SPAM Is Out of Control
Lately, we have been experiencing a huge influx of SPAM emails, but this time, things are not what they seem.
Our email server uses a software application called MailScanner, which checks every email message and gives it a score. The score is based on a large table of options, but the end goal is that the final calculated score is then either allowed to make it to your inbox or sent to the bit bucket (deleted).
Let’s say for example that the email address is from info@myshop.store. We know from experience that most emails from .store are often SPAM, so MailScanner will score that higher than other emails.
MailScanner is a highly respected open-source email security system for Linux-based email gateways. It is used at over 40,000 sites worldwide, protecting top government departments, commercial corporations, and educational institutions. This technology has quickly become the standard email solution for virus protection and spam filtering at many ISP sites.
MailScanner scans email for viruses, spam, phishing, malware, and other attacks against security vulnerabilities and plays a major part in the security of a network. By being open source, the technology in MailScanner has been reviewed many times over by some of the best and brightest in the field of computer security from around the world. MailScanner supports a wide range of MTAs and virus scanners to include the popular open-source Clam AV.
Spam detection is accomplished via SpamAssassin, which is by far the most popular and standardized spam detection engine.
Normally SPAM is unwanted email, with something like your Netflix account has expired or selling generic Viagra, from a sketchy online pharmacy. But the current trend in SPAM is where someone sold your email address, which was bought by a company and they add you to their mailing list.
What we are seeing is clients getting added to something like Dick’s Sporting Goods, and now they receive their weekly specials and sales. Since this is a legitimate email from a legitimate company, MailScanner allows it to pass and it shows up in their inbox. The problem is that for some email users, we are seeing eight to ten of these “sign-ups” a day.
We will see the following pattern of emails, we will be using “Dick’s Sporting Goods” as my example again, and “Tom” is the person receiving the emails.
“Thank you Tom for signing up with Dick’s Sporting Goods“
“Tom, verify your email address with Dick’s Sporting Goods“
“Welcome to Dick’s Sporting Goods Tom!“
These three emails would all hit the email server in a five-minute time period. Of course, Tom didn’t sign up for Dick’s Sporting Goods, so he treats them as SPAM.
Not only does he forward the email to us, but he also reports it as SPAM. Reporting a message as SPAM is usually a good thing, but in this case, it is the polar opposite. Let me explain how that process works.
I’m going to use Gmail as my example because they have a report as SPAM button built into their interface. If you click the report as SPAM button, it alerts one of several SPAM clearing houses, who maintain a database of SPAM email messages. Let’s say that 10 people report the Dick’s Sporting Good emails as SPAM, just like Tom did. The clearing house annotates it in their database assuming it must be SPAM since so many people reported it. The next time a Dick’s Sporting Goods email is sent, the receiving server anti-spam software (like MailScanner/SpamAssassin) will check with the clearing house database and notice the flag that they are a SPAMmer. Depending on the settings on the mail server, MailScanner will do one of the following things:
- Allow the message
- Delay the message for up to 24 hours (this slows the SPAMMER down and they often remove email addresses that do not reply in a certain time.
- Route the message to Tom’s inbox on the server, but annotate that it is SPAM
- Toss the message into the bit bucket (delete it)
The correct thing to do in a situation like that is to unsubscribe from the mailing list. Every legitimate company will have an unsubscribe link on their newsletters and other bulk mailings.