Email

Another method which may be used by internet service providers, by specialized services or enterprises to combat spam is to require unknown senders to pass various tests before their messages are delivered. These strategies are termed challenge/response systems or C/R. Some view their use as being as bad as spam since they place the burden of spam fighting on legitimate email senders — who it should be noted will often indeed give up at the slightest hindrance.

A number of systems have been proposed to allow acceptance of email from servers which have authenticated in some fashion as senders of only legitimate email. Many of these systems use the DNS, as do DNSBLs; but rather than being used to list nonconformant sites, the DNS is used to list sites authorized to send email, and (sometimes) to determine the reputation of those sites. Other methods of identifying ham (non-spam email) and spam are still used.

Authentication systems cannot detect whether a message is spam. Rather, they allow a site to express trust that an authenticated site will not send spam. Thus, a recipient site may choose to skip expensive spam-filtering methods for messages from authenticated sites.

There are a number of appliances, services and software systems that e-mail administrators can use to reduce the load of spam on their systems and mailboxes. Some of these depend upon rejecting email from Internet sites known or likely to send spam. Others rely on automatically analyzing the content of email messages and weeding out those which resemble spam. These two approaches are sometimes termed blocking and filtering.

There is an increasing trend of integration of anti-spam techniques into MTAs whereby the mail systems themselves also perform various measures that are generally referred to as filtering, ultimately resulting in spams being rejected before delivery (or blocked).

Many filtering systems take advantage of machine learning techniques, which improve their accuracy over manual methods. However, some people find filtering intrusive to privacy, and many e-mail administrators prefer blocking to deny access to their systems from sites tolerant of spammers.

Many email users sometimes need to give an address to a site without complete assurance that the site will not send out spam. One way to mitigate the risk is to provide a disposable email address—a temporary address which forwards email to a real account, which the user can disable or abandon. A number of services provide disposable address forwarding. Addresses can be manually disabled, can expire after a given time interval, or can expire after a certain number of messages have been forwarded. Sites that fail to treat such addresses appropriately have found themselves in legal jeopardy.

Many modern mail programs incorporate Web browser functionality, such as the display of HTML, URLs, and images. This can easily expose the user to offensive images in spam. In addition, spam written in HTML can contain web bugs which allows spammers to see that the e-mail address is valid and that the message has not been caught in spam filters. JavaScript programs can be used to direct the user’s Web browser to an advertised page, or to make the spam message difficult to close or delete. Spam messages have contained attacks upon security vulnerabilities in the HTML renderer, using these holes to install spyware. (Some computer viruses are borne by the same mechanisms.)

Mail clients which do not automatically download and display HTML, images or attachments, have fewer risks, as do clients who have been configured to not display these by default.

Contact forms allow users to send email by filling out forms in a web browser. The web server takes the form data, forwarding it to an email address. The user never sees the email address. Contact forms have the drawback that they require a website that supports server side scripts. They are also inconvenient to the message sender as they are not able to use their preferred e-mail client. Finally if the software used to run the contact forms is badly designed they can become spam tools in their own right. Additionally many spammers have taken to using contact forms to send spam to the intended recipient.

Spammers often regard responses to their messages—even responses like “Don’t spam me”—as confirmation that an email address is valid. Likewise, many spam messages contain Web links or addresses which the user is directed to follow to be removed from the spammer’s mailing list. In several cases, spam-fighters have tested these links, confirming they do not lead to the recipient address’s removal—if anything, they lead to more spam.

Sender addresses are often forged in spam messages, including using the recipient’s own address as the forged sender address, so that responding to spam may result in failed deliveries or may reach innocent e-mail users whose addresses have been abused. In many countries providing a false identity in that way is a criminal offense. Criminal spammers sometimes send their messages from purposely compromised computers in order to hide their real identity. Benign spammers reveal their identity, allowing recipients to respond.

In Usenet, it is widely considered even more important to avoid responding to spam. Many ISPs have software that seek and destroy duplicate messages. Someone may see a spam and respond to it before it is cancelled by their server, which can have the effect of reposting the spam for them; since it is not a duplicate, the reposted copy will last longer.

See also the Boulder Pledge.

One should keep in mind that often those attempting contact will give up at the slightest hindrance, unbeknownst to the intended recipient.

In addition, one’s assumption that one never gets any legitimate mail from country X anyway, and thus blocks it, might actually trigger a vicious circle.

Posting anonymously, or with a fake name and address, is one way to avoid “address harvesting,” but users should ensure that the fake address is not valid. Users who want to receive legitimate email regarding their posts or Web sites can alter their addresses so humans can figure out but spammers cannot. For instance, joe@example.net might post as joeNOS@PAM.example.net.invalid. Address munging, however, can cause legitimate replies to be lost. If it’s not the user’s valid address, it has to be truly invalid, otherwise someone or some server will still get the spam for it. Other ways use transparent address munging to avoid this by allowing users to see the actual address but obfuscate it from automated email harvesters with methods such as displaying all or part of the e-mail address on a web page as an image, a text logo shrunken to normal size using in-line CSS, or as jumbled text with the order of characters restored using CSS.

The Network Profiling anti-spam technique is used to combat email-borne spam, viruses and phish, etc. sent from botnets and compromised sources. Network Profiling is unique in its ability to stopping email-borne threats without the use of DNSBL, E-mail filtering, and Rate Limiting. The Network Profiling technique accomplishes this by analyzing entire offending networks (including both compromised and legitimate IP addresses).

Using source verification and protocol fraud testing procedures, the Network Profiling technique maintains a catalogue of forensic information about entire networks from which spam emanates, including but not limited to, examining the source data from the email header; associating the IP address and the MTA with its subnet; correlating acceptable mail server addresses within given subnets; observing IP allocations and domain names, etc. Applying this information, the Network Profiling technique goes on to identify the function of every IP address in the network and synthesizes a method of discriminating between hosts that legitimately send email and hosts that should not be sending email. The database then creates efficient rules to block connections coming from illicit IP addresses and allow connections from legitimate IP addresses.

By profiling entire networks including hosts that have never spammed or become members of a botnet, the Network Profiling technique can preemptively identify computers that may be compromised in the future and instantly block their connection at the protocol level (outside the email gateway). The intent of analyzing both legitimate and illicit sources creates a pre-emptive environment whereby new threats are instantly detected and stopped in real-time as they are compromised.