Business Talk, Network, Security

Spam Filtering: How to Avoid Phish-Flavored Spam

 

Funny Internet Spam for eMail and Websites is ...

Filtering spam e-mail is a major challenge both for individuals and for companies. Problems with spam for legitimate companies exist on both sides, sending and receiving. Obviously we struggle with receiving e-mail from illegitimate companies. We can also struggle with sending out newsletters or other messages and having them flagged incorrectly by other people’s spam filters. For this article, I will focus on the receiving side of spam filtering – how to protect your network from unwanted e-mail.

The State of Spam: Spambots are Internet-wide. They take all of the addresses that are freely available. This, unfortunately, is not an overstatement. If you post your address anywhere, it is just a matter of time before you will start receiving spam. Spam falls into two basic categories:

  1. Awful – One type of spam is brought to you courtesy of garbage marketing firms worldwide, trying to get you to buy their awful products.
  2. Phishy – These come from people who want your sensitive information. They attempt to trick you into entering your details into a bogus website intended to look like a website that you use and trust.

Make sure when you are attempting to filter spam that you do not become too excessive with your efforts, which can prevent all the genitalia enlargement and large sum of money inheritance e-mails from reaching your network. If anything should interrupt your own workflow or that of the employees of your business, it should be these sincere and spirited efforts to improve your reproductive potential and fill your bank account with cash.

I referenced several articles for this piece from around the Web. Two from About.com and one from Website Helpers discuss general tips – the deployment of disposable and complicated e-mail addresses and how to avoid spammers grabbing e-mail addresses off of your website. I will discuss why you might not want to use a spam filter – to get a sense of why that can cause problems (also via Website Helpers).

Finally, I cited an article from Web Developers Notes that discusses how Gmail’s spam filter works: this knowledge can help you vet spam filtering software or develop your own custom solution. Additionally, if you like, you can add a “dirty,” spam-filled account to a Gmail account specifically to filter out the unwanted email.

Tip 1: Long & Complicated E-mail Addresses

A solution for fighting spam that is so simple it is often overlooked is to simply make e-mail addresses longer and more complex. The reason that developing lengthier e-mail addresses works to avoid some spam is that there are two basic tactics used by spammers:

  • grabbing – collecting e-mail addresses found online (typically by scanning for them with software designed to look for text with e-mail formatting on sites)
  • guesswork – looking for common first and last name combinations and typical administrative usernames many sites use (info, webmaster, admin, etc.)

Several techniques can work to make your e-mail addresses complex:

  • lengthening the usernames
  • use of multiple words and portions of words
  • including numbers and underscores

 

Keep in mind, the process of developing spam-proof e-mail addresses is not easy – you ideally want to create usernames that are still easy to spell and remember, so never forget that people will be relaying that information and typing it in.

One other technique to make usernames difficult to guess is to use the format mysocial securitynumberis999999999@buythingsfromme.com. Then they have to know your Social Security number in order to be able to guess your username and spam you.

Tip 2: Read & Burn Addresses

You don’t need to give out your actual e-mail address to people. What you can do instead is customize each e-mail address you give someone – both stopping spam and identifying its source. Disposable addresses can serve this function.

A disposable address at first seems meaningless because all it will be doing is forwarding everything to your actual address. The purpose of the disposable address, though, is a sort of pre-spam filter. Here’s how to use it:

  1. Generate and deliver a different e-mail address each time you give out your contact information.
  2. When you get spam, check what disposable address it came from.
  3. Shut down the disposable account.
  4. Now everything sent to you from that service or person will not be able to reach you.
  5. Check where you gave out that particular address – which of course allows you both to know the culprit and complain if you like.

You can even have a disposable address on your site – of course then it’s not necessarily individualized. However, if you want to get really creative, use software to populate a random disposable address to every different IP address that visits your site.

Bonus Tip: When you go to networking events and give your card to someone, explain to them that you use disposable e-mail addresses customized for each card. Tell the person you would love to do business with them, but if they ever spam you, “I will never, ever, ever forgive you.”

Tip 3: Site-Specific Tips

Regarding e-mail addresses on your own site, you need to strike a balance between stopping spam while not being excessively annoying to people legitimately wanting to contact you. The below practices can help, bearing in mind user experience (UX) and how far you want to go to set up obstacles to battle malevolence.

  1. E-mail addresses should be invisible and impossible to copy or click.
  2. Make it so that your addresses only appear via JavaScript.
  3. Anytime an e-mail from a new user hits your inbox, have software that shoots out a challenge-response message to verify their identity (and non-bot status).
  4. Brew yourself a cup of coffee and pour it all over your computer. Now let them try to send you e-mails. Their machine cannot bother yours if you make your machine unusable. It’s called sacrifice. Note that this technique can also be used on your servers – as the executive board of Amazon.com once did during a fit of anger (The Great Thousands of Coffees Debacle of ’07).

The Argument Against Spam Filters

The above tips will help you fight spam without needing to use a filter necessarily. Spam filters are not all good. Spam filtration means that you will not always get e-mails that you want to receive. Filtering programs aren’t perfect. You don’t want to not receive an e-mail just because too many people were listed as recipients, etc., if it is a legitimate message you are expecting.

In fact, don’t even bother with the above techniques. Make sure that anyone who is trying to send you a virus or take advantage of you in any way is able to have access to you at a moment’s notice. It is your duty as a citizen of the global economy to take regular abuse from malicious strangers. Using the Internet is like joining a college fraternity where you get hazed every day for the rest of your life.

Nonetheless, below are descriptions of how spam filtering works so you can better understand this piece of technology – keeping in mind the downside of this type of software.

How Gmail’s Spam Filter Works & Availability for Non-Gmail Accounts

Gmail does not bounce anything unless it is specifically added to a block list – which you need to do manually. It does, however, grab anything that seems highly likely to be spam and places it in the Spam folder. There are two components to how this filtering process works:

  • Algorithm developed by Google to catch spam
  • User input to further refine spam-identification capabilities.

Machines and humans work together to fight spam because it is too difficult for a piece of technology by itself to determine what is and what is not legitimate. As with any type of malware, the field of spam is one of good guys and bad guys – the good guys trying to limit the junk, and the bad guys coming up with innovative techniques to get the junk to you. As innovations arise, technology must be updated manually with new rules to stop spam. An example rule released in 2009 was that spam can no longer run in the area around the swimming pool, because that endangers everyone in the pool environment, not just the spam.

Human intervention, then, is important in the process. Intervention methods include marking both legitimate and illegitimate messages appropriately:

  1. Marking spam messages with the label, “Report as spam”
  2. Checking the spam box occasionally for legitimate messages – and then marking non-spam messages with the button, “Not spam.”

Note that Gmail spam filtering can be used on any e-mail account. Here’s how you use it:

  1. Direct all incoming messages to that e-mail address through your Gmail account. Go to Accounts > Get mail from other accounts > Add a mail account.
  2. Filtering will start occurring immediately as the Gmail system identifies items it perceives to probably be spam.
  3. Gmail system will take off Sundays, Holidays, and random personal days to rest and relax – “just because it can,” according to Google.
  4. Customize a filter within your account to forward your legitimate messages (preferably to a new account). Go to Settings > Filters > Create a new filter.
  5. Full details here for further guidance http://www.webdevelopersnotes.com/tips/gmail/free-spam-filter.php.

Summary & Conclusion

To review, spam filters do no always work — they can sometimes catch and hold emails that you actually wanted to receive – and for that reason should be avoided if possible. When needed, you have access to Gmail’s filtering program with any address. Several tactics can work well without having to use filtration: lengthening and complicating addresses; using single-use, disposable addresses; and on-site prevention methods – hiding addresses, implementing JavaScript, and using challenge-response.

Finally, institute usage of acoustic, hard-copy-only email. This time-tested technology is also called simply “mail.”

by Kent Roberts and Richard Norwood