Unsolicited Commercial Email: What can be done to stop it?

July 28th, 2010 by Larisa R.

Spam or unsolicited commercial email (UCE) involves sending unwanted email in bulk quantities to unwilling recipients. Often, the spam email contains commercial advertisements and/or computer viruses. While UCE has always been a problem since the advent of the Internet, the problem has become increasingly worse in recent years. In fact, estimates now state that over eighty percent of all email is unsolicited – and it affects everyone who accesses email on a regular basis.

INetU understands the severity of this problem – and works diligently to combat the problem of unsolicited commercial email. In fact, since the very beginning, we have been working hard to overcome this problem. For instance, our first line of attack against UCE was to authenticate – or ensure that only the company’s users were be able to send mail.

Later, when our users started to complain about the ever increasing amounts of junk email in their inboxes, we knew that we had to do something else to combat this annoying problem. Thus, we initially researched different spam and virus blocking technologies– and then implemented the email filtering tool – SpamAssassin. SpamAssassin, itself, is an intelligent system that uses patterns normally found in unsolicited commercial emails and “scores” the possibility of a message being considered UCE. If a message’s “score” exceeds a defined threshold, then the messages would be rejected. As these patterns are constantly evolving, the SpamAssassin filter also is updated to detect these new changes.

Another way INetU combats UCE is via an RBL or Real-time Blackhole List. An RBL, itself, is essentially a list of servers or hosts that have been known to send UCE in the past. Thus, as you may guess, if a certain host gets listed on an RBL, that particular host will have an extremely hard time sending any email out whatsoever.

Still another way to combat spam is via the SPF Record or Sender Policy Framework Record. The SPF Record was created to combat the increasing number of spoof emails sent to patrons. For instance, when a person or organization sends an unsolicited email, they will choose to remain anonymous and, in turn, create a fake “From” header address. For instance, the email may even appear to be from someone the patron knows. Thus, this method prevents spammers from forging “From” headers in emails by specifying exactly which hosts, IPs and so on are authorized to send email on behalf of a certain domain. The recipient’s mail server is able to check against that domain’s SPF record via DNS to see if the host relaying the mail is authorized to send mail for domain in the “From” header. If authorization fails, then the email will be handled according to the policy of the recipient’s mail server, such as by rejecting the message or delivering it to an alternate inbox. That said, while this tool is a good idea, for this method to be really effective, the recipient email service must support this function. In addition, a common source of spam is from mail server vulnerabilities that SPF records could potentially validate as legitimate mail, which is why other filter techniques are still necessary.

Another method aimed to prevent unsolicited email is through DKIM or DomainKeys Identified Mail. This method is quite similar to the SPF method; however, with the DKIM method, the sender digitally signs the messages before the emails leave. Since the DKIM signing is associated with a particular domain name, this item can be verified by utilizing a public record that is stored in the DNS.

Greylisting is another method that we utilize to combat unsolicited emails. Greylisting, itself, “tricks” senders of unsolicited email. As you may realize, spammers try to get as much unsolicited commercial mail out as possible – and as quickly as possible. Greylisting temporarily defers the sending of an email message that comes in from a new host. As such, a normal functioning MTA or Mail Transfer Agent will note that the message was delayed and will try to send the message again at a later time. Our server will recognize that the email is trying to go through a second time, and let the email go though successfully. On the other hand, many mass email tools would recognize that the email was deferred and would not bother to try to send the email again. Thus, the spam will not reach the recipients by using this greylisting method.

An additional nuisance accompanying UCE comes from the improper handling of spam mail, known as backscatter. In the past, it was reasonable to notify the sender that their mail was not accepted, explaining that the user they intended to reach does not exist. In the case of spammers, they attempt to dissuade the recipient with a falsified email address. When sending out bulk UCE, spammer tools often send to a large number of random email addresses of a known domain. However, most of these randomly generated email addresses do not exist. In this case, a traditional MTA configuration will notify the sender with a bounce. The bounce informs the sender that the user is nonexistent. The nonexistent user, who the spammer masqueraded as, could be inundated with bounces from emails they never sent. These unwarranted emails are known as backscatter, which can be just as annoying as spam. To avoid this problem, it is best for mail servers to simply discard unwanted or misdirected mail.

All in all then, while senders of unsolicited email constantly try to outsmart anti-spam initiatives, INetU works twice as hard to prevent spam from interfering with everyone’s day-to-day lives.