Posts Tagged ‘Spam

Process for avoiding SPAM

While the SPAM-blocking capabilities of Web mail providers are good, they will never be perfect, and SPAMers can be expected to evolve their tactics in an attempt to circumvent SPAM filters. And to conduct our research, we tried to do everything wrong in an attempt to attract SPAM. What follows are some guidelines on what users can do to minimize the amount of SPAM they receive:

Recognize suspicious sites

In our experience, it’s an invitation for SPAM (or identity theft) to submit your email address and other information to sites that:

  1. Request your email address on their home page.
  2. Claim to be free but request your credit card information “for verification purposes.”
  3. Make any claims that seem too good to be true.
  4. Make it hard to leave by popping up “are you sure” types of notifications.
  5. Open popup windows as soon as you visit them.
  6. Promise something valuable for very little work (“get a free iPad just for filling out a survey”).
  7. Claim you are a randomly selected winner.
  8. Claim there’s limited time to act on an offer.

If you are interested in what a site offers but it appears suspicious, you can often find out by doing a search for the Web site to see if it’s a scam. For example, search for “theremovelist scam.”

Recognize SPAM

Spam is often identifiable in your inbox, based on certain characteristics:

What to do with SPAM


  1. Delete the email.
  2. Use your Web mail provider’s ability to mark it as junk. However, do not mark an email as SPAM if you have intentionally subscribed to it and no longer wish to receive it.


  1. Display the images in the email. This sends a signal to the SPAMer and they know they have a working email address.
  2. Unsubscribe. If it’s a legitimate email, you can unsubscribe, but it it’s truly unsolicited, unsubscribing only tells the spammer they have a real email address.
  3. Click on links. This also sends a signal to the spammer.

Tags : , , , , ,

Honeypots or decoy email addresses

Honeypots (decoy email addresses) are used for collecting large amounts of spam. These decoy email addresses do not belong to actual end users, but are made public to attract spammers who will think the address is legitimate. Once the spam is collected, identification techniques, such as hashing systems or fingerprinting, are used to process the spam and create a database of known spam. Let’s take a closer look at hashing systems and fingerprinting.

HASHING SYSTEMS: With hashing systems, each spam email receives an identification number,or “hash,” that corresponds to the contents of the spam. A list of known spam emails and their corresponding hash is then created. All incoming email is compared to this list of known spam. If the hashing system determines that an incoming email matches an email in the spam list, then the email is rejected. This technique works as long as spammers send the same or nearly the same email repeatedly. One of the original implementations of this technique was called Razor.

FINGERPRINTING: Fingerprinting techniques examine the characteristics, or fingerprint, of emails previously identified as spam and use this information to identify the same or similar email each time one is intercepted. These real time fingerprint checks are continuously updated and provide a method of identifying spam with nearly zero false positives. Fingerprinting techniques can also look specifically at the URLs contained in a message and compare them against URLs of previously identified as spam propagators.

Honeypots with hashing or fingerprinting can be effective provided similar spam emails are widely sent. If each spam is made unique, these techniques can run into difficulties and fail.

Tags : , , , , , ,

Honeypots Applied to Open Proxies

Honeypots apply to open mail relays in exactly the same way that they apply to open proxies. For this reason, in the following section, I will briefly describe honeypots only as they apply to (1) open proxies and (2) bot-networks.

Recall that an open proxy enables spammers to fully conceal their identities by making all email messages appear to come from the proxy. A cybersleuth could set up an open proxy honeypot and wait for spammers to start using it. This fake open proxy would record the source address of all connections to it along with all traffic routed through it. This could potentially provide significant leads for catching the spammer. The Proxypot Project is an example of an open proxy honeypot specifically designed to catch spammers. It accepts connections from any computer on the Internet, and logs all relevant information about the connection. Most importantly, it logs the address of the computer that initiates each connection. The project also provides tools to search these log files for spam activity. Note that Proxypot actually stops short of sending spam traffic to its destination. It only logs the fact that an attempt to send spam has occurred. By blocking spam routed through it, Proxypot ensures that it does not contribute to the prevalence of spam email.

Honeypot logs can reveal the network address of a spammer. Once spammers discover the open proxy honeypot, they begin to route spam email through it. Unless the spammers take extra precautions, they cannot tell that the open proxy they are using is a honeypot. A few days later, after examining the honeypot’s logs, the cybersleuth can expose the spammer’s network address. Spammers are already implementing methods to evade honeypots. Although open proxy honeypots would seem to be a powerful technique for catching spammers, there are a number of significant drawbacks to this approach. First, spammers are well aware of the existence of honeypots and are implementing counter-measures to avoid them. For example, the Send safe tool is capable of detecting honeypots by sending a test spam email to itself. Since most honeypots block spam email routed through them, the test message will not be delivered and Send-safe will stop routing email through the open proxy honeypot.

Second, spammers can completely fool an open proxy honeypot by using proxy chains. Suppose the spammer identifies three open proxies called A, B, and C. The odds are that at most only one of them will be a honeypot. The spammer then sends email by creating a path through all three servers. The email will travel from the spammer’s machine first to server A, then to server B, then to server C, and finally to the spam recipient. Now, suppose that server C is the honeypot. It only “sees” connections from server B, not from the spammer.As a result, the honeypot’s log would falsely incriminate B as the spammer. In fact, when spammers use proxy chains in this manner, a honeypot log will record absolutely no useful information, unless the honeypot happens to be the first server in the chain. Spammers find proxy chains inconvenient to use since they slow down email delivery and require spammers to identify a greater number of open proxies. Nevertheless, if honeypots become prevalent,it is likely that spammers will simply switch to using proxy chains to evade detection.

Tags : , , , , , ,

5 Reasons Why People Spam Your Blog

No aspect of the World Wide Web is immune to spam – not even the blogosphere. No matter how strong your anti spam server is you may get hit every once and a while. Of course, the type of spam seen on personal blogs is different from the normal spam that you might be used to in the fact that instead of receiving these messages in your private inbox, they are being displayed on your blog for the entire world to see. Furthermore, the professional spammers who distribute unsolicited commercial e-mail for a living have different reasons for spamming a personal online blog versus sending unwanted junk mail into somebody’s inbox. So a bloggers need a good anti spam solutions in order to protect their blog.

1:  To advertise a website, product, or service. Perhaps the most generic reason for spamming a blog is for advertisement purposes. Through a blog it is easy to reach thousands of people every single day; this holds true for the owner of the blog as much as the ones who are spamming it.

2:  Get back links to their site. Many spammers simply leave a comment with nothing more than their website address, hoping to get as many clicks as possible.

3:  It is cheap when compared to other methods of spam. Even in the world of spam marketing, it takes money to make money – unless you’re spamming blogs, of course.

4:  The process can easily be automated to save time. Unlike some of the other spamming techniques, the entire process of spamming a blog can be automated.

5:  To collect e-mail addresses. Many times a user’s e-mail-address will be listed in their online profile, or even right alongside their post. Spammers collect these addresses in order to send them unsolicited commercial e-mail at a later time.

Tags : , , , , , , , , ,

Types of Offers made via Spam

FTC (Federal Trade Commission’s) staff began its analysis by determining the type of offer being made in each spam message. The messages fell into eight general categories, with a catch-all category included for types of offers that appeared infrequently:

Investment/Business Opportunity offers account for 20% of spam studied. Themajority of these arework-at-home, franchise, chain letter, and other non-securities offers.

The following illustration sets forth the prevalence of different types of offers in the random sample of spam analyzed by FTC staff:

Investment/Business Opportunity, Adult, and Finance offers together comprise over half ofspam in sample.

Together, Investment/Business Opportunity, Adult, and Finance offers comprised 55% of the random sample of spam analyzed by FTC staff. Surprisingly, given that UCE inherently targets consumers with computers and Internet connections, only 7% of the spam analyzed concerned offers for computer or Internet-related products or services.

Tags : , , , ,