Battling Spam

 

Contents Grey Listing Content Filtering URL (Spamvertizers) Blacklist Viruses, worms, phishing, and more... Unsafe files Whitelisting Opting out Introduction It's a scourge. We all hate it, we all get it. The good news is we don't get as much as we might. ThinkShells incorporates multiple levels of protection against spam including domain blocking and keyword pattern matching. The keywords are common terms used by spammers in an attempt to defeat anti-spam software. For example the word "sales" may be seen as "s@les", "Porno" often shows up as "porn0" where a zero is used in place of the letter "o". No single term will cause a rejection, but if enough of them are found within a message a threshold will be reached and the message will be rejected. This applies to messages that originate here, as well. Domain blocking happens in a couple ways. We utilize public lists which are continually updated. Generally any major outbreak of spam results in the offending site being blacklisted very quickly. If the site was simply a victim of poor configuration that allowed an offender to relay spam via their system, they will be unlisted after testing. Other sites are well-known sources of spam and are blacklisted permanently. Blacklists are not always effective as new sources spring up continually. The result is that some spam will get through. It's an unending contest. The downside of any filtering is the possibility that desired mail may also be blocked. We move quickly to correct this - do not hesitate to contact our support mail box if you are having problems exchanging email on the Internet. Grey Listing Greylisting is a technology that takes advantage of the fact that many systems that send spam and viruses are PC's that have been exploited and turned into spam drones. The owners generally have no idea their PC is cranking out spam 24 hours/day. These systems have a common behaviour in that they try just once to deliver a message to a particular address and then give up. Grey listing rejects messages from servers if it's the first time that server has connected. Well behaved systems will try again in a few minutes and by then the message will likely be accepted. And the sending system is added to a local database of servers that have gained some trust and will not be greylisted again. It is astonishing how much spam is stopped in this way. Content Filtering The last element in fighting spam and viruses is to examine the message contents and make decisions about the message and its fate. People never see the messages. This is all handled by very clever software. Our policy is to never read messages even if asked to. Our software works at several levels - spammers have rather predictable behavior patterns that we look for. In addition, they must always leave some means for the reader to get back to them and that can be tracked, stored, and used for blocking spam. They also use obfuscation methods that are easily discovered, and message construction that is predictably flawed. We use it all. URL (Spamvertizers) Blacklist This tool examines incoming messages and looks for links to known web sites. These links are then compared to a world wide data base. If a match is found the message is rejected. Because we are concerned about false positives, a list of links to exclude from filtering is maintained. For more information, visit the official SURBL web site. It's targeted towards email gearheads, but has lots of information. Viruses, worms, phishing, and more... These have stormed the Internet and there's no end in sight. The means by which they are propogated is frequently as email attachments. We are running a very efficient and accurate anti-virus tool that scans and rejects messages that contain viruses. A recent complement to the virus testing is the addition of phishing patterns. Phishing is a message that appears to be from a legitimate business such as PayPal, Ebay, banks, etc., and which encourages the reader to update their account information or suffer loss of service or some other horror. No legitimate business will ever do this. And even if they did it is still an absurd request. Unsafe files Here is the list of unsafe files as maintained by Microsoft: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 We don't block files by name or extension and so only recommend you take great care if you receive any that have gotten by our anti-virus tool. While it would be far more efficient to block messages with this kind of attachment, it does produce more false positives. So we depend on our software to block these only if viruses are detected. Whitelisting For a variety of reasons it is desirable to whitelist a sender or their domain. Email lists are always whitelisted as they are generally already secure, and are targetted to users who preapprove of any content on the list. Provide us with the details if you are a member of a mail list or have a correspondent that has the unfortunate problem of being wrongly blacklisted. We will work very hard with you to clear the problem. Opting out These are rather aggressive steps to take and may not be suitable for all users. If you wish to opt out of the anti-spam and anti-virus service please contact us at the link below. ThinkShells support It is possible to opt out of certain features of our filtering, or all of them. Virus filtering without spam filtering, for example, is possible. We're happy to accomodate your individual requirements as we think the spam solution should not be worse than the spam problem.