How Spammers Fool Spam Blacklists A

How Spammers Fool Spam Blacklists - And How to Stop Them
by: Paul Judge, CTO, CipherTrust, Inc.
Effectively stopping spam over the long-term requires much more than blocking individual IP
addresses and creating rules based on keywords that spammers typically use. The increasing
sophistication of spam tools coupled with the increasing number of spammers in the wild has
created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys
just don’t work anymore. Examining spam and spam-blocking technology can illuminate how this
evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient,
effective communication tool it was intended to be. One method used to combat spam is
blacklisting. The goal of blacklisting is to force Internet Service Providers (ISPs) to crack-down
on customers who send spam. A blacklisted ISP is blocked from sending email to organizations. When
an ISP is blacklisted, they are provided with a list of actions they must take in order to be
removed from the blacklist. This controversial method blocks not just the spammers, but all of the
ISP’s customers. Blacklisting is generally considered an unfriendly approach to stopping spam
because the users most affected by the blacklist are email users who do not send spam. Many argue
blacklisting actually damages the utility of email more than it helps stop spam since the
potential for blocking legitimate email is so high. In addition to the ethical considerations,
there are other problems with blacklists. Many blacklists are not updated frequently enough to
maintain effectiveness. Some blacklist administrators are irresponsible in that they immediately
block suspect servers without thoroughly investigating complaints or giving the ISP time to
respond. Another downside is that blacklists are not accurate enough to catch all spam. Only about
half of servers used by spammers, regardless of how diligent the blacklist administrator may be,
are ever cataloged in a given blacklist. Blacklists are used because they can be partially
effective against spammers who repeatedly use the same ISP or email account to send spam. However,
because spammers often change ISPs, re-route email and hijack legitimate servers, the spammer is a
moving target. Blacklist administrators are forced to constantly revise lists, and the lag-time
between when a spammer begins using a given server and when the blacklist administrator is able to
identify the new spam source and add it to the blacklist allows spammers to send hundreds of
millions of emails. Spammers consider this constant state of flux a part of doing business and are
constantly looking for new servers to send spam messages. When used individually, each anti-spam
technique has been systematically overcome by spammers. Blacklists have some utility in stopping
known spammers, but they may also block valid emails. Because of their limitations, blacklist data
should only be used in conjunction with other sources to determine if a given message is spam.
Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or
forcing servers to solve mathematical problems before delivering e-mail, have been proposed with
few results. These schemes are not realistic and would require a large percentage of the
population to adopt the same anti-spam method in order to be effective. The Solution Reputation
systems offer a comprehensive anti spam solution by dynamically updating black and whitelists
based on sender behavior. These systems also automatically update and score messages thereby
removing the burden from administrators. Today’s spammers are more clever than ever, so today’s
reputation systems must be equally sophisticated. An effective reputation system must be dynamic,
comprehensive, precise, and based on actual enterprise mail traffic in order to keep the spammers
from gaining any advantage. You can learn more about the fight against spam by visiting our
website at www.ciphertrust.com and downloading our whitepapers.

---------------------------------------------------------------------------------------------------
About the author:

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust,
the industry's largest provider of enterprise email security. The company’s flagship product,
IronMail provides a best of breed enterprise anti spam solution
[http://www.ciphertrust.com/products/spam_and_fraud_protection/index.php] designed to stop spam,
phishing attacks and other email-based threats. Learn more by visiting
www.ciphertrust.com/products/spam_and_fraud_protection
[http://www.ciphertrust.com/products/spam_and_fraud_protection/index.php] today.

Circulated by Article Emporium


©2005 - All Rights Reserved