The constant stream of questions we get asked about Spam at TekSupport is something we’re used to. For most people, fending off Spam, or avoiding it in the first place can seem like wishful thinking - can anything really be done to avoids it? Frustrating as it may be, Spam tends to be part and parcel of life online- so how can you stop it from ending up where only genuine mail should?

Spam might not work for you- but someone benefits from it. 

Spam is a very economical way to advertise. The methods used to harvest email addresses for which to send Spam to may be seen as unethical – many people are surprised to learn that it’s not always as straightforward as nabbing your email from a public web address. There are several ways your email might end up in the database of a company wanting to sell you their product- among them, simply crawling the net for the ‘@’ sign and making thousands of automated guesses as to what an address might be, and in more sinister circumstances- by purchasing lists that include your email address or even foxing your associates into handing your private email address over.

It sure sounds like a lot of work just to make sure you’re the recipient of that unsolicited invitation to bulk buy a diuretic weight loss tea- but aggressive Spam emailing actually can pay off. If we look at the very first Spam email ever sent, it’s easy to see spamming grew wings.

It was May of 1973, when marketing manager Gary Thuerk drafted up a sales pitch in an email, hit send and catapulted the spiel onwards to almost half a thousand potential consumers. The effect redefined the edge of a remote sales pitch with a punch: the campaign reeled in almost $13 million in sales, but of course, not without also suffering significant slap-back in an avalanche of complaints. This was a precendent in risky business; Spam is sometimes a means to a very rewarding end.

Thankfully now, almost 50 years later, our techniques for avoiding unsolicited sales emails have improved significantly. Email programs now use filters to detect and sieve out Spam into folders that hold the suss stuff… but like most filters, they’re not always fail-safe. Here’s why, and also what you can do about hotwiring your filters to improve Spam filtration accuracy.

The source of the problem.

The majority of spam, phishing emails and malware don’t just come from a single source. More often than not, they originate from compromised webservers. Spammers usually find an exploitable vulnerability in a particular content management system and then attack hundreds or even thousands of these particular web servers. These compromised servers now form a “botnet” (robot network) that is used “en masse” to distribute spam. The advantage to the spammer is that the multiple messages being delivered to a particular target originate from multiple random sources. A target may only receive one email from a specific source, this makes it pointless to try and simply block either the senders email address or the originating server.

Innocuous content.

Another technique used by spammers is to make the content look like a legitimate email. This makes it extremely difficult for software to distinguish the difference between what is real and what is fake. We humans, with human intelligence, can simply identify spam by asking ourselves “did we ask for this email?” but the Antispam software has no way of knowing your answer before the spam is delivered to your mailbox.

Hackers attempting to infect, encrypt or hijack PCs no longer attach the payload to the email as this is relatively easy to catch, as used to be common practise. These days, they just include a random link in the email referencing the malware stored one of the compromised web servers.

Sorting the wheat from the chaff.

Most email hosting services, email appliances and firewalls use a multi-faceted approach to detecting spam and malware.

The first port of call is usually to check the validity of the sender. Methods such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain Message Authentication Reporting & Conformance (DMARC) are used to do this but the efficacy of these methods rely heavily on the uptake of the technologies.

Another option is to query a database of known spam source addresses. The problem here is that there is always a delay between when a new spam source appears on the Internet and when it is discovered and its address is published to the database. Fast-moving Spammers and Malware that takes advantage of this delay are known as zero-day exploits and are difficult to block.

The next process may be to inspect any attachments to the email. Harmful attachments can include the following and are acted on accordingly:

• Executable attachments (treated as extremely dangerous and usually blocked)
• Encrypted zip files and pdf files (always considered highly suspicious as encryption often conceals the contents from the Antivirus software.)

Other attachments are scanned against a database of known virus signatures. This process is also susceptible to zero-day exploits. Some software such as F-Prot antivirus mitigates the zero-day risk by inspecting the behaviour of the code if it were to be executed. Other appliances such as Fortigate firewalls do so by uploading the files to a “sandbox” on the Internet where the code is executed safely and the risk accessed accordingly.

The final frontier in Spam detection.

Finally the actual content is scanned and statistically determined by demerit points, which are applied to hundreds of triggers within the email headers and body. The email is declared spam once the accumulated points exceed a predetermined threshold.

An example:

If the threshold is (typically) set at 5.0, mail that exceeds 5.0 points will sent to the Spam folder. For example, Spamassassin rate viability of Spam with the following point scoring system: 

score for ‘DEAR_FRIEND’ = 2.683 score for ‘DEAR_WINNER’ = 3.099 score for ‘SUBJECT_DIET’ = 1.927 score for ‘UNCLAIMED_MONEY’ = 2.699 Based on these basic examples, you can see how these points collate to easily identify suspect mail.

What can you do to help?

There are some very straightforward ways to fine tune the spam filtration processes in order to ensure mail you do want makes it through to you. Some of these include:

Fine Tuning Your Mail Client.

If you are using a publicly hosted email service you can make headway towards a spam-free future by informing your mail client (Google, Hotmail, etc) that the message you’ve received is spam. Gmail users, for example, can simply hit the Report Spam button, rendering the dobbers job done. While we don’t always get time to do this, it’s worth it in the long run.

Missing Important Emails? Head over to Spam Central. 

While trawling a Spam inbox is hardly a classic good time hobby, it’s important to regularly do this in order to alert your email client about messages that should not be identified as Spam. This can simply be done simply by marking incorrectly filtered items as ‘not spam’ with your email client.

Go incognito wherever possible. 

Keeping your email address silent online is one of the best ways to avoid becoming a rich and lonely Nigerian Prince’s object of affection. If you can, avoid leaving your email address out in the open, especially when it comes to platforms like Facebook and LinkedIn, where business emails may more typically be identified. Try to keep your spam profile as small as possible by limiting the number of email addresses and aliases to the absolute minimum.

Outcomes with Teksupport.

As you can gather, stopping 100% of spam without impacting on legitimate mail is extremely difficult and requires a highly complex set of processes.

The systems we employ here at Teksupport prevent around 99.97% of spam that would otherwise be delivered to end users. The few spam our users do receive are literally just the tip of the ice-berg. We are constantly walking a very fine line between blocking as much spam as possible without blocking legitimate email.

The take-away message is that if you are receiving a few spam messages per day and you are not losing any legitimate email, then your email hosting service is doing a great job! Unfortunately spam, like smog, is a fact of life. If you want to visit the city you must be prepared to breathe a little smog. So too, if you want to maintain an email address, you must be prepared to click delete on the odd spam.

If you’re having issues with Spam and require the advice of a professional team to help you navigate your way towards a life with minimal Spam, be sure to reach out to the team at Tek Support on (03) 9590-0560 for more information today.