Syronex

Simple Techniques to Prevent & Block Spam

In this article, I discuss some anti-spam techniques, and make recommendations to help individual and business users form an effective anti-spam strategy. As with any plague, there are two possible courses of action, that should be combined for best results: prevention; to avoid spamming whenever possible, and cure; to eliminate or at least reduce the impact of spam on your daily use of email.

Spam Prevention

Spam prevention is often neglected, although some simple measures can dramatically reduce the amount of spam that reaches your mailbox. Before they are able to send you spam, spammers obviously first need to obtain your email address, which they can do through different routes.

Email Address Harvesting

If your email address is published on the web, it is likely to be the cause of most of the spam you're receiving [1]. Websites, forums, blogs, etc. are visited by "robots" or "spambots" which sole purpose is to collect email addresses. There are however simple and effective techniques [2] to safely publish an email link on a web page. Those techniques allow legitimate users to contact you via a normal link, while not revealing your email address to spammers. Several free antispam tools exist that generate spam protected emails links. Using such tools only stops more spambots from harvesting your email address. So if your address has already been on the web unprotected for some time, it most likely that many spammers already know it, and will continue sending you spam. You should then consider creating a new email address [3].

Certain types of viruses and other malware also harvest email addresses. When your computer, or the machine of one of your contacts is infected, all the addresses in the contact list are collected. The more contacts you have, the higher the chances you'll get spam that way. There are unfortunately not much one can do to defeat that form of organic spamming. You must trust your correspondents for protecting their computer from being abused.

Other sources of spam include public databases like the Whois database of domain name registrants and the electoral roll in some countries, and email address guessing. One can eliminate these as causes of spam or reduce their impact by carefully choosing email addresses.

Choosing an Email Address

Reducing the Impact of Spam and Phishing

Some unsolicited emails are bound to eventually go through spam filters and other anti-spam measures that may be in place, so be sure to at least minimize the consequences they may have. Generic spam advertising pharmaceuticals is an annoyance, but its impact is usually limited to a loss of time. Another form of unsolicited emails called phishing may have much more serious consequences. Phishing messages try to make you believe they are genuine emails from popular websites like ebay, amazon, or large financial institutions, in an attempt to get you to disclose confidential information. Most phishing emails look credible, so beware. Almost every aspect of an email is easy to forge. Here are some general tips to help you identify phishing attempts. A last point not related to phishing. When placing an email link on a webpage, always specify a pre-set mail subject whenever appropriate. This will help you identify at first sight that the message is not spam.

Blocking Spam

Anti-Spam Solutions

Many anti-spam solutions exist to block or filter out spam. They address a variety of needs, and range from simple desktop spam filters for home users, to server-side anti-spam software for businesses, and dedicated spam firewalls and anti-spam appliances aimed at corporate networks and ISPs.

Besides commercial antispam products, there are also free opensource anti-spam software. I mention two: Thunderbird, the email client from Mozilla, which includes a spam filter, and Spam Assassin from the Apache Foundation, probably the most popular server-side antispam software.

Anti-Spam Techniques

Both desktop and server anti-spam software use content filters. Content filters work using pre-set rules and probability (Baysian filters) to establish whether a message is more similar to regular emails or to emails know to be spam. Additionally, server antispam software can rely on shared real-time information concerning identified spam sources.
Beyond the basics just described, a number of other techniques exist to identify spam, and prevent spammers from exploiting internet infrastructure. New antispam techniques are developed continuously, as spammers create new types of spam to overcome existing anti-spam measures. Many spammers now send image spam and PDF spam in an attempt to defeat content filters.

Comments

Post a Comment

[1] The CDT survey (2003), suggests that most spam originates from web harvesting.
[2] Spam prevention study, Syronex, 2006
[3] Our experience shows that an email address may still get spam even five years after it has ceased appearing on the web.
[4] Note that some generic email addresses like abuse@example.com and postmaster@example.com are required by internet standards.

This article was first published in Jan 2002, updated several times, and completely rewritten and expanded in July 2007.

Content
Preventing Spam
- Email Address Harvesting
- Choosing an Email Address
Reducing the Impact of Spam & Phishing Fighting Spam
- Anti-Spam Solutions
- Anti-Spam Techniques

See Also
Anti-Spam Solutions