Anti-Spam Tips

Our anti-spam tips have been compiled to help individuals and organizations who, despite their best efforts, still encounter spam emails in their inboxes every day. Many of our tips for reducing spam emails also serve the purpose of preventing malicious emails from being delivered – those containing malware or other email-borne threats.

Some of our anti-spam tips revolve around features that should be present in spam filters by default – but not all are. Others involve measures you can implement yourself. Consequently, it is your best interests to determine the mechanisms you already have in place to detect spam, and then adjust, add or replace as necessary.

1. Make Sure You Are Using a Realtime Block List (RBL)

Whether or not you have implemented a third-party spam filter to protect your network, you will likely be using a Realtime Block List or RBL. A Realtime Block List is a blacklist containing the IP addresses of servers known to be used for sending spam emails and is present of every type of email filter from Outlook and Yahoo upwards.

The Realtime Block List compares every inbound email against the blacklist of known spam servers and rejects those that appear on the list. Typically, the Realtime Block List will reject 70% to 90% of inbound emails. If you are receiving a high volume of spam email, the likelihood is that you Realtime Block List is not updating as it should and you should seek technical advice.

2. Engage SMTP Handshake Protocols

SMTP controls perform a variety of functions and first-line tests. The most important is the “SMTP handshake” in which your inbound mail server will look for a HELO command, a Fully Qualified Hostname or a Resolvable Hostname. By engaging SMPT handshake protocols, you email filter will reject any email originating from an address with no DNS A or MX record.

The process for engaging SMTP handshake protocols requires a small adjustment to your email server or spam filter, but it may be necessary for you to create a whitelist of approved senders for suppliers or customers with incorrectly configured email servers to allow their emails to be accepted. Unfortunately, this is one of our anti-spam tips not suitable for Managed Service Providers.

3. Activate Recipient Verification Inspection

Recipient Verification Inspection checks that each inbound email is addressed to a valid recipient. Spammers often use addresses such as “info@” or “admin@” to get their emails opened by an unsuspecting end-user – potentially loading malware onto your network or generating a response from the end-user that leads to a breach of confidential information.

Recipient Verification Inspection can be activated by uploading your valid email addresses to your mail server or spam filter. Like the two tips for reducing spam emails given above, Recipient Verification Inspection rejects spam email before it is downloaded, reducing the load on your email server and saving bandwidth.

4. Block (or at least Quarantine) Potentially Dangerous Attachment Types

Most computer users are aware of the risks of downloading .exe files, so spammers rarely send malware via an attachment with an .exe extension. Instead they hide the payload file within an image, spreadsheet, document or PDF file, or change the extension name to circumnavigate filtering mechanisms.

It is impractical to block every possible type of attachment that could be harboring malware but, with MIME filtering software, you can block the attachments most frequently associated with malicious code (.exe, .bat, .scr, etc.) and quarantine others that would normally be sent and received via secure file sharing facilities such as Dropbox and Google Drive.

5. Scan Inbound and Outbound Mail for Viruses

Undoubtedly every individual and organization will have some form of antivirus software already protecting their network. However proprietary antivirus software typically works retrospectively – identifying malware once it has been downloaded. Consequently it is recommended that you implement secondary antivirus software to scan inbound and outbound mail.

The importance of scanning outbound mail (for spam as well as for viruses) is that some system administrators set their spam filters parameters to “over-zealous”. If emails originating from your IP address are too frequently identified as being infected (or containing spam), you could find the IP address added to a Realtime Block List and all your outbound emails rejected by their recipients.

6. Scan Inbound Mail for Malicious URLs

As well as harboring viruses, inbound email can contain links to exploited websites and websites built to conduct phishing campaigns. Therefore, one of our anti-spam tips relating to mitigating risks from web-borne threats is that, whatever inbound mail antivirus software you deploy, make sure it has malicious URL blocking and phishing protection (tip: not all antivirus software performs these functions).

Malicious URL blocking and phishing protection uses “URIBL” and “SURBL” protocols to compare links contained within emails against a global blacklist of domain names frequently found in unsolicited bulk email and known phishing sites. These mechanisms reject any email containing a malicious URL or link to a phishing website to protect your organization from fraud and theft.

7. Ensure Your Spam Filter Uses Bayesian Analysis

Bayesian Analysis is a mechanism based on a spam pattern library that identifies trends in spam emails. A spam pattern library contains a large database of recent and historical spam provided by the spam-fighting community, and Bayesian Analysis uses this data – along with potentially dangerous attachment types and identified malicious URLs – to reject emails falling beneath an acceptance threshold.

Rather than being a static mechanism, Bayesian Analysis “learns” to recognize new spamming techniques and “forgets” old spam patterns than may now block legitimate emails. The analysis can be improved if you correct false positives (genuine emails rejected/blocked in error) as they occur, and instruct your end-users to tag any spam that gets through your filter.

8. Set an Appropriate Acceptance Threshold

It was mentioned above that some system administrators set their spam filters parameters to “over-zealous”. Although this may be a slight exaggeration, different organizations will have different spam acceptance thresholds depending on the nature of their business. Spam filters assign a score to each inbound email based on its content, and it is up to system administrators to determine an appropriate score.

Finding the optimum level of filtering to reduce spam and false positives to a minimum level can take a little trial and error. Most vendors of spam filtering solutions and service providers allow organizations a trial period to evaluate the solution/service. You should use this time to find an appropriate acceptance threshold and fine-tune as necessary as you become more familiar with the filter.

9. Block New Sources of Spam with Greylisting

We have saved one of the most important tips for reducing spam emails until the end – Greylisting. Most of the mechanisms listed in our anti-spam tips rely on identifying “known” sources of spam to reject inbound emails. However, spammers are constantly trying to circumnavigate filtering mechanisms by using new or “unknown” sources from which to send spam.

Greylisting works by requesting that the sender´s server resends the email. Typically, spammers´ servers are too busy sending out spam emails to respond to the request and, after a period of time without receiving the resent email, the Greylisting function rejects the email as spam. Greylisting can be the difference between your spam filter identifying 96% of spam or virtually 100% of spam.

Education is One of the Best Anti-Spam Tips

Although unrelated to the functions of a spam filter, educating your end-users is one of the best anti-spam tips there is. System administrators are often divided on whether they should act as a protector for their end-users or rely on their common sense. Unfortunately, the former is the safest option. It only takes one click on a malicious link or the disclosure of an end-user´s login credentials for your organization to potentially face financial ruin.

Implementing an email usage policy that includes best practices for identifying, tagging and reporting spam, malware, viruses and phishing attempts could substantially reduce the amount of spam your organization receives and its potential impact. It is also advisable to test your end-user´s compliance with the email usage policy by sending them “fake” spam emails to see how they are dealt with.

Spam Filtering Solutions from SpamTitan

SpamTitan has been developing spam filtering solutions since 1999. More than 5,000 organizations in over 120 countries use our solutions due to their ease-of-use and high level of spam email detection (99.97% according to leading independent online testing and certification authority – VB Bulletin).

Our two spam filtering solutions – SpamTitan Cloud and SpamTitan Gateway – both have the complete set of mechanisms highlighted in our anti-spam tips to reduce spam. Each of the mechanisms can be adjusted easily through our web-based portal to fine-tune the filters to your exact requirements.

SpamTitan Cloud and SpamTitan Gateway also help your organization mitigate risks from email-borne threats with dual antivirus software provided by Kaspersky Labs and ClamAV. The high level of antivirus protection includes malicious URL blocking and phishing protection.

Our spam filtering solutions are backed by industry-leading customer and technical support. In the unlikely event that you encounter a problem with either of our products, our teams are on standby to resolve any issues you may have.

Try SpamTitan´s Spam Filtering Solutions for Free

The best way for an organization to evaluate a spam filtering solution and apply our anti-spam tips is to test the abilities of the solution in their own environment. Consequently we are offering all organizations a free thirty day trial of SpamTitan Cloud or SpamTitan Gateway with no obligation to continue with the service once the trial period is over.

Our offer consists of a fully-enabled, enterprise grade spam filtering service for thirty days with full customer and technical support, plus help with applying our anti-spam tips wherever possible. To find out more about our offer, speak with our customer service team today. Our team will be happy to answer any questions you have, and guide you through the quick and easy process of installing and configuring the most appropriate SpamTitan spam filtering solution for your organization´s needs.

Logos