Spam and Phishing Attacks in 2007

One of the most common complaints about an e-mail host isn’t the reliability of their systems (even Google’s mail service experiences downtime from time to time), but rather the amount of spam that ends up in users’ Inboxes.

Gmail down

With the development of new techniques to deceive mail filters such as SpamAssassin and DSPAM by Spammers, comes a very unique challenge to software developers, systems administrators, and end-users.

Over the past year, we have utilized the MailFoundry service to handle all inbound messages off-site, and a few months ago realized that it isn’t a truly scalable system. So this year, we went back to the drawing board and decided to continue offering MailFoundry service to our shared hosting customers free of charge, as the service is reliable enough for the average user. However, offer more reliable and scalable solution called Postini to businesses that require a mission-critical anti-spam and virus solution.

In this article we will cover the four anti-spam techniques that we currently utilize and their advantages/disadvantages. New hosting accounts at Sliqua are setup with DNS Blacklists, SpamAssassin, and MailFoundry. As an optional upgrade, we use DNS Blacklists, SpamAssassin (optional), and Postini Integrated Message Management.

DNS Blacklists – We currently only utilize a small number of DNS Blacklists because while they drop most spam attacks in real-time, they are known for causing a great number of False Positives. The DNS Blacklists we currently use are Spamhaus ZEN, SpamCop, and SurBL. These lists are known to be extremely accurate and well maintained.

SpamAssassin – This system is used by the majority of mail servers on the Internet. It processes mail on the same physical machine you receive your e-mail from. While it can be trained to be extremely accurate at detecting spam; in our opinion it simply doesn’t work that well unless you spend a lot of time keeping up with various spam techniques and come up with custom rule sets to handle incoming mail. While we utilize this system across the board, we only do so as a last resort in case there is any sort of problem with our MailFoundry service.

MailFoundry – This service is extremely accurate at detecting spam, however it is not a truly scalable solution. In addition, the only way for customers to check what is in their Quarantine is to wait for a daily digest e-mail. Based on the configuration of the appliance, it can hold messages from new senders for up to 30 minutes before delivering the messages to the designated Inbox. For most small businesses that don’t receive much e-mail, this solution is perfect as it provides the level of anti-spam service they require and doesn’t require much investment.

Postini Integrated Message Management – In addition to being a highly scalable and accurate, Postini analyzes over a billion e-mail messages a day, through its behavior analysis techniques, their system is able to detect new spam on its own in real-time. As a managed service, Postini handles all messages off-site from multiple Equinix Datacenter locations and delivers legitimate messages almost instantly. Most of the time, messages are processed as fast, if not faster than SpamAssassin running on the local machine.

While we have given you a little rundown of the different anti-spam techniques we currently utilize, there is are two ways that you can get involved in the spam war. If you receive spam in your inbox, and know how to view e-mail headers through your mail client, you can submit them to SpamCop for review. Spamcop will then send the logs you submitted to the Internet Service Providers (ISPs) and Hosting companies used by the spammers in order to deliver the spam messages to you. Spammers that do not remove your address from their lists are typically terminated by their ISPs.

Another way to assist is through Phishtank, a service offered by OpenDNS which analyzes the contents of Phishing e-mails. These types of messages are used to usernames/passwords for bank accounts, Social Security numbers, and other forms of personally identifiable information used for fraud.

Phishtank

As always, if you have any recommendations for topics to cover in the future or have questions/comments, feel free to e-mail blog-feedback@sliqua.com.

Leave a Reply

Your email address will not be published. Required fields are marked *