Marketing & SEO Discussion List - LED Digest

 
Home arrow Featured Posts arrow Tips for Filtering Dictionary Attacks (and more)
Tips for Filtering Dictionary Attacks (and more) Print E-mail
Written by Joe Halbrook
November 30, 2006

Staying Ahead of the Spammers

> I've gotten hundreds more spams per day in my spamfilter, many
> of whose subject lines start with a first name followed by "wrote:"
    - Shel Horowitz, LED Digest 2297

Shel,

I've also noticed a marked increase in these email attacks in the past weeks. I also see a lot of them coming from Sender addresses starting with "deborah" and with subject lines that start with "hi, it's." My solution so-far has been to simply add a subject line blacklist entry in my filtering solution for the strings: "more:" "hi, i'm" and "hi i'm" to trash all mail coming in with those strings in the subject line, as well as a Sender address blacklist entry for the string "deborah". That has stopped all of them, for me, as I always immediately delete all blacklisted email...

I was careful to make sure that my whitelist entries on Sender addresses were honored BEFORE the blacklist entries (since I was the developer, I knew that to be the case) so that I didn't lose any good emails. The "hi, i'm" and "hi i'm" subject line blacklist entries may rarely cost me a few good emails, but as long as folks use my web contact forms (which always go to a secure RSS feed, instead of an email mailbox, to prevent spam abuse) I don't have to worry about losing business contacts.

Note: If your current anti-spam strategy doesn't provide Subject Line blacklisting / filtering, you need to press that feature with the developers, or find a solution that does.

Blocking of outbound email is something that will have to be addressed by your hosting company. Many set thresholds on the number of outbound mailings you can send each hour or day. You may have to work with them, to explain the nature of your business and your mailings. If they refuse to work with you, perhaps a viable option is to move your outbound mailings elsewhere. ??

Your idea of setting up a specific address for your newsletters may be prompted by the use of a "catch-all" mailbox.  This is definitely a reason for the volume of unwanted email you receive. Spammers love to use dictionary attacks.  If you currently use a catch-all mailbox, I would suggest the following strategy:

1. Create an email alias or forwarder for each of your separate newsletter addresses and any other valid addresses you want to receive legitimate email at. (If any are tied to auto-subscribe features, research how to best handle them.) Forward or alias these addresses to the previous "catch-all" mailbox that you will alter in step 2. (You may want to solicit help from your hosting company on how to setup alias addresses or forwarders on your mail server.)

2. Remove the "catch-all" address feature; instead use the catch-all as a single POP mailbox. (Again, you may need to solicit help from your hosting company on how to do this.)

3. Setup a rule that any other addresses within your domain(s) that are sent email receive a 550 error reply from your mailer daemon. (This may actually happen by default; check with your hosting company.)

Note: It's tempting to define a nasty message to spammers in this rule-based bounce-back message, but fight the temptation. There may actually be valid business contacts who get that message, if they mistype your valid email address.  :-)

4. Email your closest contacts, and let them know you've made a change to your inbound email processing. You might ask them to call you if they experience any problems getting a response to emails they send you. Better safe to cover all the bases.

When these steps have been completed, you should stop seeing all the junk email that is sent in the daily dictionary spam attacks - those will get the bounce-back message and then get discarded. (Or, you may elect NOT to send the bounce-back, depending on how many of those, in turn, bounce back to you.)

You should only get emails that are sent to the defined email addresses (your main mailbox, and the aliased or forwarded email). Of course, there may still be spam sent to those addresses, as well. So, your existing spam filtering solution can be used to handle that.

I think if you follow these steps, you will find that you have an extra hour or two each day to spend with you family.  Spammers are a crafty crowd, and staying one-step ahead of them is an unfortunate and sometimes daily challenge. But, it can be done.

Best of success, Shel.

Joe Halbrook
http://www.cleanmymailbox.com

Go to issue... this post ran in LED Digest 2298: Is Confirmed Opt-in Realistic?


Comments (2)add comment

Francine M. said:

  This is great advice - but for non-technical users - what anti-spam service do you recommend? Basically what I desire is the ability to sign up for a service that can take care of these things for me. Yes, I'm willing to pay for it. Joe - yours looks interesting - and I'd love to hear about some others.

Francine Maxistie
November 29, 2006

Joe Halbrook said:

  Thank you, Francine.

Go ahead and sign-up at CleanMyMailbox and give it a whirl.

I offer a week-long free trial. It's actually pretty easy to setup. You'll receive a link to a How-To quick start web page when you sign-up to help you maximize your use. I know of no other service like it elsewhere, but I'm sure you may find one or two if you look long enough. This works great for me, so I've never looked for another.

Best,

Joe Halbrook
November 30, 2006 | url

Write comment

security image
Write the displayed characters


busy
 
[ Back ]