Gallery

Stop spam the easy way: pick an anti-spam ISP

Posted on 23 May 2005 at 15:23

Anti-spam companies are cautious because they are dealing with some clever people. Despite potentially being sociopathic, those who orchestrate spamming campaigns aren't stupid and have a raft of techniques to foil anti-spam systems. Below, we reveal the main ways that spammers send spam, along with ways you can defeat them - and sometimes the ways they try to avoid these measures.

Open relays and hacked email servers

The main challenge faced by a spammer is to take control of a computer from which they can send adverts for pornography, personal enlargement products and pills.

Spammers who send lots of junk using their own ISP lose their accounts quickly. Before spam and email security was a major issue, spammers started using other people's email servers without their permission. Back in the early 1990s, this wasn't hard to do. Even until quite recently, versions of the popular Sendmail mail server were, by default, set up so that unauthorised users could send mail to anyone else through them. In 2003, IBM was still shipping a vulnerable version of Sendmail with its AIX operating system. These open relays were gold dust to spammers, but now most default installations of popular email servers only relay mail for authorised users.

Public blacklists

Many anti-spam systems use public blacklists that contain details about networks which send a lot of spam. This means that abused open relays and hacked mail servers have a short life before spam-protected email servers stop talking to them. This contains the threat and ensures that the administrator wakes up and sorts the problem out.

Spammers can get around public blacklists by using PCs belonging to other Internet users. In a short period of time, these so-called zombie systems can throw out huge amounts of spam from many different locations. Some of these will be connected to the Internet using major ISPs. While some blacklists might prefer not to list a large ISP, others will. For example, over short periods of time, users of Demon Internet, Virgin.net and even AOL have found it impossible to send email to contacts at other ISPs because their own ISP's network had been blacklisted.

Bad words

Whereas blacklists filter out all mail coming from a particular location, some content analysis systems filter according to an email's content. Send a message that includes the words 'BUY VIAGRA!!!!' and it will almost certainly be flagged as spam by a basic content scanner. This will not foil today's average spammer, though, as they will try to bypass content scanners by using words like v1agra, or even ASCII art to spell out words that anti-spam systems look out for.

Worse still, if you receive an email from your domain registrar it will almost certainly be flagged as spam. Always list your ISP in your whitelist, or you could find your domains, email accounts and other essential services expire because the reminder email was automatically deleted by your anti-spam system.

Bayesian filtering

A more advanced method of checking email content is to use Bayesian filtering. This requires some training and learns what you consider to be real mail and spam. You cannot just feed it spam; you have to give it real mail too. This can create an incredibly accurate system, particularly when combined with a whitelist of legitimate contacts and a few good public blacklists.

If you have ever received spam containing sentences that do not make any sense, you will have seen an example of a spammer trying to confuse your Bayesian filter. Here's a real example from a message that popped up while this article was being written: