Email Protection - Stopping Spam
Email is one of the main forms of communication on the Internet. Its inherent speed and reliability makes it a very convenient tool compared to traditional mail. Because it is widely used, spammers, or senders of unsolicited mail take advantage. (Want to know the other uses of email, see 10 overlooked functions of Email.)
Spam, also known as unsolicited email, bulk mail, or junk mail is a form of email abuse. It is used to send marketing materials, malware, or phishing messages. In other words, spam is not only an annoyance, but also a very serious security threat.
According to statistics, an average email account contains at least 40 percent spam, the main reason why email protection is really important.
Why Email Protection is Important
Most, if not all of the security threats that involve email come from spam. Such threats can be as benign as being exposed to adult or indecent material to serious threats such as viruses and worms, spyware and other malware, and of course phishing attempts. Due to the overwhelming volume of spam arriving in email accounts, it simply cannot be ignored.
Email protection is not just about scanning for viruses and other malware. The most effective way is to get rid of or at least reduce the source of it all – spam or unsolicited email. Though most free and popular webmail service providers already come with standard anti-spam measures or filters that are quite effective, there is still a considerable amount of spam that gets through those filters. Minor service providers and businesses that run their own mail service will have to directly deal with spam with adequate anti-spam protection.
Types of Email Spam Threats
We can get several threats from email spam. Here are some of them:
- Marketing Spam – This is not much of a threat to your security, but annoying nonetheless. This type of spam attempts to sell you various products or services that, in most cases, you really don’t want or need. It also usually offers cheap prescription drugs, watches, retail software, adult material, free offers, and more.
- Viruses, Worms, Spyware, and other Malware – Email has long been used, and is still being used, to send and spread malware. Remember during the late 90s to up to the early 2000s when worms spread worldwide, infecting millions of computers through email? Don’t let it happen to you.
- Phishing – Phishing is a technique that uses trickery and social engineering to fool a user into providing sensitive information like usernames and passwords, bank account details, and credit card numbers.
How Anti-Spam Works
There is still no perfect anti-spam protection or filter, as each has their own strength and weakness. The main problem of anti-spam protection is false positives and false negatives. In other words, messages are either tagged as spam even if they are legitimate emails. Some are not tagged as spam, even if the message is actually spam.
Most email service providers do not just settle for one type of anti-spam filtering techniques. Most of them use two or more filtering techniques. Also, there are two types of anti-spam solutions or filtering, the server-based kind where spam is filtered by the service provider, and the client-based variety where end users use special software to filter spam. Here are some of the most common types:
- Authentication / Reputation – This is a server-based anti-spam measure that only uses a list of “trusted” or verified IP addresses or domain names. The domain is the name that comes after the “@” symbol. For example, the domain of your email is “notaspammer.com” and you are on the authenticated list, messages coming from that domain will not be tagged or filtered by this anti-spam filtering technique. When a domain is not in the list, it will either be blocked or passed to another filter.
- Blacklists / Known spammer Domains or IP – This is another server-based solution. Instead of having a list of trusted domains and IP addresses, this technique uses a list of domains and IP addresses that are known to send spam. Another variant of this technique blocks messages that originate from countries or areas that send a lot of spam.
- Challenge-Response – Spam is mostly sent by automated software so this technique uses something that will attempt to verify if the message is really sent by a human. When an email is sent to an address protected by this method, the mail server will automatically send a message to the sender containing a “challenge” or question that the sender must reply to in a given time or else, the message will be blocked and marked as spam.
- Strict SMTP RFC Standards – SMTP or Simple Mail Transfer Protocol is the standard protocol used in sending emails. Just like in any protocol, there are certain rules or standards that have to be followed. Most spam-sending or mass-mailing software does not fully comply with SMTP RFC standards, since most are not aware of such; however, legitimate clients and mail servers strictly comply with the standard. This has become the basis for filtering spam email. When a message does not strictly comply with the standard, it is tagged as spam.
- Rule-based Filtering – This is more of an end-user solution that anti-spam software uses. It basically works by scanning the message and looking for keywords or phrases that match ones in the “rule book”. For example, if the words “viagra” and “cheap rolex watches” are in the rule book, the message will be marked as spam. Rules can also be configured to automatically block emails from addresses not in the contacts or address book of the email account owner.
Choosing Anti-Spam Software or an E-mail Provider
There are many ways to greatly reduce spam to a more or less, tolerable level.
If you are looking for anti-spam software or an email provider, your number one concern should be its ability to catch spam. Here are some of the things you should look for.
You should look for software that:
- Uses more than one spam filtering or anti-spam technique.
- Presents messages that are marked as spam for review and verification (in case there are false positives)
- Can “learn” which messages are legitimate and which ones are actually spam based on contents of an email.
- Can block external images.
These are just the basic things you should look for. Of course you don’t just have to rely solely on anti-spam filters. To ensure your security, make sure you also use other security software like antivirus, anti-spyware, and firewall software. For more information regarding this article, read how to detect phishing scams.
Be the first to comment on this article