SPAM Is Out of Control

SPAM out of control

SPAM Is Out of Control

Lately, we have been experiencing a huge influx of SPAM emails, but this time, things are not what they seem.

Our email server uses a software application called MailScanner, which checks every email message and gives it a score. The score is based on a large table of options, but the end goal is that the final calculated score is then either allowed to make it to your inbox or sent to the bit bucket (deleted).

Email message
MailControl report for an email

Let’s say for example that the email address is from info@myshop.store. We know from experience that most emails from .store are often SPAM, so MailScanner will score that higher than other emails.

MailScanner is a highly respected open-source email security system for Linux-based email gateways. It is used at over 40,000 sites worldwide, protecting top government departments, commercial corporations, and educational institutions. This technology has quickly become the standard email solution for virus protection and spam filtering at many ISP sites.

MailScanner scans email for viruses, spam, phishing, malware, and other attacks against security vulnerabilities and plays a major part in the security of a network. By being open source, the technology in MailScanner has been reviewed many times over by some of the best and brightest in the field of computer security from around the world. MailScanner supports a wide range of MTAs and virus scanners to include the popular open-source Clam AV

Spam detection is accomplished via SpamAssassin, which is by far the most popular and standardized spam detection engine.

Email Flow through SWS email server
Email flow through SWS email server
MailScanner has always worked well for us with little to no problems, and it is still working well, so why are we seeing such an increase in SPAM?

Normally SPAM is unwanted email, with something like your Netflix account has expired or selling generic Viagra, from a sketchy online pharmacy. But the current trend in SPAM is where someone sold your email address, which was bought by a company and they add you to their mailing list.
 
There is good money in farming email addresses. They find valid email addresses and sell them in bulk. They are often sold to companies, under the guise that they are valid addresses. Good companies purchase these, not thinking anything is wrong with them.

What we are seeing is clients getting added to something like Dick’s Sporting Goods, and now they receive their weekly specials and sales. Since this is a legitimate email from a legitimate company, MailScanner allows it to pass and it shows up in their inbox. The problem is that for some email users, we are seeing eight to ten of these “sign-ups” a day.

We will see the following pattern of emails, we will be using “Dick’s Sporting Goods” as my example again, and “Tom” is the person receiving the emails.

Thank you Tom for signing up with Dick’s Sporting Goods
Tom, verify your email address with Dick’s Sporting Goods
Welcome to Dick’s Sporting Goods Tom!

These three emails would all hit the email server in a five-minute time period. Of course, Tom didn’t sign up for Dick’s Sporting Goods, so he treats them as SPAM.

Not only does he forward the email to us, but he also reports it as SPAM. Reporting a message as SPAM is usually a good thing, but in this case, it is the polar opposite. Let me explain how that process works.

I’m going to use Gmail as my example because they have a report as SPAM button built into their interface. If you click the report as SPAM button, it alerts one of several SPAM clearing houses, who maintain a database of SPAM email messages. Let’s say that 10 people report the Dick’s Sporting Good emails as SPAM, just like Tom did. The clearing house annotates it in their database assuming it must be SPAM since so many people reported it. The next time a Dick’s Sporting Goods email is sent, the receiving server anti-spam software (like MailScanner/SpamAssassin) will check with the clearing house database and notice the flag that they are a SPAMmer. Depending on the settings on the mail server, MailScanner will do one of the following things:
  1. Allow the message
  2. Delay the message for up to 24 hours (this slows the SPAMMER down and they often remove email addresses that do not reply in a certain time.
  3. Route the message to Tom’s inbox on the server, but annotate that it is SPAM
  4. Toss the message into the bit bucket (delete it)
Tom and the others stating that Dick’s Sporting Goods is a SPAMmer (when they aren’t) hurt  Dick’s Sporting Goods marketing, specifically email marketing. I can tell you firsthand that it isn’t quick, simple, or easy to get a block like this removed.

The correct thing to do in a situation like that is to unsubscribe from the mailing list. Every legitimate company will have an unsubscribe link on their newsletters and other bulk mailings. 
 
Sadly, there is not an automated way of doing this as an app would not know if you signed up for the emails or not.
 
We currently have two clients whose email addresses must have been sold to the same list, as they are both getting identical SPAM, just seconds apart,
 
Next post we will talk about how you can help reduce the amount of SPAM that makes its way to your inbox.