Fighting the Battle Against Spam

Unless you are one of a lucky few Internet users, you will no doubt be inundated every day with massive amounts of UBE (unsolicited bulk email), or UCE (unsolicited commercial email), otherwise known as Spam. Spam is an ever increasing nuisance (estimated at over 90% of all email traffic), which can often be malicious in nature, that is choking mail servers and networks throughout the Internet, not to mention causing a loss of productivity in every workplace that uses electronic communications.

What you need to do to reduce your Spam...

The obvious way to reduce the amount of Spam you receive is to make sure that spammers don't have your email address! Spammers get hold of email addresses in five main ways:

• They pick them up when they're used publicly on the Internet, e.g. in a newsgroup posting or on a webpage. This is by far the most common way, and is known as "harvesting".

• They buy a CD or List of email addresses. These addresses were most likely harvested in the same way described above, and can often be years out-of-date.

• They guess them. For example, it's a fair bet that "bob@example.com" could be a valid email address, although there's no way of knowing for sure. But it takes so little effort and cost to send Spam, they just try sometimes several hundred possibilities @example.com.

• Some unscrupulous ISPs (and other organisations) sell spammers our email addresses, although this is quite rare.

• We give them away. Always carefully read the privacy policy of any website before you give up your email address, as sometimes email addresses are passed on or used for purposes other than those we intended.

Below are some simple things you MUST DO to reduce the amount of Spam you receive:

1. PRIORITY I:
   Munge or encrypt your email address

When customers initially contact our Cheeky Monkey Hosting Support Centre with complaints over Spam, the first thing we do is visit their website to see how spammers obtained their email address in the first place.

We cringe when we see the customers email address written freely in plain text on their public website. Spammers love this as they can obtain your address with ease using harvesting software.

You must munge or encrypt your email address before advertising it on your website. "Munging" is the act of mangling your email address so that it can still be read by a human but cannot be automatically harvested by spammers.

We recommend Dynamic Drive's Online Email Riddler to do this:
http://www.dynamicdrive.com/emailriddler/

2. PRIORITY II:
   Setup your email aliases and catch-all account settings

By default, we setup a catch-all user account - this allows you to accept everything@your-domain.co.nz. As spammers can guess email addresses, you may not want to accept everything@your-domain.co.nz and wish to only accept mail at specified email addresses that are in use.

You can do this by logging into your Site Admin Control Panel (Login accessible at the top of this page). Once logged in, click on "Aliases". We recommend that you add only the aliases that are in use and then redirect your catch-all account to site_blackhole. This then forces any mail sent to an unused email address to the "black hole" but allows email sent to legitimate addresses through.

3. PRIORITY III:
   Setup your Spam Filtering Options

All customers have total control over spam filtering options and thresholds - please customise these to suit your needs.

You can do this by logging into your User Admin Control Panel (Login accessible at the top of this page). Once logged in, click on "Spam Filtering" and configure your spam options.

Spam Tolerance Level defines the threshold, which if exceeded, classifies an email as spam. Each email is passed through a spam engine and if spam words are found, the score is increased. After the entire mail is scanned, if the score exceeds the tolerance level you set below, then that email is marked as spam. Increasing this threshold will allow more spam to go undetected while decreasing it may result in more legitimate mail getting marked as spam.

• When spam is identified, you can chose to delete the spam email immediately or have the email delivered to your inbox with text added to the beginning of the subject line.

• Within this menu, you can also manage your allowed senders list and blocked senders list.

4. PRIORITY IV:
   Be careful with your Email Address

Never give your email address to a company you do not trust entirely. If in doubt, open a free email account with a provider like hotmail.com or yahoo.com, and use that address for communicating with the less trusted organisations. That way, if they do spam, you can close the account and you've only lost a free email account you weren't using for anything else.

Don’t post to usenet using an unmunged email address you care about. Use a throw-away address from a free email provider or munge your email address as described below.

Never allow your email address to appear on a website in its true form, including on web-based discussion boards. Instead use Contact Forms or munge your address.

What Cheeky Monkey Hosting are Doing...

Trying to reduce the Spam received by our customers whilst still accepting all legitimate email is very difficult, as if we are too harsh on Spam we run the risk of trashing “good” mail that our customers need to receive.

We have adopted the following Spam fighting policies and techniques:

Spam Filtering

One tactic we use to cut down on Spam is filtering. Our Mail Transfer Agents (MTAs) receive all incoming mail and scan each individual email, tagging any mail that matches the pattern of a known piece of spam. Mail is graded on a points scale, where certain “spammy” characteristics score varying points. When the points accumulated by an email go over the Spam threshold score, the mail is classed as being Spam and is tagged as Spam before being delivered to the recipients mailbox. The recipient just needs to set up filtering in their email program to put the tagged spam into a separate folder, or alternatively they can choose in their Spam Filter settings to automatically delete any mail which is tagged as being Spam.

Bayesian Filtering

Bayesian Probability Filtering is a spam-filtering technique which has been integrated into our mail scanning tools. The idea is that you "train" the filter to recognise spam from non-spam, by telling it whenever it makes a mistake. This has been quite successful because everyone's spam is different and the types of legitimate mail everyone gets is different.

Spamhaus SBL

The Spamhaus Block List is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team to help email administrators better manage incoming email streams.

Our mail servers at Cheeky Monkey Hosting use this list to identify and block incoming mail from IP Addresses which Spamhaus has deemed to be involved in the sending of Unsolicited Bulk Email (Spam).

Realtime Block/Blackhole Lists (RBLs)

We use a variety of these Block/Blackhole Lists, which contain IP Addresses of known Spam sources, to “blacklist” mail from machines that have a reputation for sending a disproportionate amount of spam.

Greylisting

The ‘greylisting’ technique involves deferring an incoming email (responding to the senders mail server advising that the mail can’t be delivered at that time), and then accepting the second attempt to send the email. The reason why this is effective against Spam is because most spamming mail servers don’t wait to see if the recipients mail server is going to accept the mail or not, they just bombard it with mail. If it’s a legitimate email sent from a legitimate mail server, the sending mail server will try once, then try again a short time later when the first attempt is not successful. Once an email has been determined to be from a “good” source, the sending mail server’s IP Address is ‘whitelisted’ for 7 days – this means that all mail from that mail server will be received without being deferred first.

Directory Harvesting Attack (DHA)

Our mail servers are set up to detect DHA attacks and block these appropriately. DHA attacks involve a spammer (or a virus) trying to send to multiple email addresses at the same Domain Name e.g. bob@example.com, jane@example.com, info@example.com, sales@example.com. If our mail servers detect that these ‘recipient failed’ errors are occurring too often from the same sending mail server, we will defer all mail from that mail server until an hour has passed where no ‘recipient failed’ errors have occurred.

Sender Verify

Our mail servers will not accept mail that does not come from a verified “From” address. Basically, what happens when an email is coming in, our mail server responds to the sender’s mail server and asks it “does the ‘from’ address in this email actually exist?”. If the sending mail server replies ‘yes’ then we accept the mail, but if it cannot verify the sender’s address, the mail is then deferred and will continue to be deferred until such time as we are able to verify the sender’s address.

Working with Xtra Customers and ensuring your email gets through

In 2007, Xtra partnered with Yahoo to create Yahoo!Xtra Bubble, changing the way spam was managed. Due to these changes, some Xtra customers may have found that legitimate emails may have found their way into your spam folder. Likewise, Cheeky Monkey Hosting customers need to ensure the delivery of legitimate emails to Xtra customers.

What you can do to help ensure the delivery of your legitimate email to Xtra customers

As part of Xtra's new spam filtering system, Xtra has a system to identify legitimate senders of bulk emails. Therefore to assist Xtra to get your emails through to customers correctly please fill out this form: http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulk.html

Below are a couple of tips that will help you to successfully complete the form:

• You'll need to provide the Domain Name(s) you send legitimate bulk email from;

• In step 4 of the form, the subject of your request from the drop-down options in the list will be 'I send permission based emails, yet they are delivered to the bulk mail folder'

Once you submit the form you will receive an auto-acknowledgment to confirm the request has been received. Then you will be contacted via email by a representative of Yahoo!

What your Xtra recipients can do

To enable your messages to be delivered to your customers inbox instead of their Spam mail folder, we recommend you request any of your customers using Yahoo!Xtra to do the following:

• Mark messages from your email address that arrive in the Spam folder as 'Not Spam'

• Add your address to their Yahoo!Xtra online contacts so that it is recognised as a trusted contact

Once your Xtra customers have done the above, your emails will be recognised as originating from a trusted sender and should be delivered directly into their inbox.

If your customers want more information please ask them to refer to: http://help.yahoo.com/l/nz/yahooxtra/mail/yahoomail/abuse/index.html