’t be done as soon as they are received. Testing and verification may be required in your business (and is a good idea if it’s not part of your routine) before applying new patches and updates. During this window of time, when the attacks are launched on “zero day”, till your patches are applied, your systems may be vulnerable. During this (hopefully brief) time period the sort of attack described at the beginning of this post could actually penetrate your security and wreak havoc. Follow the ten tips listed above, and minimize your vulnerability.

Malware Threats from Unexpected Sources: Trojans Embedded in Streaming Video Links

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Despite the generally excellent performance of most modern, well-tuned anti-spam engines, some spam is going to get through. We may be lulled into a false sense of superiority when for a period of time our anti-spam tools and techniques have borne fruit, and we see that we have more-than-just-excellent results; we have no spam in our inboxes for an entire day, week, whatever. Then, it returns. We’ve all seen it happen. Some strangely formatted message that you or I can surely tell is garbage, a bizarre attempt to sneak through your heuristics that has surprisingly succeeded.

Lately it has been some rather clever nonsense. I’ve been getting these spam emails with a particularly peculiar twist. Many of them have what appear to be at first glance meaningful, but “non-spam” sentences. On closer look, the sentences are strange, and not quite sensible. For some reason they consistently were getting through the spam filtering. What was strangest to me was the lack of any marketing content or attempt to sell whatsoever. They did have a link in the message, and the link was not ever to the same web destination or even clearly directed to an obvious undesirable site. This may have been one of the reasons this set of spam got by; to the filters, it looked really no different than a sentence or two sent by a friend describing some link they thought I would be interested in.

The content appears to be randomly generated by some sort of sentence constructor, which picks nouns, verbs, adjectives and strings them together, so that they seem to be part of a coherent sentence, but are not. The sentences are not riddled with attempts at sales or exciting your interest; instead they are just random. Oftentimes eerie in their close-but-not-quite structure.  Here’s an example, to show what I mean.

Part of him was shocked, but most. of him wasn’t even surprised. seen that right away.
There were maybe fifty in all, most. no bigger than plump raisins. No.

This is just one of the most recent ones. Often they have better punctuation, notice that this one has a few periods without spaces following and missing a few capital letters. One thing we don’t see is the crazy mixed-case words, with sexual content misspelled intentionally and with an obvious attempt to excite or lead us on into clicking the link that was attached and apparently unrelated to the text.

Now here’s the thing I found problematic. I can’t see where this content is going to work to be parsed in an anti-spam scanner in most cases, as it’s random enough when compared with the other spam of the same “type”, and yet the content could easily be valid if you wrote me: “Part of him was shocked, but most of him wasn’t even surprised.” Does it make sense to try to include this in our heuristic anti-spam scanners? I think not. We have to combat this by another means.

An old standby would have been to block inbound messages from this sender or IP address, but unfortunately this one came from Hotmail and I just can’t see blocking all email from any Hotmail senders, as much as I might want to do it some days. That was the first thing to do, though, is examine the headers and the log files to be sure that the mail did in fact come from where it claimed, from a Hotmail address and not from some other source. I still see significant forging of email headers.

The next comparison I made was to determine if the link embedded in the email was actually pointing to the Web site it said it was, and not apparently a link with a different URL within it.  In this particular case, the link was to a Google reader URL, and did have some objectionable content. So, although I can’t very well block any messages that might have Google reader links in them, you might be able to.  It depends on your email use policy and Internet access policy. Perhaps your business and your employees just have no use for Google reader at work. If not, I found several more spam messages that got through, with completely different text content, completely random and almost literary, with no obvious mention of sexual content, all sent from major web based email services.

The common relationship was the inclusion of a link that pointed to Google Reader. That’s what we’d need to filter as objectionable content. Other links to other sites came in some other spam emails, but there were enough (three) in a short time that we can see this was the mechanism they were using. The near-random and non-contextual nature of the Google Reader links make just blocking them based on the URL difficult, the ones posted by users have simply long numerical strings as identifiers. Pretty much random as well, although it might be possible rather than blocking any and all links to Google Reader content to selectively block ranges of users, although how to do that efficiently, I can’t yet see.

The Latest Spam Getting Through Your Filtering – and What to Do About It

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

In a somewhat peculiar case, e360Insight LLC – the one-man mass mailing company which sued Spamhaus for besmirching its *cough* good name with accusations of spamming and which is now itself being sued for spamming – is suing data aggregation company ChoicePoint for CAN SPAM violations and breach of contract.

BackGround: e360Insight bought millions of email addresses from ChoicePoint. Some of the addresses were marked with an “O” to indicate that they could not be used for email marketing, while others were marked with an “I” to indicate that they could be used for email marketing. e360 proceeded to send emails to all addresses, regardless of whether they were marked with an “O” or an “I” – and that resulted in them being sued by some peeved recipients. Now here’s where it gets interesting: CAN SPAM prohibits the selling of email addresses belonging to people who have opted out of mailings. Consequently, e360 are claiming that ChoicePoint breached both contract and CAN SPAM provisions by selling opt-out addresses, even though those addresses were clearly marked as such:

If Ms. Sidewater’s assertion is true, this assertion constitutes an admission of violation of the CAN-SPAM Act of 2003, which provides that if a recipient requests not to receive commercial email, then it is unlawful for the sender to release, sell, or transfer such person’s email address to a third party. Thus, ChoicePoint admits that it breached 12(a)(ii) of the Agreement. But for this breach, e360 would not have sent any emails to the complainants and would not have been sued.

Hmmm. Gotta say, I don’t have much sympathy – in fact, make that I have no sympathy at all – for either side in this dispute. Who’d you prefer to see win? A(n) spammer alleged spammer? Or a company which sells your email address to a(n) spammer alleged spammer?

Tough choice!

Should you be interested in reading more, the documents are available over at SpamSuite.

A Case of the Lesser of Two Evils?

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

The Swiss Security Blog (SSB) published results of research performed from honeypots implemented on their network. This is a small example of the benefits of honeypots, while exposing the potential damage new Trojans accomplish everyday.  Security Honeypots are closely monitored network decoys serving several purposes:

- distract adversaries from more valuable machines on a network

- act as an early warning system for new attack and exploitation trends

- allow in-depth examination of adversaries during and after the exploitation of a honeypot.

The results of the research identified a Trojan in the The Swiss Security Blog honeypots. An initial analysis identified the Trojan had contacted a server in Russia. A closer look revealed up to 200 simultaneous sessions between this server and many potentially infected clients. This was quite a large scaled command and control server (C&C).  A C&C is designed to serve thousands of infected systems in order to keep groups of different malware running. An in-depth examination of the data flowing between the SSB honeypots and this C&C suggested that the infected client received usernames and passwords for compromised FTP accounts around the world. Although it may be speculation, the goal was to implement keyloggers or trade in specialized criminal markets for this kind of information to be plausible. Subsequently, the infected clients used the supplied credentials in order to log into the affected FTP accounts and recursively scanned for typical filenames appearing on websites (like index.html). Not all of the accounts are necessarily websites, but a a decent amount were. Appropriate filenames found are modified in a subtle way for unsuspecting visitors to enter their login credentials into those websites. People using browsers with unpatched vulnerabilities would be infected by malware without requiring any additional action by the users. This kind of infection is called a DriveBy infection, because users can be infected by simply accessing a website (hence “drive-by”). “Drive By” infections are increasingly presenting themselves as the method of choice, instead of sending virus containing spam emails.

As of December 15, 2008, the table below provides a snapshot of the fifteen countries with the largest number of stolen credentials from these honeypots:

Rank     Country   # of credentials
1     United States             33,033
2     Russia                       19,464
3     UNKNOWN               16,209
4     Turkey                        4,210
5     Germany                    4,153
6     Hungary                     3,787
7     Australia                    3,318
8     Ukraine                      2,895
9     Czech Republic         2,568
10   Thailand                    1,967
11    India                         1,951
12   Poland                       1,927
13   Canada                     1,737
14   Kingdom                   1,643
15   France                       1,562
16   Other                      11,618

15 Countries most affected by security honeypots

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

When a Michigan State student fired off an email to nearly 400 faculty members protesting the school’s plans to shorten the 2009 fall semester, she probably didn’t expect to be labeled a spammer, but that’s exactly what happened. One of the people who got the email, a biology professor, promptly filed a complaint with the university’s administrators and now the student is facing a disciplinary hearing. None of the other faculty who got the email had a problem with it.

 

MSU’s bulk e-mail rules say that e-mailing more than a “small set of recipients”–with the maximum number set at 30 people–is verboten. In a statement on Friday, MSU said: “It is clear that this policy is content neutral and is a set of procedural requirements that apply to all bulk use of the e-mail system, as opposed to a policy that makes distinctions based on the content of particular e-mails. It is our belief that such a policy does not impose unlawful restrictions on free speech.” MSU declined to comment on specifics, citing privacy laws.

If MSU were a private school, such strict limits would be a matter of its contract with students and faculty: objectionable and inconsistent with academic freedom, perhaps, but not necessarily illegal. But because MSU is a public school, it is legally obligated to provide students with due process rights and it must protect their free speech rights.

The Foundation for Individual Rights in Education is protesting the university’s actions and is considering filing a First Amendment lawsuit against it and the university president.

Michigan State Reprimands Student Over Email Flap

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

We do pay a lot of attention to filtering out spam, and rightly so. The vast majority of all email traffic is spam, and while some of it is merely annoying, some also contains dangerous malware in the form of attachments, or links to malicious web sites. It drains bandwidth and saps productivity. Constant vigilance and strong protection is called for.

At the same time though, email has become a vital part of business, and a vital part of marketing and customer relations. Where does spam stop and valid email-based marketing begin? It’s not as clear as one might think. Some take the position that anything whatsoever related to a commercial product is spam, which is actually a bit shortsighted. Companies whose products you use, for example, may create a periodic email newsletter, to keep you and other customers informed of changes, updates, and industry information.

It may happen, and frequently does, that your legitimate email newsletter falls on the wrong side of various keepers of blacklists. Of course, reputable blacklists are the meat and potatoes of the spam industry, and they go a long way towards keeping our inboxes clean. And if they are reputable, they will have an appeal process that should be fairly straightforward, usually consisting of a web-based form in which you can state your case for being removed from the blacklist. TrustedSource, for example, has such a process. If you find a large percentage of those email newsletters getting bounced back, it’s worthwhile to take a look at what is blocking them. Take a look at their rules, and find out why you were put on the blacklist in the first place. If there was a specific action you took that landed you on the blacklist, take corrective action; if you were placed on the list in error, then speak up and tell them you don’t belong there. There are dozens of ways you can land on the list in error, not the least of which is inheriting an old IP address that was previously used by a real spammer. 

The flipside of spam protection: Keeping your business out of blacklists

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators