Everybody hates unwanted email or spam, and without an effective anti-spam solution in place, it costs US companies an estimated $21.8 billion annually,1 including infrastructure and bandwidth costs and the loss of employee productivity. To calculate your company’s cost of spam – try this online calculator (www.google.com/postini/roi_calculator.html). Implementing a powerful tool that helps with stopping spam in the first place can eliminate these outside threats to productivity.
Tips for Stopping Spam
- If you receive a “suspicious” email message – one from a sender whom you don’t know or recognize, simply delete the email. Spammers use code in their emails that helps perpetuate the problem and opening their emails helps them in this regard. A high-tech anti-spam solution will often nip this problem in the bud, however.
- Stopping spam is as easy as breaking the chain; don’t perpetuate unsolicited emails by forwarding or passing along messages that may appear legitimate but are likely hoaxes, for example tales of criminal activities, such as identity theft.
- Create and utilize a “disposable” email address in place of your primary email address when providing a contact email address for goods and service providers on the Internet. You can forward this disposable address to your primary address, and if the disposable address ever gets compromised and starts receiving a lot of spam – you can simply shut it off and create a new disposable address, stopping the spam being sent by those particular offenders. Many businesses will automatically add you to their email distribution lists and some may share or sell your email address to other companies.
- When ordering items online, do not check the box that states “YES, I want to be contacted by select third parties concerning products I might be interested in” or something similar.
- When you register a domain, use a disposable email address in place of your primary email address. Spammers will use “bot” software which automatically “crawls” the public domain registries and other websites to gather email addresses from these public records. Many domain owners use a generic “administrator@” mailbox that they only need to check occasionally. Usually, however, an anti-spam solution, should you have one, will catch these unwanted emails.
- When you receive unsolicited spam, do not select the box or click the link that states you would like to be removed from their mailing list. By sending a reply to the spammer, you will validate the email address for them. If you’re getting spam from a legitimate business, however, asking to be removed from their mailing lists can reduce the amount of unwanted email you receive and begin stopping the spam you are receiving, as they are required to respect your wishes because of the CAN-SPAM Act of 2003, a sort of middle man anti-spam solution.
- Without a proper anti-spam solution, don’t have a “catch-all” on your domain, where any mail sent to firstname.lastname@example.org gets delivered even if you haven’t specifically created the something@ email address. This “catch all” feature is very susceptible to the “brute force” method of spamming, where spammers send an email to every conceivable combination of letters and numbers, (such as email@example.com, firstname.lastname@example.org, email@example.com, etc.).
- Another spamming method that is harder to defend against is the “dictionary attack” (related to brute force spam attack) that sorts through possible name combinations hoping to find a valid address. Thus, a common name such as firstname.lastname@example.org may get more spam than a more unique name like email@example.com. Of course, it is harder to remember the “unique” email address than something like your name.
For more information on stopping spam – see the Federal Trade Commission’s whitepaper on how to avoid spam emails at www.ftc.gov/bcp/edu/pubs/consumer/tech/tec02.pdf.
A Comprehensive Anti-Spam Solution
Reputation Filtering — an anti-spam solution and technique that some email providers use — provides a powerful outer layer of defense for stopping spam. Formerly called “blacklists,” reputation filters deliver unmatched efficacy, accurately stopping spam at the connection level up to 80% of the time. This means they can stop the spam without even having to scan the content. The software and appliances used for reputation filtering in this type of anti-spam solution sometimes also support rate limiting capabilities which intelligently slow down suspicious senders—greatly reducing and even stopping the spam, without the risk of false positives.
Often, an anti-spam solution will use commercially available or open source online reputation databases for reputation scoring for IP addresses. If an IP address has a “bad” reputation in one of these databases due to historical monitoring and scoring of activities from it – it will be blocked as a source of spam. The customer’s score will increase over time after spam is no longer detected from the customer’s IP address. Some services can use several metrics to score an IP address, such as:
- An IP address’ presence on multiple reliable public blacklists or open proxy lists like spamhaus.org and Spamcop.
- The number of end-user complaints associated with an IP.
- The number of messages sent to invalid “spamtrap” accounts.
- Global message volume and changes in message volume.
- Frequency of URLs appearing in spam or viral messages.
Content Scanning – Another anti-spam solution that is used frequently involves examining the complete structure and content of a message, including:
– methods of message construction
The most effective anti-spam products use a combination of these and other techniques, to be more efficient at stopping spam as well as to decrease the number of “false positives,” or messages stopped by the anti-spam solution that are not actually spam. This combination of techniques is especially useful in the current day when spam techniques are constantly changing. Web Reputation technology mea¬sures the behavior and traffic patterns of a website to assess its trustworthiness. Content scanning technology determines the repu¬tation of any URL within a message body, so that a more accurate analysis of the messages can be performed. This enables a certain anti-spam solution to immediately protect its users from spam, phishing, and spyware threats distributed over email, stopping spam in its tracks.