Internet Defense Technology

I get asked this a lot too and did a an early post called How Many People Actually Buy Something from Spam? which covers this subject.

Basically this is a conversion problem.

Say the spammers send out ten thousands (not uncommon number, sometimes more) spam messages and out of that say two people click through and they make money off of them. That is 0.0002% and they made money off of it.

Simple math and a little scary that it doesn’t take that much unfortunately.

That is why we at IDT feel it is so important to push education out. That way the spammers stop making money and stop spamming (hopefully).

Been seeing a lot of people talking about changing their email address to get away from the spam.

They wonder how long before they are going to have to change it again.

There is no set rule on how long it will take to get spam again. This depends on how you use your email address.

Obviously, if you never give it out to anyone you are going to have a pretty clean box. If you only give it to a few friends you trust (and tell them never to give it out) then you are probably ok.

As soon as you start buying stuff on-line, signing up for e-newsletters or put your address up on any webpage (your site, your social network identity, etc.) that is when you start opening yourself up to spam. You can see my other blog post on How Did the Spammer Get My Address? which goes over this in more detail.

So, there is no answer to that question really. It depends on your activities.

Now for the usual part (considering this is an email spam filtering company’s blog) you should just get a great filter that stops the spam from ever reaching you and you don’t have to worry about that. Of course, that means you need to check out ours here.

When you forward email from one address to another this can sometime lead to difficulties with filtering.

The worst example would be having a hotmail email address that you know forward to work or even gmail.

One of the checks that spam filters do is to check and see who the email is coming from (one reason spammers like to fake a real legitimate email as the from). If they see that it is coming from your toher legitimate email address, they won’t check any further.

While any good filter will check more than that, not all of them do and this can lead to you having a lot more spam in your inbox.

Solutions:

* Tell people about the email address change and give everyone a deadline to change over all their records. Examples, my old email address will be off in 6 months please update your records to “new address”, adding this in the footer of your emails out for a little while too.

* Get a better filter that checks much more than where an email is coming from (and there is my plug for our product, of course).

Have you gotten a spam filter installed on your own personalized domain and still seem to be getting a lot of spam?

One of our users was receiving an exorbitant amount of email, good chunk of it spam and he never complained because he thought (since he got an improvement on how much spam he was getting after installing our service) it was a normal fact of life to get spam everyday.

We caught this fact through our standard log check and discovered that he had another server forwarding 1000s of emails to his server and bypassing any filtering services.

We alerted him of this and we were able to rectify the situation and reduce his spam-load even more!

This is not something extra the client paid for, it was just us taking care of our customers and being aware of what was going on (I had to throw in that plug, we do try to go the extra mile and help our customers).

Article from Ron Edison, Founder and CTO of Internet Defense Technology

What is backscatter? These are bounces generated by spam that is sent with forged return paths (as most spam is). The bounces return to the actual owner of the email address. A great deal of backscatter returns to email addresses that don’t actually exist due to the fact that spammer’s use random/guessed email address as the return path. (The return path and from line of an email are often the same.)

While nothing really prevents spammers from originating the messages in today’s Internet, there are several measures that can be taken to minimize backscatter provided one is using domain-based email (not a yahoo.com, gmail.com, or any other ISP based email address):

1. Disable a catchall, if it exists: catchalls are a magnet for spam in general and simply accumulate huge quantities of traffic. It sooner or later becomes impractical to sort through such traffic manually thus negating any perceived benefit of a catchall. It is far better to simply return emails to incorrect addresses back to the sender as undeliverable. This also prevents a great deal of backscatter as the majority of it will be to addresses that don’t exist.

2. Use a service or server based anti spam system. Such systems employ measures that block spam and are hardened to large quantities of spam and will provide some protection from backscatter in and of themselves, however the spam protection must be implemented on the gateway to be effective in this. See our white paper for details as to why this is.

3. If the backscatter is a major problem (large quantities), and antispam service can customize rules to block it out, but not all services offer this.

Using Total Mail Defense makes possible all 3 of the above options, of course.

Seems there are some changes to the CAN-SPAM act recently, all approved by the Federal Trade Commission (FTC).

Below is the quote straight from the FTC website, but the most interesting part to me is #1. Effectively saying that all emails must allow you to unsubscribe in one of two ways:

a) Send a reply with remove request
b) One click to a single page to opt-out

This means you can’t send me on a wild goose chase through you site for the opt-out link. This means you can’t ask me for anymore information than my email address to “confirm” my opt-out.

Just wish the illegal guys could somehow be forced to do this. Unfortunately what I have seen as true for most laws, only law abiding people pay any attention.

Quote from FTC:

“The new rule provisions address four topics:
(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;
(2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;
(3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and
(4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.”

FTC article on new CAN-SPAM rules

I hate these types of services, I am a real person and find this annoying:

“This is an automatic confirmation request from <***@******.com>;.

“In an effort to fight spam, I have asked my email host, Big Giant Media, Inc., to install a spam filter on my mailbox. To prove that you are a real person and not an automated spammer, please visit the following URL and enter the code you see displayed on the Big Giant Media authentication page:

“http://******

“HINT: If you cannot reach the page by clicking on the link above, please copy and paste it directly into your browser’s address bar.

“You will only need to do this the first time you send an email to my address. Once you have confirmed your status, you will be added to a list of approved senders and will not be required to complete this step again.

“Thanks for helping me stamp out spam!”

Why not just get a system like Internet Defense Technology which can find the spam on it’s own instead of annoying your friends and people who try to email you?

Original article on IDT Blog about email spam

Some new type of email spamming I heard about recently is Outlook spam (haven’t seen one of these yet, but thought I would share some of the information I have heard so you can be ready for it).

Apparently spammers have figured out they can send you a spam email that is one of those emails you send to add a date to your Outlook.

With these Calendar notices you usually have to accept them to get them permanently placed in your calendar. However, for the most part, these items still end up in your calendar as tentative items. If you happen to share your calendar across your business, this means others might see a tentative appointment with porn at 3pm on Tuesday.

Even if you don’t use Outlook (I use Google calendars which sync’s with my Blackberry Calendar) you can still get these emails and they will be added to your calendar.

So if you are seeing strange calendar items on your/shared calendar you might need to look for a new spam filtering service.

Shameless plug here, come check out our service :)

Original article on IDT Blog about email spam

I have on occasion gotten an “out of office” message from someone, usually not a close friends, but some business contact.

While I appreciate the answer, there is some risk in doing this.

There are spammers who specifically send out messages with just one line of garbage in it. While you may feel it is just a mistake if you have ever gotten one, I am sure they are doing it for a good reason:

For every email that doesn’t bounce back to them, they know they have a good email address. They are doubly sure of this if they get an “out of office” message in response to their spam.

Here is what I would do instead of an “out of office” message:

1) send out a email to your list (don’t spam) telling all your contacts you are going out of town

2) ask a co-worker to check through your email regularly and answer any legitimate inquiries with an “out of office” message.

3) set up remote access to your email and check it once every few days

Small thing, but might keep you off more spam sending lists.

Original article on IDT Blog about email spam

Some information and statistics about spam:

A new study indicates that 92% of all email sent in the first quarter of 2008 was spam.

4.6% of all spam originates from web based email services such as Gmail and Yahoo. With Yahoo the most abused web mail service and is responsible for 86.7% of web mail based spam sent (according to MessageLabs).

Spam from Gmail increased from 1.3 percent in January to 2.6 percent in February, with most advertising skin flick websites.

The rest of the spam is a from made-up or hacked domains.

Subject matters include:
* Online Pharmacies (vast majority at about 50%)
* Replica Products
* Casino and Gaming
* Software Sales
* Illegal Advertising
* Credit and Debt Relief
* Bank Phishing
* Job Offers
* Free Offers
(according to Barracuda Central)

The US has maintained is first place in relaying the world’s spam email, in Q1 2008.

Other countries like China, Turkey and Russia fight for the next three spots.

So, there is a general look at spam for this last week, exciting in nerdy sort of way and scary in other ways. Don’t see much change other than it getting worse while companies like ours continue to work to prevent the spam from ever reaching your box.

Original article on IDT Blog about email spam