AXXA ArticlesAXXA Articles Directory

Spam is perhaps one of the most rapidly changing forms of communication we see today. The spammers’ methods of evading detection evolve constantly, differing significantly now from what was employed even in the recent past. Content-based filtering – still a necessary part of any broad and proactive anti-spam solution – is by no means immune from their efforts. Whether based on signatures, URL blocking or heuristic rules, these filters are still sometimes thwarted by sophisticated HTML- and CSS-based obfuscation methods, or by placing the entire content of the message in randomized attached images. Spammers also tirelessly seek loopholes in domain name registration systems that allow them to avoid pre-emptive detection, and in the security measures of free web-hosting providers so they can mass-register thousands of new home pages every day.

For personal use email, create an address that is not easily guessed by random email generators. Use a non-alpha character such as a period or an underscore. Don not post your email address on publicly accessible web pages where they then can be picked up by email scraping software.

Next, get an email service that will support catch-all. I recommend Google Apps. It’s free, and if you’re tech savvy, it’s easy. If you’re not tech savvy, there are tutorials online to get you started — or you can buy one from an email provider such as Network Solutions.

In a business environment, email services are often hosted in house or outsourced. An organization or business may also want to standardize their email address format in a way that makes it harder for spammers to guess or discover legitimate email addresses.

One method that saw a huge resurgence in the last year is the use of ‘freeweb’ hosting providers to host pages that redirect (often via ‘encrypted’ Javascript) to the spammers’ main sites. Again, this is not a new trick, but now it is common to see one spam campaign use thousands of randomized ‘freeweb’ URLs, rendering URL blocklists far less useful. Naturally, these providers have taken precautionsagainst such abuse of their systems, for the most part by requiring the passing of a CAPTCHA test while signing up for an account, which involves presenting an image containing heavily obfuscated letters and numbers and asking the user to enter the characters into a form. A recent study, though, shows that when targeted specifically by an attacker most CAPTCHA systems can be solved more often and more accurately by a computer than by a human! Due to the sheer volume of unique freeweb URLs seen in modern spam it seems likely that spammers have cracked the CAPTCHAs used by large freeweb providers such as Yahoo! Geocities, and have automated systems to register such sites in mass quantities. Of course, they and other freeweb providers are constantly striving to eliminate this kind of abuse of their services, and with the significant amount of research currently being conducted into improving CAPTCHA technologies it is hoped this particular ‘marketing tool’ will one day be denied to spammers permanently. While some spammers turned to freeweb providers to circumvent URL blocklists, the majority continued to register their own domains, knowing that during the delay between spam containing a given domain name first appearing on spam traps and that domain being added to blocklists they could (with their botnets) dispatch hundreds of thousands, if not millions, of emails. But anti-spammers responded with ingenuity once again, this time by monitoring WHOIS and related information for new domain registrations and comparing the name servers and other information against their databases of known spammers. In this way it became possible in many cases to add domains to blocklists before any spam had even been sent. Naturally, it wasn’t long before some spammers found ways around this as well, and when registering their domains some will specify well-known (and trusted) freeweb name servers in the registration form, only to switch to using their own name servers just minutes before beginning their spam run. Another similar technique is to use a new name server for each domain registered, preventing analysis of WHOIS information linking the domain with known-bad spammy name servers until it’s too late. Yet another common trick is to unleash their spam run moments after registering a new domain, thereby reducing the risk of the domain being blocked proactively. The spammy domain ‘fyefga.org’, for example, was created at 01:28 UTC on February 16 2006. The first email making use of this domain appeared on SophosLabs’ spam traps a mere two minutes later. As far as content filtering goes, the most notable development in recent months has been the huge increase in the volume of image spam – rasterized text in an image, usually in GIF format, attached to the spam email – which has increased on SophosLabs’ spam traps more than twofold over the first half of the year. This approach is by no means new, but in the last year or so became for the first time economically viable for spammers. The surge in availability and popularity of consumer-level broadband connections means that using botnets to send larger amounts of data has become feasible, and even for those spammers who actually pay for their own bandwidth, the associated costs havereduced so dramatically that sending out millions upon millions of images is no longer prohibitively expensive. Image spam can be used in most, if not all, of the areas traditionally occupying spammers’ efforts, but seems particularly well-suited to campaigns requiring no call to action. Image spam is commonly employed in so-called ‘pump ‘n’ dump’ schemes, in which the stock of a company is hyped in fake investment newsletters in an attempt to fool the unwary into buying shares, thus pumping up the price. The spammers or their employers then sell (’dump’) at the higher value all the shares they hold, theoretically making a profit. The prevalence of this type of spam has exploded in the last nine months, on some days comprising up to 40% of the spam seen on SophosLabs’ spam traps. Image spam is also often used where the call to action is a phone number for the victim to call, such as in spam touting online degrees, and in a large proportion of non-English spam.

I use this trick now, and it’s saved me from spam countless times. Now only will you be protected from companies that sell your email, but you’ll be protected from companies that get hacked and lose your email address. You’ll also know the company that sold your email, and you can factor that into your mind when considering to do business with that company again.

Todo sobre Juegos Mario para gente que le gusta jugar Encontrar un Trabajo Empleo es fcil si sabe dnde buscar

HTML Version:

Text Version:

Article Url: