Advertisment
Trends Watch

How to Win the War against Spam

author-image
PCQ Bureau
New Update

Spam is universally agreed to be unsolicited bulk e-mail. This mail may or may not be of a commercial nature. The usual purpose of sending out such mail is for marketing.

Advertisment

One of the more recent uses of spam is using it for disinformation. As an extreme case, it can become a tool for corporate or political misinformation. Spam could also be a potential weapon in

cyberwarfare.

Sometimes, spam has more sinister purposes-of bringing down mail servers and networks by bombarding them with useless messages. This is also called 'mail bombing' but the messages sent are spam. Or it could be used in phishing attacks or similar scams.

Though not relevant to this story, the word 'spam' has two other meanings. One

is the attempt by 'search engine optimization' operators (SEOs) to gain higher search-engine rankings by repeatedly submitting the same content with variously disguised URLs. 

Advertisment

The other and original meaning has to do with a brand of canned pork, from Hormel stands for 'Shoulder of Pork

And Ham'.



Identifying spam The basic foundation of the idea that you can eliminate spam comes from the fact that spam is identifiable. Further, a mere 200 operators around the world are responsible for about 80% of the spam that lands in your mailboxes. And every one of them in known and documented.

But if all this is true, how come these operators are still around? What they do is register to a set of domains, buy ISP services to spam from, and send out millions of e-mail in about three months' time.

How PCQuest helped reduce spam from India

It is quite possible that there are spammers sitting on your ISPs network and spamming the rest of the world, including you. An easy place to start finding this out is at the Spamhaus Block List

(www.spamhaus.org/sbc). Here select ISP by country (lower right of the page), select India and say Display. You will get a list of Indian ISPs who are currently being used by spamming setups. A yellow colored entry indicates a ROKSO listing, and is one of the 200 spam operators, who contribute 80% of the world's

spam, and who have already been terminated by atleast three ISPs for spamming.

What follows is the procedure we adopted in informing the ISP about the listing (it is unlikely that the ISP does not know, but some follow-up helps), that got many of these spamming operations stopped.

First, we identified who are the administrative and technical contacts for the ISP's domains (from the registrar with whom their domain names are registered). This is fairly easy, and can be done at

www.dnsstuff.com. Simply enter the name of the ISP's domain, say mtnl.net.in in the whois text box on the page, and you will get the domain details. You may need to click on an additional link to reveal the complete e-mail address of the contacts. What we did next was fairly simple. We took a sample of the ISP's listed and sent a simple e-mail to the two contacts attaching a screenshot of the listing asking for their comments for this story. Many of the ISPs that we wrote to, quickly acted to get the accounts of the spammers suspended and to get the SBL records removed.

Listings

removed		 ISP's

who did not respond
Reliance Bharti

Broadband
Sancharnet(BSNL) Spidernet
Spectranet Shyam

Internet
Sify

Corporate		 Ernet
Satyam

Infoway		 Exatt
MTNL

and Iquara have had their SBL listings partly removed. Estelcom had

many rounds of discussions with us (see separate piece on Top

spammer), but the listings continue as is.

Now, you may not be able to do the same thing; that is to ask for their comments for a story. But if enough users write to the ISPs, asking them to remove spammers from their network, the ISPs will be forced to act. If you know anybody in the concerned companies, writing to them also will definitely help. You could also write to the Directors or Chairman of the company.

ISP's can use their FUP (Fair Use Policy) to terminate services to spamming operations.
Advertisment

Then they set up another set of domains and jump to a different set of ISPs. At a time, each of them have dozens of domains and aliases running. 

The best part seems to be that they need not even be in the same area as their ISP and the ISP is either clueless about the whole thing or chooses to turn a blind eye to what's going on.

Anti-spam measures



So, what are the resources and solutions available to you to eliminate spam? We have identified a few key concepts and solutions for you that are both easy to implement and are not very costly either. Anti-spam arsenal can be broadly classified into three categories-prevention techniques that avoid your addresses getting onto a mailing list, solutions that can help you deal with any spam that arrives and resources you can turn to for further research or help.

Advertisment

One way to win the war against spam is to avoid getting it altogether. To do this, your IT policy must strongly state and force implementation of a few simple mechanisms. These are nothing new and have been known and well-documented from the early days of spam. This first of these is: never provide your e-mail addresses on a public 'Web page'. A 'Web page' can be hosted on a website, a forum or a newsgroup. Humans no longer need to physically harvest addresses from a Web page. Automated programs called 'bots' roam the Web, pulling pages and scanning them for e-mail address like patterns. These are logged into mailing lists that are then exchanged with other spam operators. Thus, your biggest problem is eliminated if these bots don't get hold of your e-mail address.

There are situations when you would want someone to read a Web page to contact you. Web forms that allow the visitor to 



write back to you is the best way, since the recipient's address is never revealed.

Solutions



All major mail servers have vendor-provided or third-party applications that

filter out the spam. For Exchange, there is Service Pack 1 (on the PCQEssential CD), besides applications from Hexamail, GFI MailEssentials, Cloudmark and BitDefender among others. Domino has (again) BitDefender, SpamEraser and MailFlower. SpamAssassin supports procmail, sendmail, Postfix and qmail among others.

Advertisment

There are appliances like the IronPort C10 (see review in this issue) that specialize in mail filtering. There is software that work with the major mail servers. Notable among these are Symantec BrightMail AntiSpam, Norton AntiSpam and MessageLabs AntiSpam 4.0. An Indian solution, SpamJadoo claims to stop spammers by 'locking' your e-mail address (we haven't tested it yet). SpamJadoo also provides virtual e-mail addresses that you can use to subscribe to newsletters or use for temporary purposes. These addresses can be monitored or even turned off when their need is over. The MessageLabs hosted service claims 100 % filter rates.

Anti-spam technologies

Four main technologies are currently being positioned to combat

spam. All of them are still in their infancy and none has gained enough maturity

at this time to say which is better. For details, read New Techniques to Fight Spam,

PCQuest, page 20, November 2004.

Authenticated e-mail



http://www.dwheeler.com/essays/email-authentication-ftc.html



When mail is received, the server sends back a challenge asking the sender to verify the mail. Non-verified mail is bounced.

Yahoo DomainKeys



http://antispam.yahoo.com/domainkeys



Signs e-mail sent with public/private key; recipient compares key, rejecting 


e-mail that has invalid or missing keys as 'possible spam'. Prominent users: Yahoo Mail,
Gmail.

Sender Policy Framework (SPF)



http://spf.pobox.com



This is a concept used by Sender ID (see below), where a domain publishes a list of servers allowed to send mail for that domain. Recipient servers then use it to check if the mail is legitimate or not.

Microsoft Sender ID



http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx



Sender-server addresses are validated against a list of allowed servers for that mail-domain. Prominent user: Hotmail.

IBM FairUCE



http://www.alphaworks.ibm.com/tech/fairuce



First an attempt is made to verify sender server using cached DNS lookups. On failure, a challenge/response is attempted. On repeated failure, mail is
classified as spam. Still under development, no known users yet.

You and your ISP



Is a lot of your mail is not reaching the recipients? The reason could be that they are bounced as spam, because of previous spam activity. Puzzled? Head over to a block-list and query this IP address. Chances are that you'll find it listed there. Sometimes, your company may do legitimate mailing. Now, if a significant number of your mail recipients report such mail as spam to one of the blocklists, the outgoing IP address(es) start getting blocked by mail servers. A lot of times, you as the IT department are not aware of such mailing. Therefore, it becomes more critical that you check the listings periodically to ensure you aren't listed. If you are, when you take corrective action, you are removed .

Advertisment

When you buy your IP address, check if it is listed in a block list. If it is, your ISP must get the address removed. This brings us to a new issue. How cooperative is your ISP in getting your spam problems solved? As we said earlier, the ISP has a crucial role to play in the war against

spam! 

Remember that if they are allowing spammers to freely operate out of their network, they maynot act to solve your spam problems. 

Krishna Kumar and Sujay V Sarma

Advertisment