Spam Slammers... Which Is The Most Effective Type?

Unfortunately, no spam slammers can guarantee to automatically remove all spam before it hits your inbox. However, there are spam systems that can go a long way towards eliminating the problem.

Although some spam will inevitably get through, a spam slammer -- otherwise known as a spam blocker or antispam, etc -- saves an enormous amount of time that we would otherwise spend in sifting out the junk by doing this manually.

Generally, anti-spam techniques fall into four categories:

  1. Filters
  2. Sender Policy Framework (SPF)/Reverse Lookup
  3. Challenge/Response
  4. Cryptography


Whilst unsolicited bulk email is a serious issue against which we need to guard privacy and security, the smart use of spam slammers can go a long way towards minimizing the problem. So let's take a look at each type...


1. Types Of Spam Slammers...
Spam Filters

Spam slammers using filters rely on several techniques to separate genuine messages from junk email and have helped reduce the bulk-mail deluge.

Most spam blocker filters rely on a combination of techniques to identify spam and these include:

  • Word lists. Lists of words that are known to be associated with spam, such as, "sex".

  • Black Lists and White Lists. These lists contain known IP addresses of spam and non-spam (e.g. friends and family) senders, respectively. Every address on the Black List is considered spam and not let through, whereas every address on the white list is.

    Some spam slammers use Real-Time Black Lists. These lists are provided by the collaborative services of commercial organizations or communities of interested users, such as Spamhaus.

    Most spam slammers also allow the user to set up their own white and black lists. Microsoft has been testing a Bonded Sender program that uses pre-approved lists of mass marketers, enabling them to become "white listed". The effectiveness of this white list depends on marketers' willingness to go through the vetting process necessary to be included.

    The addition of Microsoft's millions of email users to the program makes it far more likely that legitimate marketers will want to sign up, enabling their opt-in messages to pass the increasingly rigorous spam filters. Cleared marketers put up cash bonds that can be deducted against if their messages breach standards of conduct for legitimate e-mail marketing.

    Although white lists are not a cure-all, they can help by freeing up a spam filter to catch unwanted e-mail.

  • Trend Analysis. By analyzing the history of email sent from an individual, trends can help assess the likelihood of an email being genuine or spam. This can be an effective technique to help reduce false positives and improve spam detection rates.

  • Learning or Content filters. Learning filters, such as Bayesian networks, examine the content of each e-mail and learn word frequencies and patterns associated with both spam and non-spam messages. They then filter messages according to what they have learnt.

MailWasher Pro has all four of these filters. It is the spam blocker that I use and highly recommend. You can read my evaluation at Spam Spammers With MailWasher Pro.


Filters And Their Limitations

Although spam filters are the most successful of antispam software, they do have three limitations :

  1. Spammer tactics to bypass these filters. For example, to counter word lists, spammers randomize the spelling of words like "Viagra", to become "v1agra" and "viaagra", etc. This means that filter rules must be updated by the user or the vendor on a weekly/monthly basis.

  2. False-negatives and false-positives. As vendors and ISPs have increased their ability to block spam, they are also blocking more genuine mail.

    For example, to avoid the filters, spammers started to use "Re:" in their subject fields. Many popular spam slammers were then altered to block these tactics, but they also occasionally stopped legitimate mail.

    The more effective a spam filter, the greater the probability of misclassifying a genuine email as spam (false-positive). The less effective a spam filter is, the higher the risk of classifying spam as genuine mail (false-negative).

    The risk here is, if the spam contains malware, the user, believing the mail to be genuine, can trigger the malware by just looking at it in the preview pane, by opening the mail, or opening an attachment.

  3. Double-checking emails. Because of this possibility of false-positives and negatives, it is prudent for the recipient to check both the spam box and the inbox. The former is to ensure no genuine mail is there and the latter is a security precaution.

    Of course, although double-checking is a must, it's another step in the time-wasting process of removing spam.


Remember... no spam slammer is 100 percent effective. Even if you don't mind losing the odd, genuine email, I cannot stress how important it is for us to check our inboxes for spam and to delete it, without viewing it in the preview pane of our email client... otherwise, malware could be triggered.

To do this, place the cursor on the mail subject line, right click, then 'Delete'.


2. Types Of Spam Slammers...
Sender Policy Framework

Most spammers forge the sender (From:) address to appear to come from trusted domains, such as yahoo.com, or hotmail.com.

By forging the sender address, the spammer remains anonymous, which makes it extremely difficult for the spammer to be identified and for the ISP to cancel their account access.

If email could only be delivered if it had a verifiable sender address, spammers would lose their anonymity.

Spammers operating from the United States -- which is the source of over half of all world-wide spam -- would then be subject to the CAN-SPAM Act, facing punitive fines or even imprisonment. World-wide, ISPs would be able to battle the spammer networks, without their arms being tied behind their backs.

Under development is the Sender Policy Framework (SPF), also known as "Sender Permitted From" and "Reverse Look Up". Its purpose is to prevent forged email being sent, by checking the sender is authorized to send email from the domain they're claiming to be from. If a spammer attempts to send email from a fake address, the message will be rejected.

Sounds like the perfect solution, doesn't it?

SPF Limitations

While this solution is viable in certain situations, it has a couple of significant limitations:

  • SPF requires email to originate from a known and trusted mail server and a domain name with a static IP address. Unfortunately, many domains do not have static addresses and so SPF, currently, will cause challenges here.

  • SPF is likely to prevent many mobile users from sending email as they can send mail directly, rather than via a POP/SMTP/IMAP account.

3. Types Of Spam Slammers...
Challenge-Response

Challenge-Response (CR) systems maintain a list of permitted senders -- a white list.

The sender of an email not on the list is sent a challenge. This can be a click on a URL, repeating a display code or sending a reply email. After completing the challenge, the new sender is added to the list of permitted senders and the original email is delivered.

The theory is that spammers using fake sender email addresses will never receive the challenge and spammers using real email addresses will not be able to reply to all of the challenges.

Unfortunately, CR systems have a couple of serious limitations, including:

  • People using CR systems will not be able to communicate with each other as they return challenges to the other's challenge when they send email!

  • Mailing lists and automated systems cannot respond to challenges.

4. Types Of Spam Slammers...
Cryptography

Cryptography is championed by companies such as Microsoft and Yahoo. It involves the use of "domain keys" or authentication certificates, which use public-key encryption technology to verify e-mail senders.

If this approach were implemented, ISPs could enable authenticated email messages to reach end users. Without a proper certificate, a forged email can be readily identified.

However, these cryptographic solutions are unlikely to completely stop spam as they do not validate that the email address is real -- they only validate that the sender had the correct keys for the email.

To be effective, domain keys require widespread adoption, but they are now only in an early stage of development. One limitation is the 20 years old, existing mail protocol, SMTP (Simple Mail Transfer Protocol), which has little support for cryptographic authentication.

Also, Microsoft and Yahoo have different techniques for verifying mail and it is unclear whether a standard can be agreed that all vendors will support.



My main source of reference for this article is, Anti-Spam Solutions and Security, by Dr. Neal Krawetz. Should you wish more detail than I have provided here, please go to Dr. Krawetz's article, Types Of Spam Slammers


1. Types Of Spam Slammers...
Supporting Articles

  1. The Best Spam Slammers To Protect You From Spam Dangers
  2. What Does Spam Stand For?
  3. Spam Blockers... These Are The Dangers When Spam Gets Through
  4. Practical Steps To Improve the Effectiveness Of Your Commercial Or Free Antispam Blocker
  5. Software Steps To Improve the Effectiveness Of Your Commercial Or Free Antispam Blocker
  6. How To Spam Spammers
  7. Spam Spammers With MailWasher Pro
  8. Reduce The Load Of Your Spam Blockers By Keeping Off Spam Lists
  9. Phishing And How To Block It
  10. Botnets And Your Zombie PC Fix
Google
Webwww.guard-privacy-and-online-security.com

New! Comments

Have your say about what you just read! Leave me a comment in the box below.