Stop spam the easy way: pick an anti-spam ISP

Most people choose to install anti-spam software on their desktop, but there are both easier and more in-depth ways to block unsolicited emails.

Even with the best desktop software in the world, you still have to download messages you do not want or need. This is inconvenient when you have a broadband subscription, but can be disastrous over a dial-up connection. It would be much better if your email server got rid of the spam before it even reached you.

There are two main ways to achieve this. The first is to run your own email server at the end of a fast connection and let it handle the spam filtering. When you connect, even using a slow mobile GSM connection, most of the spam should have been removed and you will get a high percentage of real email.

It is not for the technologically faint-hearted, but could reap huge rewards. We go through the basics of building a Linux-based anti-spam email server.

Let your ISP do it

The second option is to allow your ISP (or you could use a permission-based service) to do the anti-spam scanning for you. On the plus side, these service providers should know what they are doing and be constantly alert to new spamming techniques. The main concern is that you could lose an important email.

However, we have found that many ISPs that provide free or very low-cost anti-spam scanning simply tag your incoming mail with a label to help you filter it in your email client. While this means you will always receive real messages, mis-tagged or not, it also forces you to download the spam. This is not ideal. For a detailed list of what some popular ISPs can do for you.

ISPs vs managed services

There is a world of difference between the services a consumer-orientated ISP will provide and the managed services available to businesses. With the former, you can have your email messages tagged with the word [spam] in the subject field for free or nearly free, while companies with larger budgets can have all incoming mail filtered and only receive the good stuff.

ISPs usually use a filtering system such as SpamAssassin or Brightmail to decide whether a message is spam or not, but this will be relatively transparent to users. There may be a web page with some basic controls to change the aggression level of the spam detection, and web-based email systems such as Hotmail allow you to enter the addresses and Internet domains of your contacts to ensure their mail gets through, but that’s usually the extent of your control. With POP3 services, you can expect to download everything, with spam being labelled as such.

A fully managed system, suitable for business use, works in quite a different way. Some, including the one run by UK company MessageLabs, work by intercepting all mail sent to a company’s domain and applying filters for spam, viruses and other threats. The real mail is passed through to the incoming mail server hosted by the business, and the suspect mail is sent to an archive or quarantine system. Users download mail from the business’ own mail server, and a web interface gives the users access to suspect messages on the quarantine server.

MessageLabs claims to stop up to 100 per cent of all incoming spam, but that claim is rather pointless – it is not going to be able to stop more than 100 per cent, and it does not give a likely minimum. Symantec says its Brightmail AntiSpam service has 95 per cent effectiveness, but links this statistic to a magazine survey rather than making this claim itself. The truth is that no system will clear 100 per cent of spam and guarantee zero per cent false positives and, in just the same way that no sensible company would dare claim its products could stop all viruses or hackers, companies do not like to say they can stop all spam while leaving all real messages unmolested.
Anti-spam companies are cautious because they are dealing with some clever people. Despite potentially being sociopathic, those who orchestrate spamming campaigns aren’t stupid and have a raft of techniques to foil anti-spam systems. Below, we reveal the main ways that spammers send spam, along with ways you can defeat them – and sometimes the ways they try to avoid these measures.

Open relays and hacked email servers

The main challenge faced by a spammer is to take control of a computer from which they can send adverts for pornography, personal enlargement products and pills.

Spammers who send lots of junk using their own ISP lose their accounts quickly. Before spam and email security was a major issue, spammers started using other people’s email servers without their permission. Back in the early 1990s, this wasn’t hard to do. Even until quite recently, versions of the popular Sendmail mail server were, by default, set up so that unauthorised users could send mail to anyone else through them. In 2003, IBM was still shipping a vulnerable version of Sendmail with its AIX operating system. These open relays were gold dust to spammers, but now most default installations of popular email servers only relay mail for authorised users.

Public blacklists

Many anti-spam systems use public blacklists that contain details about networks which send a lot of spam. This means that abused open relays and hacked mail servers have a short life before spam-protected email servers stop talking to them. This contains the threat and ensures that the administrator wakes up and sorts the problem out.

Spammers can get around public blacklists by using PCs belonging to other Internet users. In a short period of time, these so-called zombie systems can throw out huge amounts of spam from many different locations. Some of these will be connected to the Internet using major ISPs. While some blacklists might prefer not to list a large ISP, others will. For example, over short periods of time, users of Demon Internet, Virgin.net and even AOL have found it impossible to send email to contacts at other ISPs because their own ISP’s network had been blacklisted.

Bad words

Whereas blacklists filter out all mail coming from a particular location, some content analysis systems filter according to an email’s content. Send a message that includes the words ‘BUY VIAGRA!!!!’ and it will almost certainly be flagged as spam by a basic content scanner. This will not foil today’s average spammer, though, as they will try to bypass content scanners by using words like v1agra, or even ASCII art to spell out words that anti-spam systems look out for.

Worse still, if you receive an email from your domain registrar it will almost certainly be flagged as spam. Always list your ISP in your whitelist, or you could find your domains, email accounts and other essential services expire because the reminder email was automatically deleted by your anti-spam system.

Bayesian filtering

A more advanced method of checking email content is to use Bayesian filtering. This requires some training and learns what you consider to be real mail and spam. You cannot just feed it spam; you have to give it real mail too. This can create an incredibly accurate system, particularly when combined with a whitelist of legitimate contacts and a few good public blacklists.

If you have ever received spam containing sentences that do not make any sense, you will have seen an example of a spammer trying to confuse your Bayesian filter. Here’s a real example from a message that popped up while this article was being written:
Subject: Re: Va11ium C1ALlS V-AGRA

‘man, very tall and stiff, a little older and greyer than Don Dieg had fallen into his hands … A dreadful man. That is why. fugitive traitor as long as he lived.’

Our SpamAssassin-based anti-spam system recognised this as containing references to erectile drugs, but the content wasn’t relevant enough to have the message classified as spam. If we allowed our Bayesian filter to read this message as a real one, which many systems would do automatically, the phrase ‘Va11ium C1ALlS V-AGRA’ would corrupt our database of real messages and future adverts containing this term would stand a better chance of avoiding the filter. It pays to keep a close eye on mis-classified spam and take steps to remove spam from your database of real messages.

Xenophobic filters

Many desktop- and server-based spam filters will allow you to ban email coming from certain countries. If you stop mail coming in from China, Taiwan and Korea you will make an instant improvement to your inbox. You can also reject messages containing different character sets, but we have not seen much spam actually written in Chinese.

The reason country filtering works is that spammers concentrate heavily on abusing computers in certain non-English-speaking nations. One London company we have worked with was receiving a total of nearly 1,000 spam messages a day. Blocking the China/Taiwan/Korea networks reduced this to around 50 messages per day, which was far more manageable by a desktop scanner.

Domain email forwarding

Register a domain with email forwarding and you will be able to send emails to different accounts, depending on the username. More often than not, you will be allowed to choose between ten and 20 email addresses. For example:

sales@mydomain.com ->user123@free-isp.tld

info@mydomain.com -> someone@gmail.com

fred@mydomain.com -> fred999@hotmail.com

*@mydomain.com -> fred999@hotmail.com

In this example, email to sales@mydomain.com is forwarded to the email address user123@free-isp.tld, while info@mydomain.com goes to a Gmail account. Fred999@hotmail.com receives mail for fred@mydomain.com as well as everything else to that domain.

This looks useful, because you wouldn’t want to miss out on some business just because someone misspelled your address. However, like everyone else, spammers have access to the directories containing domain names, and it is easy to generate lists of potential email addresses. Popular choices include, but are not limited to, domain@ info@ sales@ technical@ and so on. Personal names are also easy to put through an automatic script for generating spam. If you can bring yourself to do it, avoid using the wildcard (*) entry for email forwarding. Little good will come of it.

Some ISPs allow you to set up automatic replies for certain email accounts. You could set one up for *@mydomain.com with an auto-reply message like this: ‘The user you sent your mail to does not exist, but please feel free to call us on 0870 123 4567.’

That will keep potential customers happy, and spammers will not even receive this message because they send messages from other people’s computers.

If you want to create your own anti-spam system, and you have a connection at least as fast as an ADSL line, you might actually want to collect spam and use it with a signature-based scanner. This would be particularly useful if you provide email accounts to more than one or two people. You could download samples from a database like www.spamarchive.org, but it would be better to gather your own by pointing the (*) address to an account that will only ever receive spam and nothing else.
Download the spam into a mailbox and you can experiment with generating signatures of known spam messages.

Spam vs the law

In 2003, the UK government decided to use the law to combat spammers, as ISPs were averse to doing anything more heroic than blacklisting certain email servers known to have been abused by spammers. But experts were cynical about how effective the Privacy and Electronic Communications Regulations were going to be, not least because they are aimed at home users and do not affect businesses. This means spammers can legally send spam to office workers.

If an email marketeer does want to send messages to individuals, under the current guidelines they have to receive permission to do so or satisfy three criteria based on the fact that the recipient has shown some prior interest in buying the advertised goods or services. The recipient should also be able to opt out of receiving this commercial email.

However, even the Information Commissioner’s Office admits that national anti-spam laws are relatively ineffective. ‘These Regulations apply only to those senders of such messages that are based in the UK. Given that the majority of the spam received in the UK originates in other parts of the world, it is clear that the problem of spam cannot be solved by regulation alone.’

The US government has taken a stronger lead, which is useful as much of the world’s spam comes from America, according to anti-virus specialist Sophos and the email security company MessageLabs. In April of this year, Scott Richter announced that lawsuits against his junk mail company OptInRealBig.com had forced his business into bankruptcy. He is currently still in litigation with Microsoft, which is suing him for sending billions of spam messages.

Soon after, a Virginia court sentenced a man found guilty of sending spam to nine years in jail. Jeremy Jaynes used false email addresses when sending bulk email, and hiding the origin of a message falls foul of Virginia law. This is the harshest sentence given out to a spammer, and Jaynes has appealed.