Category Archives: Anti-Spam

Antispam education, Software and How to.

Domain Name

The Domain Name Scam Explained

Domain Name

Protect your Domain Name?

If you are a Domain Name owner and make business on Internet you know that your Domain Name is one of your biggest assets.

You wouldn’t give away any traffic resulted in misspelling of your domain name or traffic generated by similar domain names.
There are actually people on Internet who specialize in stealing traffic from other companies. They do this by using domain names similar to successful companies. However this is less feasible these days because domain name doesn’t carry too much weight in SEO.
If someone would try to register your domain name, what would be your reaction? Your first reaction, of course, would be to protect your domain name. You want to buy that domain so nobody else could use it and steal your traffic. This is a natural reaction; you are trying to protect your asset.
This weakness is exploited by a large number of companies, (mostly Chinese), specialized in this type of scam.
There is nothing wrong to secure that domain name, if you think it makes sense for your business, many companies do this, just don’t buy the domain name from the spammers. Buy that domain from a reputable registrar instead.

How does the Domain Name Scam work?

The spammer collects information from the Domain Name registration which is, in most of the cases, public. This information contains the owner name, the email address, and of course the Domain Name. This information is enough to devise an email which will be sent to the CEO. The email informs the owner that another company is trying to register the domain name in cause but for another TLD or ccTLD.
As the owner of the domain you “get the benefit of being announced of this purchase” and are being offered to buy it yourself.

For instance you own domain.com and someone is trying to register domain.tw and domain.cn, etc… Other country-specific flavors (.asia, .biz, .cc, .cn, .com. cn., .hk, etc.) can be mentioned. You are informed about this and offered to buy the domain or the domains.

Scenarios when Contacted by a Domain Name Scammer

At this point there are a few possible scenarios:

First scenario: You don’t really need the domain names but you fall for the scam and say “yes, please register all of these domains for me”.
This is the worst case. These types of companies are ghost companies that charge you three to ten times the regular price of the domain. Sometimes, if you don’t pay attention to all the registration details the scammers will register themselves as registrant and administrative contacts and they will keep themselves in the loop trying to reap you off more down the road.
Second scenario: You look at the domain names list they sent you, you pick the ones you are interested to protect and register them at a serious registrar for a fair price. See this post about Protecting the Trademark by Registering Domain Names. You might have a Web Marketing strategy that involves buying those domain names. In this case the scammers made you a favor reminding you to buy some domains that you missed.
Third scenario: You simply ignore the email; you don’t care if someone registers the domain domain.cn, these days a domain name doesn’t count that much for the traffic as it used to. The content is king and traffic leaking is almost impossible only using a domain name. Protecting your Trademark is your lawyer’s job and there is no need to buy everything on the market to protect your Trademark. See this article about the defensive domain buying: Protecting your Trademark by buying as many as possible domain names.

The decision is not always simple and it depends on your business needs. You could go with either the second or the third scenario.
You can Buy International Domain Names at fair prices at: Go Daddy Bulk Domain Registration

Regardless of your business needs you will probably want to avoid buying these domains from the scammers.

Please improve this post by commenting.

How to Test Your SPAM Filter

Does my Email Filtering Solution Work?

Sometimes as email administrators we need to test if the SPAM filter works and is filtering messages. In order to do this we need to send a test message with content that we are sure is rated as SPAM.

GTUBE – Generic Test for Unsolicited Bulk Email

The GTUBE the “Generic Test for Unsolicited Bulk Email” is a test that can verify if your antispam filter is installed correctly and is detecting incoming spam.
GTUBE works in a similar fashion to the EICAR anti-virus test file.
Insert the following string in any email message and your antispam filter should detect it and filter it accordingly.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Note that this string should be written in one line, without whitespace or line breaks.
Note that this string and can be reproduced freely, without attribution; they are hereby placed in the public domain.

SPF – Sender Policy Framework an Antispam solution

The Email Administrator has to implement SPF filtering on the mail servers and create SPF records for your mail server. SPF is the acronym for Sender Policy Framework and is an open standard specifying a technical method to prevent sender address forgery. SPF protects the envelope sender address giving the opportunity for a mail server to check if an email message is originating from a valid source and not from a forged source.
The technology requires two sides configuration:
(1) The domain owner publishes an SPF record in the domain’s DNS zone.
(2) The receiving server checks the message against the SPF record policy in the DNS zone.
The receiving mail server then can accept or reject the message based on the compliance with the domain’s stated policy. If the message comes from an unknown server, it can be considered a fake.
The SPF will help tremendously against spoofing. Email Spoofing means faking the source of an email message so that it appears as coming from a different source. This will avoid a lot of messages that appear to come from your address but you never sent. More about spoofing on this Wikipedia article: http://en.wikipedia.org/wiki/E-mail_spoofing

Public Email Addresses Cause a Lot of Spam

The Inter-Department debate

Within most of the companies there are two views about how the technology should be used.
Marketing is always looking for ways to attract people to get potential customers involved in Companies’ activities. Sometimes they would do anything to make the Web site visitors rise, even if this doesn’t translate into sales. There is a little desperation in their actions. Many times this translates into SPAM, and exposure to other attacks.
On the other hand the IT infrastructure will always try to secure as much as possible forgetting that tightening up too much will make the customer go away.
It takes a good collaboration between the Marketing and the IT department to insure the best balance between a secure IT environment and the maximum interaction with your potential clients.
It also takes well trained personnel and the training need to be interdisciplinary. For instance Marketing need Technology knowledge and IT need Marketing knowledge.
Following I will present some of the frequent mistakes I encountered in my experience as an IT administrator. I will underline the misconception behind some of these mistakes and show what can be done to correct them.

Common Mistakes when Publishing Email Contacts and How to fix the Mistakes

A common mistake of Marketing is to publish email addresses on Internet. The misconception is that people are not comfortable to use forms and they will run away from a contact form because it involves more effort in order to contact someone within the company.
This is a partial true. This depends on the way your company makes business and on the product you sell. If you sell an inexpensive product and the main goal is to expedite the process then make a contact address public could be a way. This is the easiest and the most convenient way of making yourself available, (after phone). If you sell an expensive product/service, a contact address for support then you should go with Web Contact Forms.
Using a Web Contact Form is the most secure and easy way to maintain email communication. You can publish the link of this form on any website, Social Networking site, or Web profile.
If you are not using Web-forms the amount of SPAM once you publish your email address on Internet is exponential; once your email gets discovered by spider bots is going to be used more and more.
Your contact email address doesn’t have to be published on Internet.   Whoever is looking to get in contact with your company will take the time to fill in a form and a CAPTCHA field. Or they can call; you should publish your phone numbers on the Web.
Or even better setup a chat page on your website and have an option so that you client can request a phone call. Most of the times a company will get better deals for Long Distance calls than a consumer.
On the Social Media profiles use contact forms and links to your website’s contact form instead of publishing an email address.
Social Media pages are very popular and they are crawled more often than other content types. Any email address published will be discovered very quickly by spider-bots.
If your business cannot function without a published email address you can take a few measures to minimize the impact on your system:
Publish an image of your email address and not the email address html coded. This will prevent bots to discover your email addresses while providing users a public email address.
If this is still not acceptable and you want the email address to be a clickable email link, be prepared to change the public email address on a regular basis.
When you change a public email address, set up automatic reply on the old ones and keep the account active for a while. The automatic reply message should point to the newest email address.
Automatic SPAM software will not know that the email has changed and a legitimate sender will get the reply with the newest email address.
The automatic reply should also mention the website page that contains the newest contact information. (Let’s say you changed three email addresses within a week, a client who added you in their Address Book a week ago will have to send three emails to reach you.
The email addresses should be rather complex than intuitive, see this article for explanations:Preventing Domain Name Spam.
Create and maintain a list with all of the Web Pages and Social media sites accounts that use the public email address. This way you won’t forget to make the change everywhere when you need to update the contact info.
Use personal Antispam filters such as: Mailwasher, (free and Pro versions), ChoiceMail One, Spam Killer, CA Anti-Spam, SpamNet, Spam Agent, SPAMfighter, Spam Buster, iHateSpam, SpamBully, Intego Personal Antispam X5, etc…
Another common mistake is to mix up personal communication with business communication.
The reasoning behind this is that: “I am going to give the address only to friends so it’s safe”. Nothing more wrong, there is always one of your friends that will get hacked, personal computers are more prone to be infected and your address will get used and distributed to SPAM lists. See here a more detailed explanation: Ho to prevent Spam.
Never use your business email address for personal stuff. It will end up spammed. Do not use it to exchange email messages with friends, to subscribe to online services etc…
Do not use a personal business email address to create online accounts even if they are business related. Use generic accounts that you afford to change at any time.

Information For System Administrators

Implement SPF – see this article.
Train your users and implement written policies about the email usage within the company.
Use different domain names for web presence and for daily correspondence.
If you are a system administrator you can look at various corporate targeted solutions to reduce spam.
Corporate Level Antispam Solutions
Server Based Antispam Software, Antispam Appliances (Gateway based Anti-Spam), Hosted antispam filtering.
A few solutions no necessarily the best: are Google Postini, Barracuda Networks, MailFoundry, IronPort, Spamassassin, SPAMD (BSD), Trend Micro, GFI MailEssentials, MailMarshal, Symantec Brightmail, and Roaring Penguins’ CanIt Pro.
More Antispam solutions here: Comercial Antispam Solutions

Remember is always better to prevent than to fix.

Corporate Antispam Solutions

Linux Mail Servers or other SMTP servers

Hexamail Guard
Kaspersky Anti-Spam Enterprise Edition
Declude MailProtector
Ruckus MailFILTER
Vorras Classifier
GWAVA for Novell GroupWise
Trend Micro

Exchange

MailSite MP Email Gateway Software
Symantec Premium AntiSpam
Hexamail Guard
MailFender for Exchange Server
iQ.Suite
Pro Exchange Spam Smacker
XWall
modusGate™ MS Exchange Anti-Spam Gateway
GWAVA for Microsoft Exchange
Trend Micro

Windows

BCware NoSpam
Pinjo
DynaComm i:mail
MAILsweeper Business Suite
SpamBolt
Surf Control
AlliGate
Spam Sleuth Enterprise
NetIQ MailMarshal
Visnetic MailScan
Omniquad Mailwall
Lightspeed Total Traffic Control
SMTPTrap
Philter
Fluffy the SMTPGuardDog
Catch!
IDRSMTPProxy
Spam Manager Professional
MailMax
eTrust Secure Content Manager
Leon
mxORB
GWGuardian
Rockliffe MailSite MP
ADVmserve

Gateway (Appliance or Installable Software)

Astaro Security Gateway
Alligate (Windows)
IMGate (FreeBSD 7)
Symantec Brightmail Gateway
iQ.Suite (Windows \ ISA)
Axway MailGate (Linux)
XWall
Active SMTP
ModusGate Antispam Appliance
MXtreme
Cloudmark Authority
SpamTitan
MailFoundry
iForce Mail Firewall
Barracuda Networks
Roaring Penguin CanIt Appliance
SpamKiller 3000 series Appliances
Watchguard Spamscreen
Arska Mailwall
Bizanga

Domino

M-Switch Anti-Spam
Symantec Premium AntiSpam (Exchange and Domino)
SpamSentinel
MIMEShield    

Service (Third party Hosted MX) – Subscription Based

SpamSentinel
MailSite MP Email Gateway Software
Declude MailProtector
Postini (Now a Google service)
Mxpolice
SPAMfighter
MXGuarddog
CudaMail
Remote Anti Spam
GFI MAX MailProtection

Email address Spoofing – Someone is Using My address to Send Spam

Someone is Using Your Address to Send SPAM

You just got a bounce-back email saying that your email didn’t reach the destination because the recipient doesn’t exist. Nothing unusual, this is something that happens to anybody who is using email regularly; except you didn’t send that email. How could this happen? If you are an email server administrator and many of your users get this kind of bounce-back they all start to complain at once, thinking that your server has been hijacked. What can you do to stop this, and how to reassure your users that you haven’t been hijacked?

Sender Address Forgery known as email address spoofing is not a new technique. It is used for many things from spamming organizations to sending viruses and supporting scamming schemes where the sender fakes his identity.

Effective ways to stop Spammers to Use Your Domain Name

Publish SPF Data
SPF (Sender Policy Framework) is a method that allows you to publish which mail servers are authorized to send email for your domain. SPF uses a DNS record that tells email servers which servers are the servers that are trusted sources of email for the specific domain and how much to trust other sources of email originating from that domain. Destination servers might have the SPF checking implemented or not. Many of the today’s servers are SPF checking enabled.
Destination servers check this record and act in consequence. Anti-spam software on servers receiving emails, score an email based on SPF record and other criteria and accept or reject the email based on the total score. For instance if the SPF record tells that any emails originating from non authorized servers should not be trusted the email gets the necessary points to be treated as SPAM and it gets rejected. If the SPF record treats the non authorized servers neutral the message could pass or could be rejected if other it contains other SPAM characteristics.
Do not publish any email addresses on Web pages. This is the most common place for spammers to get valid email addresses and use them to forge email messages

If your company runs its own mail server configure it to ignore email sent to non-existent addresses in your domain. If your server sends a non-delivery report you reveal to a spammer valid addresses in your domain (the ones that don’t send NDRs). This attracts spam to those addresses. You waste bandwidth. The most common reason to send NDR’s for non-existent addresses is to let people know that they misspelled the address. Miss-addressed email can get lost easier.

If your domain gets blacklisted because of spoofing you have to contact the list which blacklisted you and show the Administrator what you did to correct the problem. This is very unlikely since the sender usually spoofs only the email sender and not the server’s address. A blacklist Admin should be able to figure out this.

Preventing Domain Name Spam

What is domain name spam?
Domain Name Spam is a spamming technique where the sender only knows the domain name and he doesn’t have any valid email address in the domain. The technique involves sending emails to all the possible combinations or to a nicely crafted dictionary. The most common addresses in such a dictionary are:
• info@
• mail@
• sales@
• contact@
• contacts@
• root@
• help@
• home@
• contactus@
• enquiries@
• webmaster@
• hr
• shipping
The generic list is actually very long but I won’t include here all of the addresses.
Other possible entries in the dictionary are common names and different combination of these names. Let’s take for instance the name John Doe. A few possible combinations and the most used are: john.doe@company.com, j.doe@company.com, john.d@company.com, johndoe@company.com, etc…
What can you do to discourage and stop this kind of spam?
Set up your email server so it will not accept too many emails from the same server within a specified time frame.
Do not send NDR for unknown recipients, this will inform the attacker about the invalidity of those addresses, this is good information for a spammer. The disadvantage with this is that misspells of an address from a legitimate sender will not inform them about the error.

Use less commonly used prefixes for your email addresses.
Instead of “info@yoursite.com” use “askaquestion@yoursite.com”.
Instead of “webmaster@yoursite.com” use “yourname@yoursite.com”.
Instead of “help@yoursite.com” use “problem@yoursite.com”.
You do want to still keep your email addresses professional and to make sense to your customers. An email address like Egfa13wge2@yoursite.com will fool domain name spammers, but customers will be tempted to delete the email when they see such an email address in the “To” field of their email.
Also, don’t forget that many domain name spammers hope you have your catch-all turned on. This means that even sending an email to “any-address@yoursite.com” will end up in the admin’s mailbox even if that email address doesn’t exist. Unless you have a need for your catch-all to be turned on, you should have it turned off by default.

Anti Spam Techniques – How to Prevent and Stop Email SPAM

Anti Spam

Good Policies and Habits

Email SPAM has become one of the worst annoying things associated to Internet communication.
There are many things you can do to avoid SPAM. There are preventive measures and there are remedial actions. Between the two of them, the preventive actions are the best because have the least impact on you. Preventing SPAM costs less than removing and saves your precious time.

Anti spam Laws

Many of the developed countries have anti spam laws, that are meant to stop unsolicited email messages. Having laws against spam is great and it is a great step forward, but as an end user and an email user, you have to understand that it is your responsibility to prevent spam and to act responsible when using the email. In some countries the anti spam legislation is not very effective, so people will still send unsolicited messages, crafted so they will abide the law. Because email is using the Internet, it is basically open to abuse from any country without specific legislation.

What Can You Do to Prevent Email SPAM?

Spam Preventing Strategies and Behavior

First of all do not give your email address to dubious sites or people you don’t trust.
If you need to subscribe to various doubtful sites you need to create a second email account that you can easily discard when the SPAM level becomes intolerable.
Even better, have three accounts. At least one account should be dispensable.
Do not publish your email address on your web-pages. These are regularly scanned by spammers to harvest addresses. Use web – forms instead. These forms will allow people to send you emails but they will hide your address from spammers’ eyes.
When filling registration forms online, look for the box that requests future offers, or subscription to news-letters and select or deselect as needed.
Do not forward chain letters or, if you really need to, the article Stop Chain Letters – Anti Spam talks about how to prevent spammers to harvest addresses from your email correspondence.
BCC is your friend against spammers. When sending messages to many recipients at once, use BCC to insert all the destination addresses. This field (blind carbon copy) hides the addresses of your recipients. Read this article for more information.
Your work email is only for work. Do not mix your work emails with the personal ones, this is actually part of the Anti Spam IT policy of many companies.
Many Government Agencies and Institutions use email as a way of communication. You should use a special email account only for this kind of communication. This might even be a free account like “Gmail” or “Live” accounts. This will avoid getting this important account spammed.
If you don’t know the sender of an unsolicited email, delete the message immediately.
Never buy from unsolicited emails. You might get scammed and end up on a spammers’ list.
Do not answer spam messages and do not click on any links in spam messages. The “Unsubscribe” links on spam messages are just a way to trick you to confirm the spammer that he has a good address.
Generally speaking, reduce the exposure of your email address in any way.
Use dispensable accounts for dangerous activities.

What can you do to remove SPAM from your mailbox?

Personal Anti Spam Software

Use user level anti spam software. If you use Microsoft Outlook keep you Ms Office up to date as the integrated Junk Filter filters most of the unrequested emails. Some of the most known personal anti spam software are: Norton Anti Spam, Mailwasher, (free version available), Vanquish Personal Anti-Spam, Spam Bully, Spam Buster, SpamFighter Pro, Personal Antispam for Mac, etc…

Corporate Anti Spam Solutions

Speak to your Network Administrator about a corporate anti spam solution. A free anti spam solution that will work great in a corporate environment is Spamassassin. Other commercial anti spam solutions include Mailwasher the server edition, Trend Micro, GFI MailEssentials, Exclaimer Anti-spam, SPAMfighter Exchange Module, SpamTitan ISO as software solutions. There are also anti spam appliances such as MailFoundry, iForce Mail Firewall, Barracuda Networks, Roaring Penguin CanIt, Astaro, SpamKiller Appliances, Fortimail, etc…

Hosted Anti Spam Solutions

Hosted anti spam solutions have become widely adopted because of the convenience and the near to zero administration involvement. These are anti-spam servers that will filter the junk email before delivering to you mailbox or your server depending on the case. Some great hosted anti spam services are: Hosted CanIt anti-spam service, (Roaring Penguin), GFI MAX MailProtection, Symantec Cloud, Barracuda Networks, Google’s Postini, etc…

Solicited Messages can Become Spammy

Unsubscribe from any news-letter that becomes annoying. Sometimes you subscribe to a newsletter and it is fine for a while and in time they decide to send you more emails. I was surprised by the number of people that tolerate unneeded messages and do not unsubscribe. As underlined above do not unsubscribe to unsolicited email messages, you will only make it worse.
As a last resource give up the email account and create a new one. Inform all your friends about your new address and set an auto responder informing about your new address. Spam emails are automated there isn’t a person who is reading the bounce backs or replies, therefore an auto responder with the new address will be only read by real people.

What can you do to help the fight anti spam?

Spread the word. Give your friends the address of this page.
Translate this page in other languages.
Comment on the bottom of the page with other suggestions.
Publish a link to this article on your website or give us your thoughts about other anti spam solutions.