Anti-Spam FAQ

 

 

Should I consider using a freeware anti-spam solution?

 Freeware software solutions are usually not as effective at stopping spam as the best commercial products. Freeware solutions are easily accessible to spammers, which they test against prior to sending their mass mailing to insure their email is not filtered. In addition, freeware spam filters may not be updated in a timely manner because developers are not required to support the software. With commercially available software like Process Software’s PreciseMail anti-spam solutions, filters are automatically updated to maintain a 98% spam detection rate at all times.

Users may also incur more cost when considering all the time that is spent on configuring and managing freeware than if they were to buy a commercial solution. Most commercial solutions support features to ease administrative tasks. Vendors also provide a dedicated professional technical support staff to answer customer questions.

Are there any laws prohibiting spam? How effective are the laws?

The CAN-SPAM Act took effect on January 1, 2004. In summary, the act requires unsolicited commercial email messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. It prohibits the use of deceptive subject lines and false headers in such messages. The FTC is authorized (but not required) to establish a "do-not-email" registry. State laws that require labels on unsolicited commercial email or prohibit such messages entirely are pre-empted, although provisions merely addressing falsity and deception would remain in place.

According to every reputable source, the level of spam has increased since this law was passed. America Online Inc. reported a 10 percent jump in spam from overseas after the CAN-SPAM Act was passed, possibly from spammers trying to evade U.S. law. Spammers are also very good at hiding their identity, which makes it extremely difficult to find and prosecute them.

Why do spammers send out junk email? What do they get out of it?

Many spammers earn a good living from their scams.For example,Jeremy Jaynes was convicted for spamming millions of email addresses through the use of a stolen database of America Online customers. He also illegally obtained email addresses of users of the online auction site eBay. Prosecutors found that he sent out at least 10 million emails a day. His average response rate was 1 out of 30,000 emails sent by selling software that promises to clean computers of private information; a service for choosing penny stocks to invest in; and a "FedEx refund processor" that promised $75-an-hour work but did little more than give buyers access to a web site of delinquent FedEx accounts. Jaynes grossed up to $750,000 per month on these illegal activities.

Will a subscription to a DNS blacklisting service stop all of my spam?

One of the oldest forms of spam filtering, DNS blacklisting uses a centralized database to block all email from a host being used to send spam. The provider of the blacklisting service maintains the database, adding entries for hosts that are being used by spammers. Access to several of these databases is free, while others require a yearly fee for usage. The two primary benefits to this approach are its low system resource requirements and its ease of maintenance.

Despite its small footprint and ease of use, DNS blacklisting has several serious flaws that prevent most sites from being able to use it effectively. By far the largest is the lack of granularity – either all of the email from a given host is accepted or all of it is rejected. Most blacklist service providers have a pre-defined set of rules a site must violate for it to be blacklisted. Spammers often hide behind the anonymity of large ISPs such as AOL or free email providers such as Hotmail, causing these services to be blacklisted. E-commerce sites, ISPs, and companies that deal directly with large numbers of email users can ill afford to perform a wholesale rejection of email from ISPs and free email providers. In addition, legitimate sites are occasionally blacklisted either by accident or because a spammer forged messages that appear to come from the site. Once blacklisted, it’s usually difficult to be removed from the blacklist database. Other technologies that identify spam on a per-message basis are much more acceptable to most sites for these reasons.

Spammers use several basic techniques to circumvent DNS blacklists. The most common is to send spam from multiple “throw-away” host addresses. Usually, several people must complain to a blacklist service provider before a host is placed in the blacklist database. Several hours or even days can pass before a host that has been complained about is placed in the blacklist database. Meanwhile, the spammer can send millions of email messages from that host. As soon as the host is blacklisted, the spammer purchases another host address for a nominal fee and the blacklist process must begin again.

A second technique is for the spammer to masquerade as a legitimate site, hoping that either they will escape being blacklisted or they will cause a legitimate site to be blacklisted. By causing legitimate sites to be blacklisted on a regular basis, spammers can reduce the accuracy of DNS blacklisting and force some sites to stop using it rather than lose important messages.

At best, DNS blacklisting can be used to identify and discard around 40% of the spam a site receives. As long as a site is willing to live with the possibility of legitimate email being rejected by factors outside of the administrator’s control, DNS blacklisting is a useful technology as long as it’s used in conjunction with other spam filtering techniques.

What is the market outlook? Will there be an end to spam?

All the trends indicate that the quantity of spam will increase over the next few years. According to IDC,spam represented 32% of all email messages sent on an average day in North America in 2003, essentially doubling from 2001. This poses a growing threat to lost employee productivity and system and network resource consumption. In addition, Gartner reported that there was a 79% growth in identity theft from June 2002 to June 2003.

Why is junk email called “spam”? Where did the term come from?

Hormel Foods created the name in 1936 when they named their spiced ham product SPAM. In reference to junk email, this term came from a spam skit by Monty Python's Flying Circus. In the sketch, a restaurant serves all of its food with lots of spam, and the waitress repeats the word several times in describing how much spam is in the items. When she does this, a group of Vikings in the corner start to sing a song:

"Spam, spam, spam, spam, spam, spam, spam, spam, lovely spam! Wonderful spam!"

Thus the meaning of the term is something that keeps repeating and repeating to great annoyance.

In April of 1994, the term became more well-known when two lawyers from Phoenix posted a message advertising their services in an upcoming U.S. "green card" lottery. The ad was posted to every single newsgroup (message board) on USENET, the world's largest online conferencing system. There were several thousand such newsgroups, and each one got the ad. Quickly people identified it as "spam" and the word caught on. Future multiple postings soon got the appellation.

How do spammers conceal their identities?

SMTP is a standard Internet protocol used to transfer email messages between servers. It captures information on the route of a message, but lacks security. Spammers can exploit this by altering an email’s origin. The headers of an email message can be spoofed to make it look like the message is from an innocent party. Bot networks or zombie drones consist of many compromised systems running malicious software. This software propagates throughout the network, just like a virus infecting innocent Internet users. Once this program has infected a computer, a spammer can remotely control the computer and send spam from it.

Other ways spammers can conceal their identities is by taking advantage of an organization’s SMTP servers that are configured incorrectly, leaving them vulnerable as open proxies and open relays. An open relay, sometimes called an insecure relay or a third-party relay, is an SMTP email server that allows third-party relay of email messages. By processing email that is neither for nor from a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of spam. An open proxy server allows unauthorized Internet users to connect through it to other computers on the Internet.

How do spammers get my email address?

Spammers use harvesting programs, such as robots and spiders to record email addresses listed on both personal and corporate websites. US researchers at the Center for Democracy and Technology conducted a study where they collected 10,000 messages over a 6-month period using 250 email accounts. They found that over 97% of the spam was sent to addresses that had been posted on public websites.

Should I use software, a service, or an appliance to filter spam?

The best solution for your organization will depend on your organization’s budget, requirements and resources.

Budget – Many anti-spam vendors including Process Software offer a software subscription service. Customers pay based on the number of email user accounts. The PreciseMail Anti-Spam Gateway subscription includes software, product updates, filter updates, and technical support. Volume discounts and educational program discounts are available.

Anti-spam appliances tend to be the most expensive of the three solutions. The initial price is higher than a service or software solution (on a price per user basis), which only makes it affordable for an organization with a large number of users. However, the annual maintenance cost may be lower than a software subscription. Be aware that there may also be some hidden costs with a hardware solution. You will need to consider whether an additional appliance is needed to scale to your organization’s growing email security needs. For example, does the appliance have the ability to support additional email users and what is its capacity to support additional features? An additional appliance may need to be added or replaced with a new one over a certain period of time and therefore must be calculated into the cost of the investment.

Requirements - There are many features than an organization should consider when evaluating an anti-spam solution. Process Software has identified a set of criteria and outlined testing procedures that can be used for an objective comparison of the various anti-spam solutions in our Anti-Spam Evaluation Guide.

Resources - The choice between outsourcing or an in-house solution will depend on your organization’s resources. PreciseMail Anti-Spam Gateway eliminates spam effectively and provide administrators with complete control over their email. If your organization has the IT and hardware resources to implement a solution internally and prefers to have complete control over the systems and software, we recommend a software solution such as PreciseMail Anti-Spam Gateway.

Can’t I just delete spam? Why do I need a spam filter?

Spam is no longer a nuisance; it is costing organizations millions of dollars in terms of lost productivity and system and network resources. The average annual cost in lost productivity to spam per employee is $874 (Nucleus Research).

The cost of spam due to increased server resource requirements in 2004 is an estimated $86 per user (in a 10,000 person company). In 2007, it is forecasted to be $257 (Radicati Group, Inc.)

Why do I get a message that was addressed to abc@example.com when my address is def@example.com?

Unfortunately, the "To:" line can be misleading. The “To:” line displayed to users has no influence on the address to which an email message is actually delivered. The “To:” line can be equated to the address typed at the top of the page in a written letter. The post office doesn't see that address, and has no effect on how the letter is delivered. Instead, delivery is controlled by the address that's on the envelope. In email, the address that corresponds to the "envelope address" is the SMTP "RCPT TO" command that's used when one Mail Transport Agent transmits a message to another.

Many spammers also use "Bcc:" (blind carbon copy) functionality. The Bcc addresses are put into the SMTP "RCPT TO" command and not into the header of the message.

As a result, the address in the "To:" line can be irrelevant and actually might not correspond to any of the real destination addresses. A message delivered to you that doesn't have your email address in the "To:" line is much more likely to be spam.