Anti-Spam Resources - InformationWeek
01:56 PM
Bob Evans
Bob Evans
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Anti-Spam Resources

As promised, here are some additional anti-spam resources.

As promised, here are some additional anti-spam resources from Andy Lester and Mitch Wagner, along with the full text of the letter from Paul Howell:

More anti-spam resources from Andy Lester:

More anti-spam resources from Mitch Wagner:

And Paul Howell's letter:

Hello Bob,

It's nice to gather readers' opinions and share them with us all, but too often of late you've shared old ideas that have been considered and rejected ... yet you've shared these ideas with us as if they were things of value. This does your readers no service, and your editorials lose value to me, and perhaps to others, each time it happens.

The latest example is the three variations on a "single simple theme" that you shared in your "Readers' Ideas Take A Bite Out Of Spam" article: send a message back to the spammer saying "No thanks, I don't want any spam from you." In the early days of spam, this activity simply told the spammers that the E-mail address was alive, and hence the address actually gained value to the spammer either for more spam or for selling the E-mail address as part of a list to other spammers.

Today, of course, all this idea would do is clog up the E-mail pipes even more. The majority (yes, majority) of spam coming to my clients' in-boxes is from hijacked home computers on broadband. Not from identifiable, semi-legitimate bulk E-mailers, but from home PCs on DSL and cable broadband that have been infected by Trojans and serve out spam all day, unwittingly, until the ISP figures it out and shuts them down. Any return E-mail to these spam factory robots is ignored, of course. They aren't set up to process incoming E-mail.

A worse problem is that sending such a reply would unwittingly bomb legitimate E-mail users who are totally unrelated to the spam problem. How? Most of these spam robots send out E-mail with spoofed headers, including spoofed return addresses, for two good reasons: (1) they can hide the robots better that way, making them more difficult to trace back, and (2) the spam messages seem more legitimate when they come from a "real" E-mail address.

I should know. Several times a week I get spam messages from myself, offering prescription drugs at steep discounts. One of my E-mail addresses has been listed on a Web site for many years and has been harvested by many spammers. That E-mail address is now used (spoofed) by spammers as a reliable outgoing address so often that I get spam (and viruses and Trojan attachments) from myself, and others I know get them from "me." When it first started, I was accosted by several colleagues saying "Ack! Fix your computer! You've got a virus, and it's sending out E-mails!." I have not been so infected.

One byproduct is that I now get several E-mails per day from friendly mail servers, automatically telling me that the E-mail address I was trying to reach with my offer for discount Rolex watches has a full mailbox or is no longer available at this address. So I know that my messages are getting through.

So, regarding your editorial, none of the suggestions from readers of the "cat-o-nine-tails" persuasion will help me, none of the "traceable sender" or return E-mails ideas will help me, and certainly none of the "pay-as-you-go" ideas will help me. Improved filtering does help, both on my incoming servers and at my desktop.

Alert ISPs that automatically alert and shut off access to the robot spam clones would help--but such ISPs don't exist. That would alienate those who pay them. If you want to get the broadband ISPs to help, let's threaten to make THEM pay the per-E-mail fines for the illegitimate clone spam factories they harbor on their networks.

Simple solutions for complex problems are rare in any field. A quick look into the archives of any forums discussing spam solutions or a conversation with any competent spam-security consultant should have buried these ideas. Perhaps a more meaningful article in InformationWeek would address precisely this issue--Why Simple Solutions Won't Work Against Spam.

With best wishes for a clean in-box in the New Year.

Paul Howell
Smoothstone Systems
Lexington, Ky.

Return to the story:
Business Technology: A Trip To The Woodshed For Serving Tainted Spam

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll