 |
 |
|
Click for Issue April 2007 December 2006 August 2006 April 2006 December 2005 August 2005 April 2005 December 2004 August 2004 April 2004 |
| How does all the Spam get through? Patrick Rittich
All spam starts from the person who wants to send it out, the spammer. In the early days of the internet, spammers would just send it from their own computer, and sometimes their own collection of high powered servers. But this source became easy to block because of the identifying IP address. Networks could just say "Reject" to the IP address once it became known as a source of spam. Moving forward, spammers started to send spam out through other people's servers, since they didn't care if somebody else had their IP address blocked. First they would send out spam through "open relays" - servers that don't check who is sending the mail - which is very bad network practice. Then they sent through servers that the had managed to gain access to through other means. Again, the system administrators of these other networks responded by clamping down on security to make it much more difficult to access their servers to send out spam. This brings us to today. What has become common practice for spammers is to create "spam viruses". These are passed along via email, and when a computer is infected by one of these viruses, they become a source of spam emails. Since there have become so many of these "zombie" computers, it's not practical to block each and every IP address. Instead, it has become common to search through the email message to find its source, then determine if it comes from a known mail server, identified as such, or if the mail comes from a home computer with a broadband connection. This is where the ISP's spam filtering plays a larger role. Every email received at Dowco goes through several spam filters… The biggest of these is Spam Assassin. Each email receives a score based on how many features the email has that appears to be like a spam. A higher score means the email is more like a spam. Once an email's spam score reaches our threshold, it is redirected into a folder on the server and held there. In this way, we can retrieve it should it turn out to be a false positive. This is rare, but does happen sometimes. So with all this technology and security checking the email, it's source, and the contents of the email, how can it still get into the mailbox? The answer is surprisingly simple. The spammers also have access to Spam Assassin and other spam filtering tools. They run their spam emails through them, and edit their emails until they can go through with a very low score. At Dowco, we constantly update our own custom sets of rules and scores, which the spammers obviously don't have access to. But at this point it becomes a game of tag. One week, we have the upper hand and very few spams get through. The next week, the spammers have changed their emails, and more will get through. In short, we are trying to hit a moving target. Finally, how does the spammer get my particular email address? They have access to lists of emails that they buy from unscrupulous people. They also have programs that search the internet for email addresses posted on websites, and on internet bulletin boards. But commonly they send out emails in an "alphabet attack". This means that they just send out to random email addresses at a particular domain, hoping to reach anyone on the receiving address. As an example, they'll send emails to "aaa@dowco.com", "aab@dowco.com", and "aac@dowco.com" in the hopes that one of those email addresses are valid. After all, it costs the spammer nothing to send out thousands of emails. So even an inefficient list of emails can be productive. This also explains why you see so many @dowco.com addresses in the spam email. They most likely don't have a list of dowco.com addresses, but are just blanketing all possible combinations.
|
Often wondered how all that annoying spam gets in your inbox? If you're like most people, you don't know the how or why, but you've been annoyed by it at some time.
 |