Snowshoe Spam is a growing problem.

Continued growth of snowshoe spam has prompted Spamhaus, a leader in the war on junk email, to craft a specific response to it. Earlier this month, the spamfighters rolled out a CSS component of the organization’s Spamhaus Block List.

The SBL is a database of IP addresses from which the organization recommends blocking email. Mail systems throughout the Internet can query the database in real time. It allows email administrators to identify, tag or block incoming messages from IP addresses blacklisted by the group as being connected to sending, hosting or originating unsolicited bulk email, better known as spam.

According to Spamhaus, CSS is an integral part of the SBL. It’s distinguished, however, by a different return code, 127.0.0.3. Users of the SBL need not do anything to activate the new CSS, other than to make sure that their existing spam filters can handle the additional return code.

Snowshoe Spam gets its name from the way it fans out its malicious behavior over the Web. Just as snowshoes spread the weight of a step on snow to minimize sinking and facilitate travel, snowshoe spammers spread their abhorrent activities across a multitude of IP addresses. By doing that, they can reduce their visibility on the Web and raise havoc with reputation metrics and evade detection by spam filters. The spammers know a percentage of their clutter will be diverted by anti-spam systems deployed by their targets, but by broadening the swath of their efforts, they can increase that percentage.

Continue reading Spamhaus targets snowshoe spam»

In my last blog post Why Is It Really So Hard to Tackle Spam I mentioned that a lot of spam originates from compromised home computers, not email servers, and that many of these computers end up on blocklists such as Spamhaus as a result.  In a comment on that post our reader Donovan Hill also mentions Spamhaus.

“I found the most effective thing to preventing spam was to start by using a list like Spamhaus…”

So what exactly is Spamhaus, and how do these blocklists work?  To answer this question we must first understand the problem that blocklists were created to solve.

Why Do Blocklists Exist?

Blocklists came about due to the desire by email administrators to easily block spam emails from likely spam sources.  If a particular sending host is known to be a spam source, or is very likely to be a spam source, it is more cost effective to make that determination based on the IP address of the sending host rather than on the content of the email message.

Continue reading Understanding Blocklist Providers»

There is no question that spam is a problem for businesses who must deal with thousands or even millions of unsolicited advertising, phishing, and hoax emails every year.  But the problem of spam becomes more than just how to deal with the incoming junk.  Spam also hinders the ability of businesses to engage in effective email marketing.

What is Email Marketing?

Email marketing is quite simply the legitimate use of email for communicating with customers.  The problem today is that many people cannot tell the difference between email marketing and email spam.  In fact some spammers can’t even tell the difference, branding themselves as “internet marketers” and operating with no regard for the problems that they cause.

Continue reading Using Email Marketing the Right Way»

When you boil the spam problem down it becomes quite simple – someone is sending you emails that you don’t want to receive.  This makes the anti-spam solution a simple one too – stop unwanted emails from arriving in someone’s email account.  However, actually achieving this is a very complex task.

Any anti-spam system that is worth using will contain a range of preventative measures and features that are used to determine whether an email is likely to be spam or not.  As a complete solution they can be very effective, but taken individually and their weaknesses become more apparent.  Here are some examples.

Source IP Filtering

Also known as Connection Filtering, DNSBL, or RBL, this technique compares the source IP of an incoming SMTP connection to a list of suspected spam sources.  The list can be either a manually generated list that the email administrator creates, or can be a subscribed list by a third party provider (such as SpamHAUS).  If the IP address is on the list then the email is considered likely to be spam and the server will drop or reject it.

The weakness of this technique is when IP addresses are mistakenly included in the list.  A legitimate email server may find itself blocked by other systems that are subscribed to a particular IP list, which prevents important business email from being sent to those systems.  Similarly, some regular sources of spam emails such as free web-based email services cannot be blocked by IP address because that would certainly block a lot of legitimate email as well.

Content Filtering

Early anti-spam products made decisions about spam emails using single word matches such as “Viagra” or foul language.  This quickly proved fruitless because spammers would simply vary the word slightly in each email, for example “v1agra” and “via.gra”.  Content filtering then improved to include databases of spam phrases and patterns and would assess more of the content in an email to determine if it was spam. Continue reading Anti-Spam Products Are More Than the Sum of Their Parts»