USER-SIDE ACTIONS FOR SPAM PROTECTION IMPROVEMENT

posted by Archie @ 21:01 PM
July 21, 2010

Ever since Internet became available to the public and started being used on commercial purpose, the problem of SPAM emerged. There are many types of spamming – via e-mail, through instant messengers, even by posting forum threads or replies and blog comments. Today we are going to tell about ways of fighting the most irritating type of spam – e-mail spam.

What is SPAM? Ways It Works, Impact It Makes

SPAM'ed PC Image source: http://www.pc1news.com/

SPAM'ed PC Image source: http://www.pc1news.com/

E-mail spam a.k.a. unsolicited bulk e-mail (UBE) started spreading in the early 90’s. Since most spam messages have commercial content, it is also called unsolicited commercial email (UCE). SPAM is usually sent through zombie networks (or botnets) – networks of virus or malware-infected computers. And if UCE just irritates the mailbox owner by the fact of its delivery, fraudulent or virus-containing spam may cause bigger problems – credit card information leaking, password and other security data loss or even making the recipient’s computer another zombie.

Nowadays all Internet, web hosting and public e-mail services providers have a ruling in their Terms of Services and Acceptable Use Policies (TOS/AUP) regarding outgoing spam delivery prohibition. Spammers cause much abuse, as the complaints sent to the administrators of the servers, where bulk mailers are located, may lead to the servers’ IP addresses getting into an IP blacklist. In some cases, when the complaints are multiple and the spammer cannot be taken out (sometimes it is really hard to trace and locate a spammer on the server) – the server may get null-routed. If it is a shared server, (spammers usually choose non-expensive shared plans to perform a “one-shot” bulk mail delivery or spam until the account is suspended/terminated) – it is usually a disaster for a hosting company, because when an IP address gets blacklisted – it may take up to a week to have it “delisted”. Now imagine how much time it will require for the upstream provider (datacenter) to review the null-route removal request (not counting the time required for the investigation).

User-end Spam Protection Measures

Let's Stop SPAM Image source: http://www.dayoldcake.com

Let's Stop SPAM Image source: http://www.dayoldcake.com

It is obvious that server administrators need to take strict security measures to avoid any outgoing spamming attempts. But what about the incoming spam? Sure, anti-spam systems and filters used on the servers do not accept spam messages, but the rules set in there cannot be too strict, since it is a shared server and you simply cannot tell who really deals with online pharmacy and who is being spammed by some creepy offers. That’s where the user should take additional measures.

When talking about user-end means of spam prevention we first of all mean native control panel tools. There are two of them.

SpamAssassin

SpamAssassin is an open source spam filter, compatible with such mail services as procmail, sendmail, Postfix and qmail. Being easy to extend and to configure, it gets perfectly built into almost any hosting control panel. Below you can find the snapshots of DirectAdmin and cPanel-driven SpamAssasin tool:

General View and Main Options of Direct Admin-driven SpamAssassin

General View and Main Options of Direct Admin-driven SpamAssassin

General View and Main Options of cPanel-based SpamAssassin

General View and Main Options of cPanel-based SpamAssassin

As you can see, both panels provide a little bit different interfaces and configuration options, however both have two main options we are to describe: blacklisting and “spam score” assignment.

The former option is the one to take out all the messages from a given domain (*@domain.com) or a separate mailbox under it (user@domain.com). It is recommended to use, if you are constantly receiving targeted spam from some organization. They may be just harmless newsfeeds but have no unsubscribe option, which is rather irritating. Thus, you either lock out the entire domain or a particular account (in case you are interested in getting some useful information from other mailboxes).

The “spam score” assignment option works in a different way. It passes all incoming email through with no blocks, but analyzes each of them. The analysis covers the email content: subject, headers, body (for spam-keywords, attachments, html-code, etc.). Once the set score is reached, the email is discarded and moved to the spam folder. This allows the user to analyze why the email was labeled as spam and either blacklist or whitelist it. SpamAssassin does have a sad drawback though – it cannot be “trained” to keep email addresses in memory, so that those messages, which constantly get into the spam box, could be sorted and then automatically blacklisted.

Manual Email Filtering

What cannot be done with the help of SpamAssassin, can be easily done manually by means of a control panel. Creation of additional filters will not only grant you better spam protection, it will also let you trace the most active outgoing addresses. This in turn allows to blacklist those addresses and lessen the load on your server – if the email is rejected by default, the system consumes less server resources, than for its content analysis.

Email filters in different control panels have different sets of options. Apart from the entire domain and single account filtering, all of them are able to filter e-mail subject and body. Depending on the configuration, some may filter by message size and others – by headers or added recipients (CC, BCC).

cPanel E-mail Filter View and Options

cPanel E-mail Filter View and Options

Direct Admin SPAM Filter View and Options

Direct Admin SPAM Filter View and Options

Report Spam

Public e-mail services like Gmail or Yahoo! provide their users with spam reporting options. This is very useful, since depending on the number of complaints on a single account/domain the strictness of measures to take varies. Your hosting provider may not provide you with such an option, but who says you are unable to report spam on your own? There are many Real-Time Block Lists (RBL blacklists) on the Web, two of them, however, are the most trusted and recommended for use – SpamCop and SpamHaus. Both services accept unofficial spam reports, so you should not experience any problems – just provide their team with as much information as possible. Namely, you need to provide the email address, domain and IP the spam was received from, and attach or better paste the subject of the spam mail you received together with headers and email body (but do not just forward the spam message).

Besides escaping spam delivery from the reported domains/IPs, you will help others, since once the spammer gets blacklisted, other servers which perform RBL block checks for incoming emails will stop receiving spam from those email and IP addresses as well.

Bottom Line

When hosting services users complain on incoming spam to their support team and server administrators, they usually receive a reply, that it is almost impossible to get a 100% spam protection. Some people get irritated when they hear it, but it really is true – server administrators cannot set too strict filtering rules, while spammers are becoming more and more sophisticated at bypassing the existing ones. The user-side actions, however, are able to increase this rate, so if our article assists you to reach a 99.9% spam protection rate, you make consider the spam-fighting mission accomplished.

  • James Senase

    ” SpamCop and SpamHaus. Both services accept unofficial spam reports” – only Spamcop accepts spam reports, Spamhaus does not take any reports form the public, there’s no way to report spam to Spamhaus.

  • Thank you, James for your remark. What SpamHaus does have stated at their contact page is: “The Spamhaus Project is not a general spam abuse desk and can not help with individual spam problems.” However, it is not supposed to disable you from reporting spam, if you are a reseller or a community owner, and you clients/followers start receiving spam @yourdomain. In this case you can contact them on their behalf as a services provider. Though the complain will still be considered unofficial, it will be obvious, that the problem is not individual.

  • Pingback: How can you stop email spoofing on a network? | barracuda spam appliance()

  • Pingback: Premium Email comes with Outlook Sync, Mobile Sync, Anti-Virus | barracuda spam appliance()