Spamming is populating the user’s inbox with unsolicited or junk emails
Spam email contains malicious computer programs such as viruses and Trojans which change the computer settings or track the system
Spamming is also used for product advertisements
Techniques Used by Spammers :
Spoofing the domain: Message appears to be from user’s own domain
Poisoning or spoofing filters: Addition of invisible text or numbering in message
Social Engineering: Used to manipulate people to perform actions or divulge confidential information
Directory harvesting: By sending messages to possible addresses and then building a list of valid email addresses through non-delivery reports
Phishing attacks: Convinces the user that the mail is sent by a trusted source
Sending virus attached files: It installs Trojan horse and viruses that malfunctions host computer
Database Poisoning: Using innocuous words (ham words) in a SPAM, thereby effectively poisoning the database in the long run
Junk Tags: Hiding spam words by inserting invalid HTML tags in between words
Invalid Words: Spam word like mortgage etc. are masked by inserting special characters or junk characters in between
How Spamming is Performed :
Getting the email ID’s : Spammers get access to the email ID’s when the user registers to any email service, forums, or blogs by hacking the information or registering as genuine users. Spiders are used which searches the code in web pages that looks as email ID’s and copies it to the
database. E-mail extraction tools that have built in search engines to find email ID’s of companies based on the key words entered are used.On-line Ad Tracking tools help the spammers to analyze details of the number of users who opened the spam mails, the responses to it, and which ad brought the best results
How Spam is Relayed: Rogue ISPs obtain their own network numbering and multiple domain names from the interNIC using which
spammers manage to get across spam blocks. On-the-fly Spammers - Spammers register as genuine users for trial accounts with ISPs and use forged identities to start spam hits. Blind Relayers – Some servers relay a message without authentication which is send as genuine mail.
Getting passed the anti spam softwares: The subject line of the email is given as ‘Re: or Fw:’ assures the anti spam softwares that it is a genuine
reply to users message. The spam message is enclosed as an image in the mail to make the anti spam software trust the source.
Ways of Spamming : Usenet spam - It is a single message sent to 20 or more Usenet newsgroups. It robs users of the newsgroups by
overwhelming them with a barrage of advertising or other irrelevant posts. USEr NETwork) A public access network on the Internet that provides group discussions and group e-mail. It is a giant, dispersed bulletin board that is maintained by volunteers who provide news and mail feeds to other nodes. All the content that travels over the Internet is called "NetNews," and a running collection of messages about a particular subject is called a "newsgroup." Usenet began in 1979 as a bulletin board between two universities in North Carolina. Today, there are more than 50,000 newsgroups, and news can be read with a news-enabled Web browser, popular newsreader applications such as News Rover (www.newsrover.com) or via venerable Unix-based utilities such as pine, tin and nn. Some newsgroups are "moderated"; in these newsgroups, the articles are first sent to a moderator for approval before appearing in the newsgroup.
Email Spam : Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses.Types of Spam Attacks :
Hidden text & links : Making the text look same as the back ground color
Double tags : Giving duplicate title tags and Meta tags
Cloaking : This is done by showing different pages to search engine and users.Also known as stealth, a technique used by some Web sites to deliver one page to a search engine for indexing while serving an entirely different page to everyone else. The search engine thinks it is selecting a prime match to its request based on the meta tags that the site administrator has input. However, the search result is misleading because the meta tags do not correspond to what actually exists on the page.
Blog & Wiki spamming : Wiki’s are used to add or update the content of any page on the website.This spamming allows the spammers to automatically run crawlers which hunt out blogs and then post keyword text links.Adding links that point to the spammer's web site artificially increases the site's search engine ranking. An increased ranking often results in the spammer's commercial site being listed ahead of other sites for certain searches, increasing the number of potential visitors and paying customers.A method to block automated spam comments is requiring a validation prior to publishing the contents of the reply form. The goal is to verify that the form is being submitted by a real human being and not by a spam tool.Many forms on websites take advantage of the CAPTCHA technique, displaying a combination of numbers and letters embedded in an image which must be entered literally into the reply form to pass the test. In order to keep out spam tools with built-in text recognition the characters in the images are customarily misaligned, distorted, and noisy.A simple alternative to CAPTCHAs is the validation in the form of a password question, providing a hint to human visitors that the password is the answer to a simple question like "The Earth revolves around the... [Sun]".
Image Spam : In this type of spamming, emails containing only images without any text are sent by spammers to evade security systems/controls.
Hijacking/pagejacking : Redirecting a page which improves the page rank of the redirected page
For pagejacking First, a copy of your page is taken. A page is then created on the pagejackers site that is basically a carbon copy of your content - including meta-tags. The pagejacker then adds extra scripting to allow only search engine robots to be able to read the content of the page. A 302 .htaccess redirect or meta-refresh is then used to automatically redirect human viewers to a totally different page - they never see your content.
Bulk Emailing Tools
FairlogicWorldcast bulk emailing tool : a customized mailer and also an address validator.It detects many common bad addresses existing
on the mailing lists.It provides a detailed logs of the entire delivering process and reports if there is any kind of error
123 Hidden Sender : sends absolute anonymous bulk emails.The IP address is not shown in the email headers.
YL Mail Man : a flexible email addresses management and email delivering software
Sendblaster : Bulk email software for email marketing
Direct Sender : quickly and easily send unlimited numbers of personalized email messages using any kind of database.
Hotmailer is a bulk email sender, email address finder, and verifier.
PackPal Bulk Email Server : safe and fast bulk email sender .It can run as a background service
IEmailer : safe to use since it does not use or go through the local ISPs email server.
Anti-Spam Techniques
Heuristic/Signature-based Content Filtering : Messages received are checked to match certain patterns.Scores are assigned based on the patterns and if the score is higher, then the email is an undesired email.
Bayesian Content Filtering : It filters and sorts the emails into different folders based on the good and undesired mail feed to it
Bayesian spam filters calculate the probability of a message being spam based on its contents. Bayesian spam filtering learns from spam and from good mail, resulting in a very robust, adapting and efficient anti-spam approach that, best of all, returns hardly any false positives. Ideally, you start with a (big) bunch of emails that you have classified as spam, and another bunch of good mail. The filters look at both, and analyze the legitimate mail as well as the spam to calculate the probability of various characteristics appearing in spam, and in good mail.
The characteristics a Bayesian spam filter can look at can be : the words in the body of the message, of course, and its headers (senders and message paths, for example!), but also other aspects such as HTML code (like colors), or even word pairs, phrases and meta information (where a particular phrase appears, for example).
The characteristics a Bayesian spam filter can look at can be : the words in the body of the message, of course, and its headers (senders and message paths, for example!), but also other aspects such as HTML code (like colors), or even word pairs, phrases and meta information (where a particular phrase appears, for example).
Collaborative Content Filtering : Many users share their judgment about what is a desired mail and undesired mail. Every time the user receives a mail, a special application suggest whether it is SPAM or not
Black Listing (RBL) : It uses various spam detection tools, to report bad-behavior IP address as a list.The information is collected and stored in a database to filter the spam email based on this information
White Listing : It accepts all the emails from certain IP addresses. No other filters can stop an email once it is accepted.
Greylisting : It does not accept the messages from IP address which are not previously successfully connected to the mail server
Sender Policy Framework : To prevent the sender address forgery, SPF proposes valid email sender register i.e. the IPs of the machines
they send email from, using extended DNS records
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely protects the envelope sender address, which is used for the delivery of messages.Sender Addresses in E-Mails
Like paper mail letters, e-mail messages have at least two kinds of sender addresses: one on the envelope and one in the letterhead.
The envelope sender address (sometimes also called the return-path) is used during the transport of the message from mail server to mail server, e.g. to return the message to the sender in the case of a delivery failure. It is usually not displayed to the user by mail programs.
The header sender address of an e-mail message is contained in the "From" or "Sender" header and is what is displayed to the user by mail programs. Generally, mail servers do not care about the header sender address when delivering a message.
SPF allows the owner of an Internet domain to use special format of DNS records ("SPF", type 99) to specify which machines are authorized to transmit e-mail for that domain. For example, the owner of the example.com domain can designate which machines are authorized to send e-mail whose sender e-mail address ends with "@example.com". Receivers checking SPF can reject messages from unauthorized machines before receiving the body of the message.
Like paper mail letters, e-mail messages have at least two kinds of sender addresses: one on the envelope and one in the letterhead.
The envelope sender address (sometimes also called the return-path) is used during the transport of the message from mail server to mail server, e.g. to return the message to the sender in the case of a delivery failure. It is usually not displayed to the user by mail programs.
The header sender address of an e-mail message is contained in the "From" or "Sender" header and is what is displayed to the user by mail programs. Generally, mail servers do not care about the header sender address when delivering a message.
SPF allows the owner of an Internet domain to use special format of DNS records ("SPF", type 99) to specify which machines are authorized to transmit e-mail for that domain. For example, the owner of the example.com domain can designate which machines are authorized to send e-mail whose sender e-mail address ends with "@example.com". Receivers checking SPF can reject messages from unauthorized machines before receiving the body of the message.
DNS-based Block Lists : It is used to add the spam IP addresses to a local block list
MX Callbacks : It supports callbacks which verifies the sender of a message with their MX server
Teergrubing : It responds slowly to connected mail servers by using multi line SMTP responses.apply a delay to all servers before accepting the mail (e.g. applying a 60 second delay is unlikely to impact a legitimate server, but would cost a spammer several tens of message deliveries).
Reputation Control : It analyzes the email sent by the sender and assigns a score. If the email is found to be legitimate - score improves, if not - the score reduces
Transparent SMTP Proxy : This software blocks SMTP sessions used by e mail worms and viruses on the NA(P)T router. It acts like proxy,intercepting
outgoing SMTP connections and scanning session data on-the-fly. Anti-Spam-SMTP-Proxy (ASSP) : http://assp.sourceforge.net/
Anti-Spamming Tools
AEVITA Stop SPAM Email : hide email addresses from spambots.It will replace all the email addresses on the page with specificallyencoded email addresses
SpamExperts Desktop :
SpamEater Pro :
SpamWeasel :
Spytech SpamAgent : It filters based on the sender, recipient, subject, body, as well as attachment type, forwards, and more
AntispamSniper : integrates with Outlook Express to filter incomingmails
Spam Reader :anti-spam add-on for Microsoft Outlook,uses a Bayesian engine
AntispamSniper : integrates with Outlook Express to filter incomingmails
Spam Reader :anti-spam add-on for Microsoft Outlook,uses a Bayesian engine
Spam Assassin Proxy (SA) Proxy : Spam Assassin Proxy is based on open source software.It runs on the local proxy server which is situated between email program and POP3 mail account.Spam Assassin Proxy uses Bayesian filtering which is accurate and detects new spam.It does not delete spam but marks it
MailWasher Free :
MailWasher Free :
Spam Bully : anti-spam tool for MS Outlook
Hey Nice Blog!! Thanks For Sharing!!!Wonderful blog & good post.Its really helpful for me, waiting for a more new post. Keep Blogging!
ReplyDeleteNetwork security training in coimbatore
IT security training in coimbatore