At least once a week I get a call form an email user complaining about email being rejected. The complaint goes something like this, “I tried to send our monthly report email to a group of people, but quite a few were rejected.”  I explain that many email systems like AOL, MSN, Earthlink etc. will reject email, if it contains more than 10 to 15 email addresses. The email systems consider a long list of email addresses within an email to be spam. Yes, you know the people to whom you are sending the email. Yes, the email addresses are valid. Yes, you are not sending spam. Unfortunately email systems don’t know the difference between friendly emails and spam. Email systems are programmed to reject email, if there is a bulk amount of email addresses.  I recommend using a List Server (LISTSERV) for mailing lists. A LISTSERV can handle thousands of email addresses and successfully send email to all email systems without spam rejections.  That is because a LISTSERV controls the mailing so each email system receives it as one email address at a time.

Continue reading Why to use a LISTSERV for your email groups»

This being the end of the year, it’s an appropriate time to think about what the next big spam threats are going to be. Needless to say, spammers are getting more creative, and they’re getting better at defeating the spam filters. They’re using targeted attacks (phishing) a lot more, and they’re not deterred when we take down their ISPs. The shutdown of McColo recently, which was the largest hosting organization for spammers, caused only a temporary dip in the volume of spam. Will it ever stop? The more relevant question to ask is, “is there still money to be made in spamming?” And the answer is yes to both. It was recently reported that New Zealand caught and fined the head of an Herbal King spam gang, Lance Atkinson, $100,000. But the hundred grand is just a drop in the bucket for Lance, who was reported to have generated $7.5 million in revenue in less than nine months. That’s a heck of an incentive.

Continue reading SPIT the next big spam threat»

Job hunters who register with sites like Careerbuilder and Monster.com in hopes of finding employment are discovering an unpleasant response to their resumes – spam. Lots of it. As unemployment numbers rise, spammers are rushing to take advantage. Job hunters who’ve posted their resumes on these sites are receiving an avalanche of spam in hawking everything from dubious “sales” positions to free business cards and offers of help getting government subsidies. It’s not known whether the sites are selling their user’s information, but experts suspect the spammers are getting their information in a much simpler way: by registering as employers and scanning the millions of resumes that have been posted on them. Think about it. A resume contains everything a spammer needs. Your name and address, which helps them personalize the spam, making it more likely to be read, your job info, which helps them target certain types of spam to you (but not very well. A person who lists experience as a legal secretary often ends up getting spam related to law enforcement) and of course your email address. Spammers also know that since you’re looking for a job you’re likely to read every job related email you get, and they take full advantage of it.

Continue reading Spammers Targeting Users of Popular Job Hunting Sites»

Exchange Server 2007 includes anti-spam functionality that provides the capability to quarantine suspected spam that is received from the internet.

Quarantining spam is generally done only for email with a moderate likelihood of being spam as opposed to email that has a very high likelihood of being spam which would normally be rejected entirely.  The use of quarantine allows false positives to be detected and addressed on a case by case basis, as well as allowing the email administrator to adjust the spam thresholds to minimise false positives.

Configuring spam quarantine with Exchange Server 2007

The decision to quarantine a suspected spam email is based on the Spam Confidence Level (SCL) that is calculated by the Exchange server’s Content Filter agent.   Spam that meets or exceeds the quarantine threshold (without meeting any higher thresholds that would cause it to be rejected or blocked entirely) will be sent to the designated quarantine email address.

Although this quarantine feature is basically useful, the implementation suffers from some significant shortcomings when it is employed in a larger organization. Continue reading Managing spam quarantine for Exchange Server 2007»

Phishing is an estimated $3 billion a year industry and the costs incurred by companies who fall victim to such attacks are rising steadily. So says a report by security monitoring firm Cyveillance. Among those costs are fraudulent charges on credit cards, customer support calls, cash withdrawals from hacked accounts, and employee time spent dealing with all the above.  Other costs that are more difficult to place a cash value on include damages to corporate reputations and branding and loss of customers.

Continue reading Phishing Costs Rising Steadily»

A good cook has the ability to take something ordinary and turn it into something that looks elegant. Take Spam, for example, (the luncheon meat, not the email); every cooking magazine, household journal, and recipe section of the newspaper will have at least one article at some point on how to dress up Spam to impress your friends and family. Some of the pictures of those dishes look pretty good, too.

Spam (the email) can also be dressed up to look more elegant, and like those luncheon meat recipes, can be very deceiving. Cisco’s 2008 Annual Security Report provides some insight into how spammers are becoming more sophisticated. Now when you open up that can of luncheon meat Spam and plop it out onto the plate, you can immediately recognize it. The meat itself takes on the shape of the can, and it has little bits of gelatin around the edges. You can also recognize your garden-variety email spam as well, almost immediately. When it plops out into your email box, the email spam also has a recognizable “shape”–it is usually generically addressed, with little bits of poor grammar around the edges, and it’s trying to convince you to do something you wouldn’t ordinarily do.

Continue reading Cisco reports targeted spam on the rise»

The CAN-SPAM (The Controlling the Assault of Non-Solicited Pornography and Marketing) Act is celebrating its 5th birthday. President Bush signed it into law in December 2003. The act mandated that marketers comply with the following mandates:

• Ensure that the “FROM” line clearly reflects the sender’s identity
• Include subject line text consistent with message content
• Include their valid postal address
• Contain a working opt-out mechanism as a way for the consumer to decline to receive further commercial email from the sender. (Although most experts advise never clicking an opt out link in a spam message as it usually just tells a spammer your address is active and actually reads spam!)

Continue reading Happy Birthday CAN-SPAM!»

This is that time of year where people send each other those animated or video greeting cards. So spammers are leveraging this social networking eCard tool to set traps for unsuspecting people to click on computer-damaging links. Over on Tech Republic an article provides results of an interesting experiment. The goal was to identify which eCard sites were being used by spammers.

As the researcher on Tech Republic explains, over a two month period he received a few of those animated eCards and videos. Even though he didn’t click on the link in the email to view them, the damage had been done. They already had his email address. So, after two years with this new email address and priding himself on being spam free, he was suddenly receiving four to ten spam emails each day.

Continue reading Cute eCards are Spammers’ Hideout»

That’s what some of his supporters are saying. The President-Elect had the most successful online campaign in history, but now some on his mailing list are tiring of the emails they are getting. Most tout limited edition merchandise such as mugs, t-shirts, and calendars, or solicitations for contributions to the Democratic National Committee. Many consider this spam and want to know what Obama is going to do about it.

          Some civilian members of Obama’s network are more than a little annoyed by the continued requests for money and other assistance. In her article, “The Audacity of E-mail,” Dahlia Lithwick of Slate wrote, “I really am going to miss seeing ‘Barack Obama’ in my inbox three times a day. But … please stop e-mailing to ask for money. You’re president-elect now, Barack. Consider yourself cut-off.”

Continue reading Barack Obama:Spammer?»

Exchange Server 2007 anti-spam functionality includes the Content Filter agent which is designed to provide spam detection based on the contents of an email message.

The Connection Filter agent is based on the Intelligent Message Filter first introduced in Exchange Server 2003.  The Intelligent Message Filter bases its spam detection on a database of email submissions from Microsoft partners that is used as a basis for heuristic scanning of email content.  A “spam confidence level” (SCL) rating is then assigned to the email message and used to determine whether to classify the message as spam or not.

The SCL rating is a number from 0 to 9 where the higher the number the more likely the email message is spam.

The Content Filter agent assesses the content of email messages after the Connection Filter agent has initially determined whether the sending host should be blocked entirely or not.  The order of priority improves Exchange server performance by removing the most obvious spam based on the sending IP address before the more resource intensive content filtering takes place. Continue reading How to protect Exchange Server 2007 with Content Filtering»