: Waging the War on Spam

Junk Mail. We all get it, we all hate it, we all wish it would just "go away," but 'spam,' as it is sometimes known, is an unfortunate reality of life in the Internet era. We've prepared this briefing for you, both to keep you up to date on this issue, and to let you know what we're doing about it, and also about some ways you can help us fight the "War on Spam."

The 500-pound Gorilla

Just how big IS the junk mail issue? Recent statistics indicate that as much as 90% of all mail traffic on the Internet can be classified as "spam." In real terms, that's over 30 BILLION e-mails every day.

According to IHsystems, a developer of junk-mail blocking software, spam volume was at an all-time high in June, 2007, up 51% in just six months. "Spammers," the people who propagate junk mail, are launching these massive attacks through the use of "botnets" — networks of compromised computers which have been infected by the spammers' viruses.

The hacker/spammer 'community' is rapidly evolving; in fact, these botnets have become a commoditized resource that is available for hire by unscrupulous businesses and individuals. Botnets send virus-infected messages that in turn enslave more computers which then begin generating and relaying even more spam. Thus, the sequence of infecting unprotected computers with malicious software, or "malware," and then "assimilating" them into an ever-larger army of spam-generating computers, accounts for the nearly exponential growth of spam and junk mail volume.

So we're all agreed — it's a big problem, and it affects everyone. But what can we do about it?

You think you get a lot of junk mail...?

If it's any consolation, this isn't just an annoyance to you, as an e-mail user. To the providers of e-mail and web services, it's a technical nightmare. Your ISP, or "Internet Service Provider," (think Comcast; AT&T; RoadRunner; EarthLink, etc.) must keep expanding technical capacity as junk mail volume expands, just to assure that the legitimate mail can get through, too. For all of us who provide Internet and e-mail services, combatting the flood of junk mail is neither easy, foolproof, nor cheap.

As your business e-mail provider, Acuity, like many major ISPs, has had to make significant investments in hardware and software specifically developed to fight the flood of junk mail. We employ a state-of-the-art service from Barracuda Networks, which utilizes a combination of hardware and software to instantly analyze incoming mail and determine what's junk and what's not, including e-mails that may have virus-infested attachments.

While there are several such "spam-fighting systems" on the market, none is perfect, in part because the perpetrators of spam are clever (if severely misguided) people who are constantly designing programs to thwart the attempts of these systems to block their malicious messages.

However, the software part of Acuity's Barracuda system includes a sophisticated spam-fighting program that actually "learns" what new strains of junk mail look like, in part by analyzing the global flow of junk mail on a daily basis. Acuity's e-mail "firewall" is one of over 40,000 such appliances that continuously communicate with Barracuda Central, a staffed, 24/7 technology center that collects worldwide information about new and evolving spam "attacks."

Any mail message passing through one of the appliances on the network which displays malicious characteristics, but has not yet been definitively identified as spam, is instantly sent to Barracuda Central for further analysis, where a skilled human staff can quickly dissect it, reverse-engineer any malware "code," and determine if it's something new and potentially malicious.

If it is, the staff publishes a profile, or 'signature' of the message, which is sent back to each of the 40,000 appliances on the network, including Acuity's, which adds the profile to its library of 'messages to block'. In effect, all 40,000 of these appliances — plus the human team at Barracuda Central — are continuously educating each other about the ever-evolving "face of spam." How good is it? On a typical day, Acuity's Barracuda system blocks approximately 92% of all incoming messages; all of the legitimate email you receive is contained within the remaining 8%.

How can you help?

Still, you say, you're seeing a lot of spam in your e-mail inbox; but in fact, you're only seeing the small percentage that manages to fly "under the radar" of some of the best technology the world can muster. Even the combined efforts of your ISP and Acuity's Barracuda service cannot protect you from all of the spam and junk mail out there.

The final lines of defense must reside in your computer, in your e-mail account — and yes — in your own internet usage habits. Here are some things you can do to help intercept those malicious messages that manage to sneak by the higher-level ISP filtering:

1. Use your e-mail program's junk mail "rules."

Even with help from your ISP's junk mail interception efforts, Acuity's Barracuda system AND your own antispam-antivirus software, some junk mail will still get through, in part due to the constantly-evolving nature of spam. Your final line of defense is a series of filters built into every e-mail program (Outlook, Eudora, MacMail, etc.) that will help you set specific "traps" for the mail that does make it past all of the preceding lines of defense.

Often, much of the remaining spam can be caught by setting up some simple "rules" in your e-mail program about how you want it to handle unsolicited e-mail. Then, when you receive a suspicious message, you can "feed it" to your junk mail rules system, which will learn to recognize that message as undesirable.

Our own Acuity Online Help website is an excellent resource in this regard, and will help users Outlook, Microsoft's popular e-mail program, with the set-up and management of junk mail filtering.

With your ISP and Acuity "guarding the gate," proper protection of your own computer and e-mail program, and a bit of caution and common sense while online, together we can team up and make some serious headway in the War On Spam!

2. Don't sign up for stuff online!

Don't make it easy on the spammers. Folks who like to sign up online to receive e-newsletters, coupons, "sale" notices, etc. are often handing their e-mail addresses (and possibly additional personal information!) to services that, while legitimate in and of themselves, often sell their 'customer lists' to other less honorable enterprises in order to make ends meet.

We had one client who was getting an enormous amount of spam, which our Barracuda filter could not block. When the client complained, and we investigated, we found that several people in the client's office had signed up with a well-known organization to receive a "deal of the week" e-mail promoting retail bargains. Unfortunately, this organization had sold its list — which included our client's e-mail addresses — to a variety of less savory merchants, all of whom used the original company's e-mail as their "from" address. Because of this, our Barracuda filter could not block the incoming messages — because one of its cardinal rules is, "if the message is from an address to which you've voluntarily sent mail before, we're going to assume you want to hear back from them!"

So beware — that innocent e-newsletter you want to receive may lead to darker things. Instead, consider bookmarking a web page where you might be able to find the same information without having to divulge your e-mail address.

3. Don't click that link.

Another technique to be aware of is called "phishing." It uses both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials.

The so-called "social-engineering schemes' use 'spoofed' e-mails, which appear to come from well-known, legitimate companies, to lead consumers unknowingly to counterfeit websites which trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.

By "hijacking" the brand names, logos, and even elements from the legitimate websites of banks, e-retailers and credit card companies, phishers often convince recipients the e-mails are legitimate, and thus they are more likely to respond. (The major online retailers are all aware of this, and for that reason will generally NOT try to communicate with you via unsolicited e-mail.) Learn more at Wikipedia.

One more variation worth noting: Beware of "reverse psychology tricks," where a spam email contains an 'unsubscribe' link that does nothing of the sort. Instead of taking your address off the sender's mailing list, it confirms to the spammer that they have found a viable, active e-mail account. In effect, this may result in even more spam being delivered to your e-mail address.

Bottom line: If you get an e-mail you didn't specifically request, even from what looks like someone you've done business with online, study the details of it carefully before clicking on anything or responding in any way — it may be a phishing scheme!

4. Watch out for bogus attachments!

Be aware of a new tactic, in which spammers embed malicious content in what appears to be legitimate file types, such as .zip files and Excel files. These "blended-attack" messages contain both URLs (web links) to hacked websites and bogus attachments that deliver the malicious software, or "malware," to the target computer.

If you click on the link or download the attachment, this action can invisibly install a malware program that gives hackers a foothold to download even more malware to your system. The good news here is that most of the leading anti-spam/anti-virus programs (see Item 1, above) will intercept the majority of these types of messages.

5. Install the latest antispam-antivirus software.

The combination of spam and "worm" programs results in users receiving a constant shower of junk e-mail, which reduces the usefulness of e-mail as a practical tool.

A worm program uses e-mail as a way of replicating itself into vulnerable computers. It then uses that computer's Internet connection to send copies of itself to other computers, and it may do so without any user intervention. Many worms have been designed only to spread; typically, the "inventor" just wants to see how far they will go, like a chain letter. Generally, they don't attempt to alter the systems they pass through. The biggest problem with worms is their impact on the Internet "network," because they consume valuable bandwidth, whereas viruses are designed to infect or corrupt files on a targeted computer. A widespread worm attack can often cause major service disruptions, rendering the Internet "slow as molasses" or even inoperable for a time.

However, not all worms are quite that benign. Sometimes "payload" is software is secretly sent along with the worm, and is designed to "open the door" to your computer for more malicious activities. A very common payload installs a 'back-door' in the infected computer to allow the creation of a "zombie" program, under control of the worm author - 'Sobig' and 'Mydoom' are examples which created zombies. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address. (To learn more, visit Wikipedia.)

Here, the best defense is a good offense: Install the latest anti-spam/anti-virus software,which will help identify and "quarantine" messages that do make it all the way to your e-mail program. In many respects, they work on the same principles as Acuity's Barracuda system, except they will focus on mail that has already reached your machine, rather than trying to intercept-before-delivery. Some of the best-selling and more reasonably-priced programs are offered by McAfee and Symantec, among others.

Questions? Comments? Call our e-mail support hotline, 615-591-7025, then touch "1".