How Spammers Fool Spam Blacklists - And How to Stop Them

Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient, effective communication tool it was intended to be.

One method used to combat spam is blacklisting. The goal of blacklisting is to force Internet Service Providers (ISPs) to crack-down on customers who send spam. A blacklisted ISP is blocked from sending email to organizations. When an ISP is blacklisted, they are provided with a list of actions they must take in order to be removed from the blacklist. This controversial method blocks not just the spammers, but all of the ISP's customers. Blacklisting is generally considered an unfriendly approach to stopping spam because the users most affected by the blacklist are email users who do not send spam. Many argue blacklisting actually damages the utility of email more than it helps stop spam since the potential for blocking legitimate email is so high.

In addition to the ethical considerations, there are other problems with blacklists. Many blacklists are not updated frequently enough to maintain effectiveness. Some blacklist administrators are irresponsible in that they immediately block suspect servers without thoroughly investigating complaints or giving the ISP time to respond. Another downside is that blacklists are not accurate enough to catch all spam. Only about half of servers used by spammers, regardless of how diligent the blacklist administrator may be, are ever cataloged in a given blacklist.

Blacklists are used because they can be partially effective against spammers who repeatedly use the same ISP or email account to send spam. However, because spammers often change ISPs, re-route email and hijack legitimate servers, the spammer is a moving target. Blacklist administrators are forced to constantly revise lists, and the lag-time between when a spammer begins using a given server and when the blacklist administrator is able to identify the new spam source and add it to the blacklist allows spammers to send hundreds of millions of emails. Spammers consider this constant state of flux a part of doing business and are constantly looking for new servers to send spam messages.

When used individually, each anti-spam technique has been systematically overcome by spammers. Blacklists have some utility in stopping known spammers, but they may also block valid emails. Because of their limitations, blacklist data should only be used in conjunction with other sources to determine if a given message is spam. Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of the population to adopt the same anti-spam method in order to be effective.

The Solution

Reputation systems offer a comprehensive anti spam solution by dynamically updating black and whitelists based on sender behavior. These systems also automatically update and score messages thereby removing the burden from administrators. Today's spammers are more clever than ever, so today's reputation systems must be equally sophisticated. An effective reputation system must be dynamic, comprehensive, precise, and based on actual enterprise mail traffic in order to keep the spammers from gaining any advantage. You can learn more about the fight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com/prod ucts/spam_and_fraud_protection today.

In The News:

pen paper and inkwell


cat break through


Anti Trackback and Comment Spam Methods

What is spam ? ... Read More

ANTI-S*P^A#M: Protecting Your Web Sites Email Address(es)

Did you know that there are software programs that view... Read More

The Anti Spam Challenge ? Minimizing False Positives

Email is the quintessential business communication tool, so when it... Read More

How You Can Avoid The New Dangers Of Spam

Until recently, spam has been an annoyance, a definite load... Read More

Is Spam Affecting Your Business Email?

5 Ways Spam Is Affecting Your Business And what we... Read More

Im Guilty Until Proven Innocent

No doubt about it."Spam" (unsolicited commercial email) threatens to paralyze... Read More

How To Identify Spam

Most of us have opened our email program and found,... Read More

BUSTED: Anti Spam Forces Bankrupt Super-Spammer Scott Richter

Microsoft scores one for the good guysScott Richter, the self-proclaimed... Read More

Spam Filters Explained

What do they do? How do they work? Which one... Read More

Demand for Spam? It exists

Do you like spam? No, I'm not kidding. Everybody knows... Read More

Avoiding the Spam Trap: Get Your Message Delivered!

Your message is not being delivered.If you send emails to... Read More

The Vanishing Mail

Am I Just Being Paranoid Or Are The Robots Out... Read More

Fight Spam and Fortify Your Web Site with RSS

RSS is the answer to the Spam epidemic of the... Read More

Having a Bad e MALE Day? Email, Spam, Spam and More Spam

You just sat at your desk, opened your email account... Read More

Bayesian Spam Filters Explained

In a word Bayesian spam filters are "intelligent". Bayesian spam... Read More

Getting Back To Basics.

While we all agree that there`s way too much spamming/junk-mailing... Read More

SPAM: A Nutrious Food or a Waste of Time?

Unless the filters on your computer are really good, you're... Read More

Protecting Your Business From Spam

Even being as careful as possible with my email address,... Read More

Edating Readers

One of our Australian clients sent out a campaign using... Read More

Why Is Spam Such a Problem?

Spam can be a lot more damaging than you might... Read More

Internet Theft and Fraud

My friends in the web hosting business have recently informed... Read More

How To Analyze A Rip-Off Scheme

This review is taken DIRECTLY from a piece of "junk... Read More

How to Avoid Spam Complaints in Your Emails

Spam filters are responsible for deleting a high percentage of... Read More

20 Words That Kill - At Least When It Comes to Spam Filters

Spam, spam, spam. It's terrible not only for those of... Read More

Is Email Dying?

2004 was really a year when the whole subject of... Read More

Challenge Response Spam Filters Explained

As the flood of spam increases end users are looking... Read More

Take Back Control of Your Inbox: Eliminate Annoying and Potentially Harmful E-mails

Are you tired of spam stealing your time, your money,... Read More

Protecting Yourself With A Porn Filter

The harmful affects of pornography use and addiction are well... Read More

The Cybermagic of Whitelists

Before we start getting deep into the meat of this... Read More

Spammer Stole My Email Address?

Do you get bounced, or rejected emails sent by someone... Read More

Dont Look Spammy!

We all hate spam and get way too much of... Read More

The Great Spam Scam: Five Strategies To Stop Brand and Revenue Robbery

Marketers usually think of anti-spam tactics as 'how to prevent'... Read More

Internet Tip of the Week: Outsourcing

It's no secret that the US economy has slowed down,... Read More