Fact: spam cannot be blocked with 100% accuracy. No matter which anti-spam product you use and no matter how many hours you spend configuring it, it’s absolutely inevitable that some spam will slip through the net and that some valid email will end up being blocked. While a few missed spam emails may not be too much of a problem, a few blocked valid emails can be extremely damaging. I mean, who wants to deal with a company that doesn’t reply to emails? But the consequences of wrong trashed emails can be worse than simply lost business and damaged customer relationships.

In 2007, the Washington Post reported the case of Franklin D. Azar & Associates. The basics of the story are as follows. The law firm ramped up the settings on its anti-spam in order to block pornographic emails which had been reaching users’ desktops. The appliance started blocking the unwanted messages, but it also started blocking emails from the United States District Court for the District of Colorado which caused Azar and Associates to miss a court hearing. The judge subsequently ordered that the Azar and Associated pay the costs of the opposing counsel who did appear. The judge commented that “It is incumbent upon attorneys to adopt internal office procedures that ensure the court’s notices and orders are brought to their attention once they have been received,” and “That it would have been a very simple task to whitelist the United States District Court for the District of Colorado’s domain name of “cod.uscourts.gov” to ensure that such emails with this domain name would always be received.”

The Identity Theft Resource Center issued some thoughts and predictions for this year, and the general consensus is that it doesn’t look good. It’s a given that the poor economic situation is going to persist, and this is going to …

A New Zealand spammer was fined $100,000 after admitting to being responsible for a flood of spam hawking male enlargement pills that flooded local inboxes. In a three month period at the end of 2007, he and his associates sent over …

Here’s yet another example of spammers and phishers going off the traditional path to try a new bag of tricks. Fortunately, this one didn’t work. Alley Insider carried a fascinating account and transcription of an IM discussion, where a Nigerian …

In what Google officials are blaming on human error, for a while every site on the Internet was labled as malicious. For about an hour on Saturday morning, every search result had the warning “This site may hurt your computer.” Users …

Michigan State University has dropped the spam charges it filed against a student last year. Kara Spencer was hit with a disciplinary hearing after she sent an email to 391 faculty members protesting a change in the school’s calendar. MSU’s acceptable …

The effects of the McColo shut down appear to be all but over. Security experts say spam has risen by 159% since November 2008. When McColo was knocked off the net after the discovery that it hosted a wide variety …

Many organisations that implement an email anti-spam solution will apply a multi-layered approach.  They will implement a system that includes content filtering, IP block lists, quarantine of suspected spam items, Bayesian detection, and other important features.

Unfortunately all too often they will forget the last and most important line of defense against spam – the end user.

Spammers want to fool computers first

Spammers will use many tricks which evolve over time to try and bypass the sophisticated anti-spam systems protecting email servers around the world.  The spammer will misspell keywords, stuff email messages with harmless looking text around the malicious content, hide text within images, forge sender email addresses, relay through insecure email servers, and blast spam messages out to millions of recipients as quickly as possible to try and get past the filters before they are updated for new spam techniques and signatures.

Only the most aggressive anti-spam system configuration can prevent 100% of spam content from reaching end users.  This level of protection is usually impractical for businesses because of the resulting number of false positives (genuine email treated as spam) which may disrupt important business communications and cost thousands or even millions of dollars as a result.

This risk means that most businesses will tune an anti-spam system to prevent false positives, the end result of which is usually a small number of false negatives (spam treated as legitimate email).

The world economic crisis has set the stage for hackers, spammers and phishers to have a field day.   They can just about steal city hall, if people don’t pay attention.  According to security experts, this crisis alone will increase attacks in 2009. Expect to see an increase in emails lulling people with false promises for “easy to get mortgages” or fast income with “work at home opportunities”.  With emotions running high to find sources of income, easy targets are people who have lost their job or who can’t pay a  mortgage with foreclosure hiding around the corner.  Desperation provides spammers with the perfect target each time.

Aurelija with PC1 News provides some keen predictions for 2009 to be on guard about.  Social networking sites will continue to be phished but in a much more professional way with a goal of collecting as much personal information and information surrounding a person’s inner circle of friends and associates as possible. Certain types of spam will target proper names and be segmented according to demographics or certain types of markets. Be on the look out for shorter spam messages that will trip up spam filters with shorter messages. Other spam may resemble legitimate newsletters and other special offers. Once a person falls prey, the spam may spread with a viral marketing effect through their personal network.

Consider providers having to respond more often to CAPTCHA breaking techniques in 2009 by enhancing the CAPTCHA process, while deploying alternative CAPTCHA approaches. Any web site requiring a personal account to be created online will continue to be targeted and the CAPTCHA failure rate will continue to increase accordingly.

The advance fee fraud (419 scam) should be considered a continuing spam threat and worth giving vigilant attention. It is expected that these types of messages will become harder to recognize at first glance.  Messages will contain only a couple of sentences, rather than a long story. Cyber criminals will try to trick potential victims and involve them in their schemes slowly, inviting them to find out more about the offered “business opportunity”. Besides, scammers will also make greater use of email attachments to convey their messages with more detail. This facilitates  the scammers to bypass traditional anti-spam filters.

A new study from security firm Sophos reveals that spam is getting more malicious than ever. In the 4th quarter they reported the following stats: October – 1 in every 256 emails sent included a malcious attachment. November – 1 …