How Spammers Fool Spam Blacklists - And How to Stop Them

Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient, effective communication tool it was intended to be.

One method used to combat spam is blacklisting. The goal of blacklisting is to force Internet Service Providers (ISPs) to crack-down on customers who send spam. A blacklisted ISP is blocked from sending email to organizations. When an ISP is blacklisted, they are provided with a list of actions they must take in order to be removed from the blacklist. This controversial method blocks not just the spammers, but all of the ISP's customers. Blacklisting is generally considered an unfriendly approach to stopping spam because the users most affected by the blacklist are email users who do not send spam. Many argue blacklisting actually damages the utility of email more than it helps stop spam since the potential for blocking legitimate email is so high.

In addition to the ethical considerations, there are other problems with blacklists. Many blacklists are not updated frequently enough to maintain effectiveness. Some blacklist administrators are irresponsible in that they immediately block suspect servers without thoroughly investigating complaints or giving the ISP time to respond. Another downside is that blacklists are not accurate enough to catch all spam. Only about half of servers used by spammers, regardless of how diligent the blacklist administrator may be, are ever cataloged in a given blacklist.

Blacklists are used because they can be partially effective against spammers who repeatedly use the same ISP or email account to send spam. However, because spammers often change ISPs, re-route email and hijack legitimate servers, the spammer is a moving target. Blacklist administrators are forced to constantly revise lists, and the lag-time between when a spammer begins using a given server and when the blacklist administrator is able to identify the new spam source and add it to the blacklist allows spammers to send hundreds of millions of emails. Spammers consider this constant state of flux a part of doing business and are constantly looking for new servers to send spam messages.

When used individually, each anti-spam technique has been systematically overcome by spammers. Blacklists have some utility in stopping known spammers, but they may also block valid emails. Because of their limitations, blacklist data should only be used in conjunction with other sources to determine if a given message is spam. Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of the population to adopt the same anti-spam method in order to be effective.

The Solution

Reputation systems offer a comprehensive anti spam solution by dynamically updating black and whitelists based on sender behavior. These systems also automatically update and score messages thereby removing the burden from administrators. Today's spammers are more clever than ever, so today's reputation systems must be equally sophisticated. An effective reputation system must be dynamic, comprehensive, precise, and based on actual enterprise mail traffic in order to keep the spammers from gaining any advantage. You can learn more about the fight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com/products/spam_and_fraud_protection today.

When 'Viagra' Comments on Your Blog, and Other Spam Red Flags PCWorld Matt Mullenweg, the creator of WordPress, actually created a spam blocker for WordPress called Akismet in 2005, partially so his mom wouldn't be assaulted by Viagra ads while writing her blog. Today, spam blockers do a good job of nabbing most spam, ... and more »

Trend Micro Titanium Maximum Security 2012 review PC Advisor Trend Micro Titanium Maximum Security 2012 starts out with traditional modules, including AV protection, an improved firewall, a spam blocker, parental control, a system tuner, protection against data theft and 10GB of online storage.

WatchGuard Breaks Quarterly Billings, Profit and Units Shipped Records MarketWatch (press release) Currently, WatchGuard offers seven add on security services for XTM appliances, including: Application Control, WebBlocker, Gateway Antivirus, Reputation Enabled Defense, spamBlocker, Intrusion Prevention and LiveSecurity. and more »

NEWS ROUND-UP: The latest from WatchGuard, Compuware, and Island Pacific ARNnet WatchGuard currently offers seven add-on security services for XTM appliances: Application Control, WebBlocker, Gateway Antivirus, Reputation Enabled Defence, spamBlocker, Intrusion Prevention, and LiveSecurity. Technology performance company ... and more »

Tucson victim stalked for nearly 2 decades Tucson Citizen ... in consequence of which she tells numerous falsehoods to create the illusion of danger, purely to get someone incarcerated for up to 10 years merely because she doesn't want to use the spam blocker of her e-mail address account,” Shepard wrote. and more »

When 'Viagra' comments on your blog, and other spam red flags Computerworld New Zealand Matt Mullenweg, the creator of WordPress, actually created a spam blocker for WordPress called Akismet in 2005, partially so his mom wouldn't be assaulted by Viagra ads while writing her blog. Today, spam blockers do a good job of nabbing most spam, ... and more »

Gothamist

After Stalking Woman For 18 Years, Man Faces Five Year Sentence Gothamist ... conscience or both, in consequence of which she tells numerous falsehoods to create the illusion of danger, purely to get someone incarcerated for up to 10 years merely because she doesn't want to use the spam blocker of her e-mail address account. and more »

Demand for business security 'at an all-time high' TechDay.co.nz ... core SMB market is 'solid', the company is experiencing 'accelerated demand' among mid-market and enterprise organisations, Robertson adds. Users are also increasingly taking up add-on services, such as Application Control, WebBlocker and spamBlocker.

ITespresso.fr

Sécurité IT : l'éditeur WatchGuard veut séduire les TPE et les PME ITespresso.fr ... sécurité spécifiques comme le WebBlocker de WatchGuard (blocage des sites Web malveillants et des contenus Web inappropriés), le spamBlocker ou encore le Reputation Enabledd Defense, un service cloud de protection contextuelle contre les menaces.

Anti-Spam-Lösung für Unternehmen erhält Update IT-Business ... das Reporting und Backups für geschützte Exchange-Cluster zentralisieren. Die Anti-Spam-Lösung ist Teil der Unternehmenslösung Kaspersky Open Space Security. Neben dem reinen Spam-Blocker gehören auch Antivirus-Funktionen mit zum Lieferumfang. and more »