When the U.S. CAN SPAM Act was passed eight years ago, critics of the measure doubted it would put a dent in the flow of Internet junk mail. They were right, but few would have predicted that many spammers would use the law as a subterfuge for their pesky activities. They do that with “snowshoe spam.”

It’s called that because it exploits the principal used by snowshoes to prevent their wearer from sinking into deep snow. They do that by distributing a walker’s weight over a larger area of snow. Snowshoe spam keeps junk e-mail from being sunk by a system’s spam defenses by spreading the spew across multiple IP addresses.

That can be particularly effective against an email system’s volume filters. Those filters monitor the origin of email. If a large volume of email with the same content is coming from an IP address, those filters will start blocking the email and treat it as spam. By using multiple IP addresses, spammers can keep the volumes on any single IP address low enough to submarine the thresholds used by the volume filters. Continue reading Junk Mail Law Contributes to Expansion of ‘Snowshoe Spam’

Not only is email the most common form of business communication, but it is also an important tool when it comes to compliance, record keeping and covering yourself.

So when a report comes out that claims that email delivery rates are 81% relying on electronic messaging for so many things can easily be called into question.

According to a study from Return Path, worldwide delivery rates for email communications hasn’t improved since 2009. The study also showed that 7 percent of all messages were classified as spam and 12 percent never reaching their destination.

For North American email users, the numbers are a bit better. An 86 percent deliverability rate is up 4 percent from the 2009 study and 6 percent are flagged as spam with 8 percent getting lost in the “mail”. Continue reading Has Your Email Lost Its Way?

Whether you are gathering research for marketing, trying to support a project or just making a point the use of statistics always helps build a stronger argument. The following list of statistics were put together regarding email and fall under a variety of subjects such as general email, email marketing and, of course, email security.

1. In 2009 there were 1.9 billion email users worldwide. That is projected to grow to 2.5 billion users by the year 2014.
2. In 2010 there were an estimated 2.9 billion email mailboxes. 730 million of them are business email inboxes.
3. There was an estimated 294 billion emails sent every day in 2010 totaling over 90 trillion emails sent every year, or 2.8 million emails sent every second.
4. The average number of emails sent by a typical business user each day is 43. That same user receives an average of 130 emails each day. Continue reading 35 Interesting Statistics About Email

The primary role of the email administrator is to make sure that emails sent from your company are successfully delivered, and emails sent to your coworkers are received. Of course there are quite a few other responsibilities that the average email admin has to address as well and one of them is to prevent spam from being delivered to the inboxes of your colleagues, but how often do you think about spam being sent from the accounts you are responsible for?

For email administrators that have a solid security team in their corner usually find that clients relaying spam is a rare occurrence. Yet what is an email administrator to do when a company’s email marketing efforts get their domain blacklisted?

Continue reading Email Marketing and the Email Administrator

When your e-mails are flagged by the spam filters as legitimate spam, it can be bad for your business as communication gets derailed, especially if you are expecting an important email.  To avoid losing an important client or work getting prolonged due to e-mails not being read, you need to ensure your messages always reach the intended mailboxes.

It seems that the spam filters sometimes automatically move messages tagged as “illegitimate messages” into the spam inbox section.  You can actually prevent this from happening by composing a good message that will pass the spam filters.  The spam filters generally work by employing a scoring system.  If an e-mail message gets a high score, the higher the chances of the message arriving at the spam folder and eventually being deleted without being read.  To get over the spam filters, you need to know some dos and don’ts so you can guarantee that your important messages will appear in the proper mailbox of the recipient.

Continue reading 10 Ways to Make Sure your Emails Never End Up in the Spam Folder

Email marketing is still one of the most effective ways for a company to get the word out regarding a new product launch, a discount or sale, or simply to keep in touch with their existing clients and customers.

Spammers take comfort in the fact that many upstanding businesses still rely on good old fashioned email marketing because it helps reinforce the legitimacy of marketing emails. The more comfortable people feel with marketing emails, the greater the likelihood that they will fall for spamming or phishing emails as well.

As an email administrator, nothing can be worse than to find out that your emails have been tagged by one or more of the DNS blocking lists, or DNS blacklists, as a sender of spam. Believe it or not, many small and medium sized businesses suffer from this very problem when they undertake a mass email marketing campaign. Users start to complain that they can no longer send emails to people on their contact list, sales staff finds it impossible to contact their leads and worse – the president of the company has his or her email returned. All because something led the blacklists to believe that your servers were sending spam.

Continue reading 5 Simple Rules to Stay Off Email Blacklists

Whether conducting directory harvest attacks against servers, or just slamming them with a dictionary list of possible recipients, spammers frequently use automated scripts that use SMTP commands, but don’t behave like SMTP servers. These scripts can be as basic as opening a telnet session to TCP port 25 on a server, and running through the commands defined in RFC 821  to send emails, including just the basic HELO, MAIL FROM:, RCPT TO:,DATA:, SUBJECT:, and QUIT. Frequently these scripts just execute the command as fast as the system can run through the commands, instead of waiting for the appropriate responses to come from the servers.

One effective way to help servers resist these sorts of efforts is to implement tarpitting. Named for the geological feature of lakes of naturally occurring asphalt (bitumen) where unlucky animals can wander in, become trapped in the sticky tar, and never escape, tarpits in networking are systems configured to trap misbehaving network connections by slowing down responses to a crawl. The ideal with an SMTP tarpit is that a system can respond normally to proper communications from another SMTP server, but when a threshold is tripped by a spammer, the server slows it responses down to the point where the spammer’s script at best fails, and at worst, is slowed down to the point where more time is wasted trying to send email than in actually forwarding the junk. In this post, we’ll see how to manage this in Exchange 2010, though most enterprise class mail servers also support this feature, or can be extended with SPAMD or commercial appliances.

Continue reading Slow spammers to a crawl with SMTP tarpitting

Remember the movie ‘Castaway’ starring Tom Hanks about how a man becomes stranded on an island and has to relearn some of the most basic survival skills such as making firing, building shelter, improvising clothes and footwear, doctoring and most importantly finding food?

At the beginning of the island scenes the castaway tries casting a fishnet in the hopes of catching fish but is able to only catch a few small sardines. The movie then fast forwards and we find that the castaway has evolved his food hunting skills and is now able to catch a much larger fish using a single throw of a spear.

In the email security world this is very much like what has happened with regard to email phishing attempts on large organizations. In the beginning, these attacks were similar to the casting of a wide net, a mass email distribution to as many individuals in the organization as possible in the hopes of catching a small percentage of recipients thus gaining access to private yet valuable information that was later used to cash in on the unsuspecting recipients.

Just as our novice fisherman in the movie was able to evolve and learn new skills which allowed him to catch a bigger fish in a lesser amount of time and energy so has our phishing community also evolved to catch a bigger fish in a shorter amount of time and with more accuracy within a large organization using targeted attacks now known as “spear phishing”.

Traditional phishing tactics involved the use of fraudulent emails and fake web sites which were set up to enlist the details of your identity – name, address and credit card numbers – in the hopes of running your credit cards up to their limits. Spear phishing is a more targeted approach and includes emails sent to specific groups of individuals who meet specific criteria such as high ranking members of an organization.

Continue reading 5 Tips on how not to become a Spear Phishing Victim

If you haven’t received an email from someone asking you to buy their latest and greatest digital device or some other product that promises to help you lose weight and look younger in twenty-four hours then consider yourself not part of the world population.

We’ve all received these emails either through our email mailboxes or via text messages on our cell phones. And in case you haven’t heard of it, it’s called spamming.

Spamming involves massive distributions of email messages to recipients that number in the thousands to tens of thousands. All the spammers need is for one percent to five percent of the recipient pool to open their spam messages to get their message out there. That one percent to five percent can translate into 20 to 50 persons for a small sampling of 2,000 recipients to upwards of 200 to 1,000 people on the high end sampling of 20,000 recipients. And it doesn’t cost the spammers anything more than the keystrokes needed to send out their burst of emails and the costs associated with the harvesting of email addresses which is another subject altogether.

So how can an administrator protect their enterprise from being the subject of these email spamming campaigns?

Continue reading 6 Best Ways to Stop Spamming

Sometimes spam, viruses, and other malware filtering at your email gateway isn’t enough. It’s important to keep your host anti-virus signatures up to date, and if you don’t have anti-virus protection at your firewall or on your network at the Internet gateway you should seriously consider it.

Here’s why these items are critical. Some recent malware attacks have used malware embedded in video and audio streams as a transfer. They can gain an initial foothold, so to speak, by managing to get a link to your users in a spam email. If your spam filter doesn’t block the message, a link in the email appears to be a video or audio link, but in fact the destination contains a trojan that is embedded in the content stream.

This method of attack isn’t exactly new. For example, the ZLOB Trojan began making rounds in 2005, and began gaining traction in 2006. Some attacks with it simply involved downloading other viruses or malware. Using a video link, however, for users that have their ActiveX controls set to download codecs automatically means that those users with poor virus protection would automatically download the virus and become infected.

Continue reading Malware Threats from Unexpected Sources: Trojans Embedded in Streaming Video Links