The Black Art of SPAM Prevention

Most organisations today categorise email as mission-critical to their business, and so the ability to reliably send and receive emails receives a lot of attention from us. However, as we are all aware, the amount of junk mail – ‘SPAM’ – received is a continuing annoyance.

A quick check of our servers shows that over the past three months, a massive 53% (of nearly 1/2 million emails) of all emails received were suspect. Now obviously it would be great if we could simply block such messages, but detection of SPAM is more a black art than a defined science, and so SPAM filters must be continually adjusted and refined to ensure all real/valid emails get through (zero false-positives) while all SPAM is blocked. We could simply turn off SPAM filters, but generally this would result in 50% extra emails reaching each users’ inbox – a situation no user wants to contemplate.


Breakdown of the 53% Suspect Emails

 

Breaking down the above 53% shows that:

  • 2% of all emails contain malware – Viruses, Trojans etc – we definitely do not want these passed through.
  • 31% of all emails are from known spammers  – we want these blocked automatically, but as some users want to see some of these, we need to provide a mechanism whereby they can be retrieved.
  • 20% of all emails are where we have to be somewhat creative and apply our black-art talents to separating the wheat from the chaff, and it’s this 20% that seems to cause the most questions and mis-deliveries.

How to determine the validity of incoming email?

 

So what ‘black arts’ do we employ to determine the validity of this 20% (90,000) of messages? Essentially, each and every message is tested and given a Spam Confidence Level (SCL) score, and when it gets above a defined level, it is tagged as SPAM. Virtually all anti-SPAM solutions – whether in-house, or in-cloud, software-based or appliance-based – employ some or more of the following checks:

  1. Reputation of Sender:
    1. Is the sending server on a blacklist? This occurs when a recipient reports receiving SPAM from a server, and is placed on one or more of the 100+ blacklisting organisations.
    2. Is the sending server properly set up with a fixed address – determined by whether it has a Reverse-DNS (RDNS) entry. (Spammers will use arbitrary/impermanent servers).
    3. Does the sending organisation designate approved sending servers – via the Sender Policy Framework (SPF) stipulated in DNS
  2. Message Content:
    1. Does the message subject or content contain known SPAM-like words – such as ‘Drugs’, ‘Viagra’ and so on.
    2. Does the message contain multiple languages, such as combined English & Chinese?
  3. Message Distribution:
    1. How many recipients is the message sent to? More than a handful generally means the message is more likely to be Unsolicited Commercial Email (UCE).
  4. User Overrides:
    1. Has a given user either black-listed or white-listed a particular address?
    2. has a given user chosen to be more or less aggressive in their application of the above checks?

How to ensure that emails we send get read?

I trust from the above readers can get an idea of the issues we face in categorizing SPAM for delivery, and I trust that readers will also see that it’s very much an imperfect ‘guesstimation’ at best, and there is little as recipients we can do to more accurately qualify messages. But what should we do to ensure that messages we send get the highest possible chance to be delivered?

  • We MUST have adequate malware protection for inbound emails, and ideally also scan outbound emails for malware to ensure we do not compromise our message recipients.
  • We must properly designate and authenticate our outbound servers – via RDNS, SPF – and ensure all mails from our domain are sent only from these servers. This may not be just your corporate email server: – we must also check any other servers that send emails on behalf of our domain: -for example if our website sends emails, then it must also be properly designated and authenticated.
  • We must regularly check that our sending servers have not been blacklisted.
  • If we regularly need to send messages to more than a handful of recipients, we should consider using a third-party service rather than send such ‘mail-blasts’ through our own servers – which reduces the likelihood of getting our servers blacklisted.
  • If we send Unsolicited Commercial Email (UCE) as a Singapore organisation, we must ensure the subject line contains <ADV> and we must provide (and act on) an unscubscribe link – to ensure we comply with legislation, or otherwise face the risk of legal action against us.

If you would like to discuss this issue and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

 

11 thoughts on “The Black Art of SPAM Prevention”

  1. Pingback: Stephen
  2. Pingback: max
  3. Oh my gߋoⅾness! Amazing article dude! Thank you so much, However I
    am having ɗifficulties with your RSS. I don’t undeгstand the
    rеason why I ⅽannot suЬscribe to it. Is there anybody hаving identical RSS
    issues? Anyone that knows the answeг сan you kindly resρond?
    Tһanks!!

  4. I think everytһing posted was actually very logical.

    However, consiԁеr this, what if you wrote a catcһіer
    pߋst title? I ain’t suggesting your content isn’t good, but
    what if you added sοmething that makes people want more? I meаn The Black Art of SPAM Prevention | is a little boring.
    You could peek at Yahoο’s home page and note how thеy create
    post titles to get viewers to open tһe links. You might add a video or a related pic or two to grab readers interested about eѵerything’ve written. Just my oрinion, it would bring
    your posts a little bit more interesting.

  5. Gօod post. I learn something totalⅼy neԝ and challenging on siteѕ
    I stumbleupon everyday. It’s always ᥙseful to read content from other writers and practice a
    little something from thеir web sites.

  6. Mаɡnificent beat ! I would like to apprentice
    while you amend your website, һow could і sᥙbscribe for a blog web site?
    The account helped me a acceptɑble deal. I
    had been tiny bit aсquаinted of this your broadcast offered bright
    clear concept

  7. Hello eѵeryone, it’s my first gо to see at this site, and piece of writing is truly fruitful in support of me, keеp up posting tһese types of contеnt.

  8. Іf some one needs to be updated with newest technologies afterward he must be visіt this website аnd
    be up to date everyday.

  9. My sp᧐use and I absolutely love your blog and find most
    of your poѕt’s to be just what I’m looking for.
    can you offer guest writers to write cοntent for you personally?
    I wouldn’t mind creating a post or elaborating on a ⅼot of the subjectѕ you write in relation to here.
    Again, awesome website!

  10. Can Ι simply just say what a relief to discover somebody who truly knows ѡhat they are talking about on the internet.
    Yⲟu actually understаnd how to bring an issue to
    ligһt and make it importаnt. More peⲟpⅼe need to cһeck thiѕ out
    and understand this side of the story. I was surprised you aren’t mօre poрular
    since you definitely possess the gift.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

© 2016 PASR Technologies Pte Ltd

Terms & ConditionsPrivacy Policy

Support

Support Hotlines

Email: support@pasr.net

Skype: pasrsupport

  • Singapore

    +65 6340 1018

  • India

    000 800 443 0046

  • Philippines

    1800 1651 0800