informa
7 MIN READ
News

Four Sure-Fire Spam Reducers

Don't settle for spam-heavy email traffic. Try these tips

Is holiday spam bloating the inbox? Even if you haven't seen quite as much holiday-themed spam as expected sneaking by your email server -- hey, even spammers need a holiday once in a while -- you're probably ready to trim the fat from your email traffic.

But that isn't always so simple. The most frustrating thing about spammers is they keep getting smarter in their quest to evade detection. And spam volume is exploding: Spam-watchers at Symantec say they've witnessed a 55 percent increase in spam over the last six months.

Sophisticated spammers even run the same spam filtering tools you do to be sure they aren't using computers and characteristics flagged by basic blacklists, and they are starting to pump out tougher-to-detect image-based spam, too.

If you need any further proof that spam has evolved, just look at the recent demise of the Open Relay Database (ORDB), essentially a blacklist of rogue SMTP servers used to relay spam. These servers are no longer the vehicle of choice for spammers, who now use botnets to deliver their payload instead. SMTP open relays are old school. (See Spam Service Shuttered.)

So if you're itching to get back to that leftover fruitcake and eggnog and start popping some bubbly, we've come up with four key things you can do to cut your enterprise's spam intake and get you back into the holiday spirit. Here they are:

1. Outsource It
One way to reduce spam is to hire somebody else to do it for you. There are a number of antispam services on the market, and most of them guarantee reduced spam levels as part of their service contract. This stands to reason -- they wouldn’t get many customers if they couldn’t be certain of cutting spam volume.

A managed antispam service, such as those offered by vendors like Barracuda Networks or MessageLabs, is essentially an intermediary between the Internet and the enterprise. Sitting in front of the corporate email server, the antispam application accepts all messages bound for a particular domain, analyzes them, and strips out the spam before allowing the legitimate email to pass through.

In a white paper written for MessageLabs, analyst firm Ferris Research pointed out that there are many advantages to using a third-party service for spam control. First, it eliminates the need to evaluate, install, and maintain onsite antispam applications, which require frequent upgrades as exploits evolve. Outsourcing is a good solution for smaller companies that have few IT resources, Ferris says.

Second, an antispam service reduces the amount of spam you may unwittingly pass to your business partners through botnets and automated message forwarding, Ferris observes. Unlike some antispam applications, most antispam services monitor not just the inbound messages, but the outbound messages that may promulgate the trash.

Third, antispam services may reduce the amount of storage space required for email in your organization, both on the client and server sides. Some reports now suggest that more than 80 percent of all email traffic is now spam. If the suspect data is held on a third-party’s server, it can significantly reduce the amount of messaging storage required onsite, Ferris notes.

At anywhere from $50 to $3,000 a month, an antispam service may be an attractive option for companies with fewer than 500 email accounts. Implementation becomes more complex in large accounts, as the filtering mechanisms may have to be set differently for different groups of users, and there may be questions about how to handle false positives. Still, a third-party service is a sure way of reducing spam, if only because the service provider guarantees that it will.

2. Enable Email Junk Filters and the Latest Blacklist Features
If you're not into outsourcing, there are still plenty of things you can do to reduce spam on your own. Here's the easy part: First, enable your email client's junk filter if you haven't already. "They don't catch everything by any means, but they're a good way to reduce the problem," says Andrew Lee, chief research officer with Eset.

That's one layer. The other is using blacklisting features and services (such as Spamhaus) that are integrated with most antispam tools. These blacklists include known botnet machines, which carry most of today's spam. And blacklisting is about to get even more sophisticated: Sometime this month, Spamhaus will begin offering a policy blacklist, says Joe Stewart, senior security researcher with SecureWorks.

"This will allow a blacklist of entire ranges that should not be ever sending email," he says. "Right now, we're playing 'whack 'em all' with Windows machines that are compromised...as we detect them."

Stewart says any antispam product that use blacklists could add this policy-based feature.

Symantec's traffic-shaping feature in its Mail Security 8100 Series gateway and new 8300 appliance is another approach that gathers and uses intelligence on spam trends.

"It starts building a reputation for which mail servers are sending good mail and those sending spam," says Ross Fubini, senior director of engineering for Symantec. "It throttles down the spam sources so if the only mail you're getting from a particular host is spam, you can quickly use traffic shaping to throttle it out." This ensures the spam never gets processed on the receiving end. The antispam filter uses algorithms to detect spam behaviors in traffic, he says.

And don't forget those gnarly, sneaky images that spammers are now using, too, such as a single .gif file. Be sure your antispam tools can detect image-based spam.

"Image-based spam is the biggest culprit for the massive increase of spam in recent months, so antispam solutions that address that problem are critical," says Charlotte Dunlap, enterprise security analyst for Current Analysis.

3. Write Your Own Antispam Filters
A more advanced and precise way of reducing spam is to create your own antispam filter, because not everyone gets spammed the same way.

"You have to look at what type of spam you're getting and handle it accordingly," says SecureWorks' Stewart. "You used to be able to rely [only] on filters to look at spam in a generic way, but spammers have gotten a lot better at bypassing them."

Stewart, a spam expert who discovered the infamous SpamThru trojan, recommends rolling your own antispam filter if you have the technical expertise in-house. His favorite freebie tool for this is qpsmtpd, a Perl plug-in. "This lets us write our own custom scripts to deal with mail, and it has lots of tricks some spammers haven't caught on to yet."

A plug-in called "check early talker" sits on the email server and listens for connections. If the remote host starts connecting without awaiting a "banner" or greeting from the recipient server, it's usually spam, he says. "A normal email server would wait to get a banner, but people writing viruses or spam engines don't wait extra amounts of time and they'll connect and start sending right away."

"Check early talker" detects that overly eager behavior and basically stops spam in its tracks. "It kills a lot of [spam] right away," Stewart says.

The catch is that running these tools requires a technically savvy staffer, usually an email administrator versed in Unix and Linux, so rolling your own antispam filter isn't for everyone.

4. Encrypt or Certify It
Another certain way to cut spam is to use encryption or digital certificates to ensure that your messages are legitimate and don’t end up caught in a spam filter. These methods may not initially do much to reduce your inbound spam, but your good citizenship may encourage your communications partners to follow suit, reducing spam on both ends.

There are a wide variety of email encryption technologies on the market, ranging from VeriSign’s enterprise tools to simple freeware from organizations like PGP. While some tools allow users to choose which emails to encrypt, security expert Tony Bradley recommends using a system that encrypts all email, no matter how unimportant.

“If you only encrypt a single email message because it contains your credit card information, and an attacker is intercepting your email traffic, they will see that 99 percent of your email is unencrypted plain text, and one message is encrypted,” Bradley says in his blog. “That is like attaching a bright red neon sign that says ‘Hack Me’ to the message.”

Certified mail is another way to verify that your outbound email is legitimate. Services such as Goodmail enable senders to tag their messages with a special “blue ribbon” that indicates they come from a trusted source. Goodmail can be used by corporations to envelope messages sent via opt-in mailing lists, which often enable them to bypass a spam filter and go directly to the user’s inbox.

Goodmail has a number of competitors, including Return Path, which is used for Microsoft’s Bonded Sender offering. Users can also get personal digital certificates via freeware such as PGP, Comodo, or Thawte, experts say.

— The Editors, Dark Reading

  • SecureWorks Inc.
  • Symantec Corp. (Nasdaq: SYMC)
  • ESET
  • VeriSign Inc. (Nasdaq: VRSN)
  • Barracuda Networks Inc.
  • MessageLabs Ltd.
  • Editors' Choice
    Robert Lemos, Contributing Writer, Dark Reading
    Robert Lemos, Contributing Writer, Dark Reading
    Dark Reading Staff, Dark Reading
    Jai Vijayan, Contributing Writer, Dark Reading