Am I Spamming… Myself?
Though nothing new specifically, here at TechSmart we’ve notice a pretty drastic increase in spam messages that appear to come from ourselves!
First off, no. Your computer isn’t somehow sending spam messages to yourself (we assume, if you have current malware (virus/spyware) protection). The way these spam messages appear to be from you is a process called ‘spoofing‘.
Understanding this fully is difficult, but the short explanation is that when the current email standards we use were developed, the thought of someone using email for marketing or malicious intent was just not conceivable. Networks were generally very closed and frankly- operating was expensive. So, the protocol used for sending mail, called SMTP, has no method of authenticating a message (or in other words, proving that mail from you actually came from you). Everything in email (including attachments, by the way) is sent in basic text- there’s no built in security or method of ‘tagging’ messages to prove that they were absolutely sent by you. The sender’s name and email are just more text that is in the stream.
So, given the right methods of writing software, it is not only possible but somewhat easy to send message that appear to come from someone else. In fact, this is something that you can do even with most email programs- all you would have to do is give another person’s name and email address instead of your own when setting up the account.
Now, most everyone has (or at least should have) a method of spam filtering- a service or program that automatically scans each incoming message with something called a Learning Bayesian Filter. This learns what you consider UCE (Unsolicited Email or ’spam’) and legit messages, or ‘ham’ and applies a mathematical formula to predict when messages are intended for you or not.
Normally, this method works pretty well once you have the filter ‘trained’ as to what you consider spam or ham. However, there are a few basic issues that cause all of this learning to go right out the window. First, a good number of spam filters bypass messages that look to be from you because many users are in the habit of CC’ing themselves on messages. A default behavior is often to either bypass the filter completely or to assign a much lower ’spam score’ to messages appearing to come from you. Second, Bayesian analysis works on text, but doesn’t work so well with attached images. The majority of this new breed of spam contains words in the subject that are usually things you’d want to see, such as “Re: Your Order” and “Account Update”; things to that effect. The rest of the message is just an attachment.
In the age of people sending pictures back and forth, even to themselves in some cases, you can see how this becomes a nightmare for spam filters!
The final and possibly biggest problem facing email filtering is that, despite proposed methods of getting around the SMTP downfalls, such as SPF, PGP Signing and countless other proposals… have all been poorly implemented. So, sadly, there’s still no reliable way to be sure mail is actually from who it claims to be from!
All that being said- we have a few suggestions that may help:
1) Use a paid external email filtering service.
TechSmart uses Privacy Networks filtering for our needs, and we even host a dedicated set of servers that are available for a small monthly fee. We have found that for us and our customers, mail getting thru to the inbox has been cut substantially and at a much lower cost than the competition. Therefore we highly suggest the service if you are operating your own business or have your own domain name for email.
The gotcha with these paid external services is they only work if you have control over your email domain- for example, if you use Comcast, Qwest or even free webmail providers such as AOL, Hotmail, Gmail and the like- the service doesn’t work. However, if you are interested in getting off of those services and hosting your own email- we have dedicated servers that allow that as well- just give us a call to discuss your needs. In addition, we highly recommend servers that require specific authentication for you to send thru them. This is an unfortunate downfall with some services like Comcast and Qwest, etc. If you aren’t required to login to send a message, a program you don’t know about could be sending mail out completely unknown to you. Virus filtering is always important as well.
2) Learn to use your sent items folder
Most email clients will keep records of email you have sent, so CCing yourself on messages is not only redundant, it will confuse your spam filter! So, instead of sending messages to yourself, look in your sent items folder to verify your message was sent, or request a ‘read reciept’ from your recipients.
This will also help you not panic if you see a bunch of mail that appears to be from you.
3) Use White/Grey/Black lists appropriately
A method of making things easier for the spam filters is to allow you to create lists of email addresses that you will always want, sometimes want or never want- these are commonly called white, grey, and black lists (accordingly). These allow you to say “mail from this person is okay” but unfortunately, this allows for only one check of the message for content- the ‘from’ address. This is usually why spam addressed as from you or from people you know will get thru. Another very common whitelist to be aware of is ‘entire domain’ whitelists- in other words, X@y.com and Z@y.com all come thru automatically because they assume you know everyone in y.com’s domain.
A method I have been using lately to combat the ’spoofed’ mail problem is to use my ‘greylist’- this keeps everything in a kind of spam quarantine- I log into my filter server and examine the greybox, and select any messages from myself and train those messages as spam (see the next suggestion).
Another similar method if you never send messages to yourself, is to simply blacklist yourself; but please be aware that blacklisting causes a message to be immediately deleted. There are a host of ways this can cause issues, so I suggest doing a lot of testing of your email as soon as you blacklist yourself to be sure you’re getting the messages you need to be getting.
4) Train your email filters
This is a very often over-looked thing but any spam filter worth paying for also has a plugin for Outlook, or some easy method of training messages as spam. I mentioned before I was having trouble with spam coming in looking like it was from me. Here’s how I solved this issue. I made an entry in the ‘Grey List’ for my own email address, that way, any messages coming in claiming to be from my own account were automatically caught in the greybox. So today I logged in and selected all of these messages (there’s a handy ’select all’ button), made sure there were no legit messages in the list, and with the click of one button, trained them all as spam. Then I removed my email address from the greylist so they would go thru normal spam processing. Now messages appearing to be sent from me that match that profile will be tagged as spam (and I just checked- it’s working!) and never seen by me again.
5) Adjust your spam score settings
Once you have trained your filter as to what you consider spam, if you’re still getting mail coming thru, try adjusting your filter to be more aggressive in what it moves to your Greybox or quarantine. This will very from filter to filter, but typically higher numbers indicate more likelihood of being spam. So, if you want more messages to be in the quarantine instead of your inbox, increase the number (SLOWLY!) of your greybox and trashcan.
IMPORTANT NOTE: When you increase your spam score settings it becomes very important to monitor your greybox/quarantine for messages that are legit. If your filter offers it, I suggest using a ‘ham training’ button for good messages, that way the filter can learn good and bad. Most will offer an option to “forward and whitelist” which will send the message to your inbox and add a whitelist entry, always assuring that mail claiming to be from that sender should be sent thru. If you don’t watch this list when you increase your score- you could start loosing legit emails, which is also why I highly recommend setting no more than 1 point score difference each week.
6) Choose a longer email address.
I’m guilty of this, I like having a simple email address (dj@domain.com, for example) to give out to people, but often that is an easy guess for spammers and spoofers. Often it’s better to choose a longer username (djthepcmaster@domain.com, for example) so that it’s much harder for these programs to guess.
I would guess that spam is always going to be an issue and there is always some new trick up their sleeves. As always, if you weren’t expecting a mail, even if it looks completely legit, don’t click on links or open attachments unless you’re 100% sure the mail is safe.
If you have more questions, please don’t hesitate to contact us!
A host of information on this issue is available- One authority in this area is CERT. Keep in mind that the majority of spam actually comes from overseas sources or from people failing to have virus protection on their PCs.
