How To Be 99% Spam Free
Table of Contents
The illustration on the cover is a modern take on the story of Sisyphus in ancient Greek mythology.
Sisyphus was a king who offended the gods in such a manner that he was condemned for all eternity to push a boulder up a hill, only to see it roll down again. He was thus compelled to repeat this task endlessly.
Most of us go to work every day, open our email program and push the collective boulder back up the hill and out of the way, like Sisyphus, so we can get to the real task at hand: reading and responding to legitimate messages. The next morning the boulder rolls back into our IN box, whereupon we are compelled to repeat this "push" in seemingly endless fashion.
For many of us it's not just a morning chore. Managing spam can be a day-long task. And for some of us this "boulder" just keeps getting bigger.
From the vantage point of managing the support department at LinkSky Value Host Inc. over the past 14 years, I have come to recognize both trends and repeat patterns with regard to spam.
TRENDS - Aside from the exponential increase in the volume of spam, I see a pronounced shift toward what has become known as "phishing" email - the fraudulent message that entices you to go after the "bait" and become hooked into whatever fraud or scheme is being presented.
REPEAT PATTERNS (of vulnerability) - Many email users repeatedly and needlessly fall victim to phishing scams, viruses and other unwanted email. Using the methods describde here can change all that.
If you've been dealing with daily bombardments of junk email, the title of this e-book may appear to be some far off fantasy that comes from the same place unicorns frolic under perpetual rainbow skies. While some of these techniques take a bit of time to take effect, we'll also discuss some important tips which can quickly eliminate most of the spam you receive today, almost as quickly as Ripley could say, "Believe it or not!"
This e-book does not dwell on technical aspects of anti-spam rules, email routing or current global statistics; however, we do want to offer some background information to help provide a better grasp of why the methods offered here are effective. As anti-spam cowboy guru Stratus Roland once said, "Knowing stuff is good."
I don't guarantee that your office will be transformed to a field of daisies under a bright blue double rainbow sky, but I am confident that if you take advantage of what we have to offer, your email life will see the dawning of a much brighter and more productive day.
You're not alone.
In a paper titled, The Economics of Spam, researchers Justin M. Rao and David H. Reiley (at Microsoft and Google respectively) estimate that the accumulated cost of spam, including the time it takes to develop filtering and countermeasures, adds up to $20 billion per year. Other studies estimate this number to be as high as $50 billion.
What percent of all email is spam? Some studies indicate a slight down-tick as of the latter half of 2013, although most current research still puts this figure right around 70%, which is in-line with daily stats we see at Linksky for incoming email. NOTE: A major portion of this is eliminated by our custom MailScanner systems and never makes it to anyone's IN box.
While sales of phony insurance policies and male sex enhancement drugs may be on the decline, the insidious nature of the recent waves of phishing email appears to have hit an all time high.
Of Sisyphus & Bigger Boulders
I want stronger spam filtering!
Hang on there cowboy! Before any more filtering is added, two important questions should be asked:
1) Where are they getting my email address?
2) Why am I being spammed this heavily?
If you go right to filtering without first addressing these two questions, then your email is destined to become like Mickey’s magic brooms in Fantasia: useful at first, but totally out of control as time goes by.
The first thing to understand is that spammers are HIGHLY motivated to collect as many “live” (valid) email addresses as they possibly can. Valid addresses are money to the spammers and spam-houses. Yes, your email addresses are not only worth money to them, email addresses ARE the currency of their exchange
Email addresses are collected on lists and sold to other spammers all over the world. They are exchanged and traded on spam networks every hour of every day.
UCE (unsolicited commercial email) effectivelly deals in "postage due" advertising. The spammer spends $0 to send spam, because they never use their own service. The cost burden is placed entirely on the recipient and their email service provider.
This burden is magnified when email servers and PCs are hacked to broadcast the spam (currently the most common method). Every penny made to spamvertise a product is 100% pure profit.
In addition, the really sad part about this is that each and every day, regular play-by-the-rules people are duped into paying hackers to break into email servers and PCs to broadcast spam. They become "partners in crime" when they are fooled by pitches like, “Purchase our targeted double opt-in marketing e-lists for your advertisement needs. Our lists are from people who WANT to hear about YOUR product/service!” Or “Buy our auto-responder scripts for your site, then use our lists to send responses to your potential customers using our special software,” which of course makes zero sense on any level.
FACT: There is no such thing a “double-opt-in” list. Messages sent using this kind of list are considered UCE (Unsolicited Commercial Email) and will nearly always incur a blacklisting of your email service - even if you include the opt-out link in the footer of the message.
Any LEGITIMATE email marketing campaign uses only addresses of people who have previously done business directly with you, or they have specifically requested mail directly from you, such as subscribing to your newsletter or signing up to receive special offers or discounts; however, even this is dicy. Many people reflexively complain about commercial email without first checking to see if they agreed to receive the message at some point in the past.
Below are two links with good advice about legitimate email marketing:
15 Email Marketing Tips For Small Businesses
There are several marketing methods that can be used with good success, and without the risk of potential blacklisting.
So, where are they getting my email addresses?
Spammers have very limited methods for obtaining your email address without you providing it to them willingly. Most are common knowledge. Some are very commonly overlooked. I recommend that you consider all of the following questions before implementing additional email filtering.
1) Do you display your email address on your web pages, or use it for contact forms on your site?
TIP: Websites are THE #1 source for “live” email address harvesting.
Similar to the Googlebot and other legitimate web crawlers, spammers use crawlers to search for email addresses. Spam bots do not “see” web pages the same as humans do. These bots search through the scripting behind your web pages. When your email address is there “in the clear” (e.g. used in html for mailto/contact links, etc.), your address is easily harvested by spam bots.
Below is a very simple method to keep your email address from being harvested right off your web page.
One of the best techniques for this is known as email address encoding or munging and it's very easy to do. Encode your email address and replace the address on your page with the coded version wherever your address is used in your scripting. Your email address will still appear normal to a human visitor, but the spam-bot won't be able to "see" your email address once it is munged or encoded.
We have a handy email address encoder here:
A more advanced email address munger is here:
For a description of the mechanism behind this email harvesting technique, visit: projecthoneypot.org.
2) Are you using a catchall/default email address in your cPanel settings?
Your Linksky hosted cPanel makes setting up catchalls very tempting, but we don't recommend it. See the Default Address link in the Mail section of your cPanel. If you have all “unrouted” email forwarding to one of your email addresses, then you have a catchall established for your account.
Using catchalls may increase the spam you receive exponentially resulting in hundreds of email addresses based on your domain to be circulated to spammers world wide. Catchalls can be useful for troubleshooting purposes, so if you need one, be sure to delete it when you're done testing.
For your Default address setting, instead of the catchall, we recommend this option: Return to sender. No such user. Using Forwarders and additional mailboxes rather than catchalls will help lower the amount of spam coming to your mailbox.
Here's why it is so important NOT to use a catchall:
Spammers send out "best guess" probe emails specifically for finding live addresses. They start with a string of common usernames such as contact, info, as contact, info, admin, etc.
But they will also send to crazy usernames like "heur7c8s6r" or "s2nd889."
If you are using a catchall, all of these messages will be delivered; the username does not matter. And the spammer will know they've struct gold with a big batch of valid addresses. All of the best-guess (and "crazy") addresses are considered valid and added to their list. In-turn, those lists are bought and sold among spammers world wide.
Eliminate the catchall and messages to any address that is not set up as a Mailbox or Forwarder will be returned to the sender as "no such user."
3) Do you click the opt-out link in email messages for e-news or announcements that you never subscribed to in the first place?
When you do, you're confirming to the spammer that he has hit a live email address. In general, you should NOT click the unsubscribe link in email from an unrecogized source.
Bottom line - Unless you are willing to take the time to determine if the sender is legitimate and the identity in the email message is not faked, then our best advice is to just delete the message.
Okay, so why am I being spammed this heavily?
Aside from what I've previously outlined, there are a few other possible causes you may want to consider.
1) Have you whitelisted your own email address?
Whiltelisting means that it is exempt from spam scanning rules. (Not recommended.)
TIP: Check your cPanel ---> MailScanner utility, Backlist/Whitelist link. Make sure none of your email addresses are listed in the whitelist column.
Why is this bad? An age-old spammer's trick is to configure email broadcast software so that the same email address is used for both the TO and the FROM (or Reply-To) field. Keep in mind that anyone can insert any email address in the FROM field of any email they send. This technique is used by spammers because they hope the owner of the target address has whitelisted THEIR OWN address. If so, the message will get though to the owner’s IN box with no filtering whatsoever. This will look like you've sent the message to yourself.
2) Have you whitelisted other addresses, using a wildcard character before the @ sign (*@comcast.com)?
Whitelisting a domain name can open a serious hole in your Linksky anti-spam system. Check your cPanel ---> MailScanner utility, Backlist/Whitelist link.
When a wild card character (*) is placed in front of the @ sign for any whitelisted domain, it means that you will receive every message from EVERYONE using that particular domain. You've turned off all spam filtering.
Add to this the fact that spammers will never use their own email address, but instead use a fake (spoofed) address in the FROM field. Your wildcarded whitelisted domain may allow virutually unlimited unfiltered spam into your mailbox. And yes, spammers just love to spoof addresses based on major service providers and social media sites.
For example, if you have set up a wildcard on your whitelist based on *@FACEBOOK.COM, or *@LINKEDIN.COM, then you will receive every message that says it's from Facebook or LinkedIn, whether it is legitimate or not.
There are, of course, many other ways your email address can get loose and into the hands of spammers:
• Responding to phishing email.
• Using an obsolete version of email software (e.g. Outlook) that becomes compromised. (Please keep your software up to date!)
• Installing a script package in your hosting account that becomes exploited. (Please keep your scripts, plug-ins and extensions up to date).
• Registering at a web site to download freebies and then, that organization sells or distributes your email address to 3rd parties, etc. etc. etc.
Again, if you have an issue with receving too much spam, the items discussed thus far should be researched before demanding better filtering. Otherwise you may be swimming against the tide for years to come.
Effective Spam Filtering
Ode to the Dash S Dash
The LinkSky Mailscanner utility is configured to insert "-s- LIKELY SPAM" in the subject line of any email message that is LIKELY to be SPAM. This determination is based on hundreds of dynamic anti-spam rules operating on the Linksky server to protect your IN box from spam.
You can use this "spam tag" to establish a custom email filter in Outlook, Apple Mail, webmail (or any email client) to keep these unwanted messages out of your IN box.
These filters work by setting up a set of conditions, and then telling your software to take action based on those conditions. Establishing a local filter is very easy to do. The steps differ only slightly from application to application.
Open the Filters (or Rules) window in your email application, then create a new filter rule like this:
Condition: Any message with "-s- LIKELY SPAM" in the subject line. Action: Deliver to my spam or junk mail folder.
Using a filter like this is a very powerful tool that very effectively sorts your messages for you. Be sure to check your spam or junk mail folder periodically to check for legitimate messages. If you find one (which will be rare), just move it to your IN box then select everything else in that folder and click Delete. Voila! You're done dealing with spam for today!
If you prefer, you can configure your filter to automatically delete the spam tagged email, but we don't recommend this. No anti-spam system is 100% accurate. The best routine is to use a filter to separate the spam for you and peridocially inspect your junk folder before deleting.
Too much spam getting through untagged?
You have control! Adjust the scoring threshold in your cPanel: Mail ---> MailScanner ---> Other Settings.
The default settings are:
High scoring spam: 20
Messages that score above this number are deleted at the server and you never see them. Deleting these messages is highly recommended. If you forward them, you could be compounding the problem.
Low-scoring spam: 5
Messages that score between 5 and 20 are tagged with -s- LIKELY SPAM.
Messages that score below 5 are delivered without the tag.
Set high scoring spam to 18 and more messages will be deleted at the server. Set low scoring spam to 4 and more messages will be tagged before delivery. If too many legitmate messages are being tagged, then raise the low scoring spam to 6. Whenever you change these settings, give it a day or two to notice the results.
Many Linksky members agree that using the MailScanner tagging system is the single most effective method for keeping your IN box 99% spam free.
Spam Today, Gone Tomorrow
The LinkSky MailScanner system uses an advanced set of analytic rules and blacklist lookups to determine what is and isn't spam. Included in those rules is a very interesting method used for some of the scoring which is based on heuristic analytic algorithms, or to use a more common phrase, artificial intelligence.
The built-in Bayesian system will actually "learn" over time the nature of the email passing though the server. Not to worry: this system does not read every email received by LinkSky users, but it will observe the overall pattern of the email messages (e.g. raw character counts, format, source IPs, etc.). It will also take into consideration the rejection rate, or potential spam scores from other parts of the LinkSky anti-spam system.
What does this mean for you? Here's an example: For days you receive that same untagged spam message offering to refinance your home or lend you money for college, then you stop getting it or it starts showing up in your spam folder. That's because the LinkSky server has "learned" that it is actually spam and scored it accordingly.
The Bayesian system just might be the vanguard of how the spam problem will eventually be defeated. But for now, it is only one component of the anti-spam filtering system at LinkSky.
It's gets even better. Next up is a discussion of a combination of techniques to improve accuracy and provide ways to defeat incoming spam at the server - before it reaches your mailbox.
Bring It to the Next Level
Your LinkSky hosted cPanel includes two icons in the Mail section, each with similar names: Account Level Filtering, and User Level Filtering. Account Level Filtering establishes filters for every mailbox in your account. User Level Filtering is for individual mailboxes.
To put this filering utility to work, start by clicking Create a New Filter. Give your new rule a name and configure it according to what you want to the rule to "look for" in the incoming message, and what action you want the filter to take when there is a positive match.
How to use these filters is almost as important as how NOT to use them. For example, all too many times we have seen LinkSky members establish filters to match the FROM email address in the spam they are receiving. This is no good. Why? Because the FROM (or ReplyTo address) will almost never be anything but a spoofed addresses used by a spammer.
Spammers typically program their email broadcast software to send using randomly generated email addresses for the FROM address, or addresses of other people to whom they intend send spam. To create individual filters based on this address is little more than an exercise in futility.
Custom email filters can be quite effective when used properly. We recommend looking for some commonality in the subject line or body content and establish filters based on what you find. For example, if you never want to receive email with the phrase "credit score," then create a custom filter that will delete messages with "credit score" in the subject and/or body of the message, regardless of who it's FROM.
A word of caution should be noted here. Content filters can have unintended consequences if they are not well thought out. For example, if you want to filter out spam with the drug name Cialis, it is best to include other words with it, rather than setting up a filter with just this (or any) single word. In this case, the word specialist contains the word cialis within it. If your filer looks only for cialis, it will capture everything with the word specialist as well, which is probably not what you intended.
More Custom Filtering Tips
When establishing custom filters, we find the best results are obtained by filtering against the content information in the lower part of the message, rather than the From address or Subject. Much of the UCE (Unsolicited Commercial Email) that attempts to sell you something will include a telephone number, street address, or web address. Of these three, the contact telephone number may be most reliable to use in the filter.
Your spam filter will look something like this:
Condition: Body Content includes (phone number),
Action: Discard the message.
If there is no such identifying information in the body copy, then it may be time to start looking at the email header for additional content to filter against. To be effective at this, you have to reveal the full email header which is hidden from normal view. This is quite simple to do and it will give you a good amount of target content for your custom anti-spam filter. The full header expands the information behind the To, From, Date and Subject.
The full header reveals the IP address of the sender and that of any other third-party services used. This information is very useful in tracking spam. Below are instructions for revealing the full email header for variety of email client applications. For a more detailed list, click here.
Note: Older versions of Outlook contain signficant security issues, and should be upgraded.
Note: Alternatively, select the message in the IN box, then enter Command+Option+U
• Reveal email headers using Horde (webmail):
Open the message, then select the Show All Headers link under the Headers menu
• Reveal email headers using SquirrelMail (webmail):
Open the message, then select the View Headers in the left side menu.
• Reveal email headers using RoundCube (webmail):
Open the message, then select More in the naviation bar, then Show Source.
Now that you have the full email header, you'll see a number of items to use in your anti-spam filters. (Reminder: Don't bother to filter against email addresses. These are almost always spoofed, and would not be worth the effort. The same spam will keep coming from other spoofed email addresses.)
There are literally hundreds of scoring rules that combine to create an overall spam score; however, in the email headers you will only see the rules that have been triggered for that particular email. It's worth compairing the set of spam rules triggered in a few spam messages, and legimate email. This is an effective way to learn to recognize a pattern that you can use to set up a custom spam filter.
Best advice is to look for the MailScanner scores toward the bottom of the email header, then establish filtering against any commonality you see there. But do this with care so that you don't filter out legitimate email.
This is really not as tricky as it appears!
Let's look at a typical set of MailScanner rules in the header of a spam message:
X-LinkSkyHosting-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=14.985, required 5, autolearn=spam, BAYES_99 5.00,
DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10,
HTML_IMAGE_RATIO_04 0.56, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.72,
RAZOR2_CHECK 0.92, RDNS_NONE 0.79, 0.05, SUBJ_BUY 0.64,
SUBJ_ILLEGAL_CHARS 1.52, URIBL_DBL_SPAM 2.50)
You'll see the total score at the top (14.985). This message was tagged as LIKELY SPAM spam because scored over the default threshold of 5 and under 20, the threshold for high-scoring spam. Below the scoring section is a list of the individual anti-spam rules that were triggered to create the total score.
Compare the rule sets from the headers of a few spam messages to find some commonality that you can filter against. For example, if many of the spam headers contains "SUBJ_BUY", then you have something to filter against. Set up a rule like so - IF Headers include "SUBJ_BUY" THEN Delete.
RECOMMENDATION: Set up a special mailbox to receive messages that are rejected by your custom filters, at least during the period of testing your new filter.
Check that mailbox periodically for three reasons:
- To make sure it's working
- To check for any legitimate message that may have been caught by mistake
- To empty the mailbox so that the messages don't "bounce" back to the sender -- "mailbox full"
If you find legitimate messages, then you have some fine tuning to do with your filters. But if your spam catcher mailbox contains nothing but obvious spam, then your custom filter is a winner and you should be seeing less and less spam in your IN box. At this point you can consider changing your filter to delete the messages, rather than putting them in this special mailbox.
Boxing Spam with BoxTrapper
BoxTrapper is known as a challenge/response email filtering system.
Every LinkSky hosting account owner has access to their BoxTrapper utility via the Email section in cPanel. When activated, this feature will send an auto-response to the sender asking them to respond to a verification email before their message will be delivered to your IN box.
Simple enough, right? This works against most spam because spammers rarely send from their own email address. As such, the spammer never receives BoxTrapper's request for verification, and their message never gets to your IN box. But there is a significant drawback to using BoxTrapper.
The FROM/ReplyTo email addresses that spammers use are often harvested from web sites. So for every message your BoxTrapper receives, someone somewhere will get your BoxTrapper auto-response. Some of the folks that receive your BoxTrapper request for verification may think that you are the spammer! These auto-responses are called "backscatter".
The Email Backscatter Problem
When spam-bots harvest email addresses from websites, they occasionally hit sites that contain Honey Pot addresses. Honey Pot pages are sponsored by RBL (Realtime Black List) organizations and are set up as bait to catch spammers. These agencies record email sent to these addresses and then blacklist the servers that sent the spam.
So what does this have to do with BoxTrapper, or any autoresponder for that matter? Plenty!
1 - The spammer sends you message with a reply-to email address that has been raked from a Honey Pot page.
2 - Your BoxTrapper sends an auto-response to that email address.
3 - Your domain, personal IP address or your email service provider gets backlisted because the blacklisting agencies may consider the sender (you) to be the spammer.
For this reason, we caution that BoxTrapper and other similar challenge-based anti-spam methods should be used only as a last resort, and for a short period of time.
It is also a fact that every kind of auto-responder or script that sends a message in response to an event can suffer the same drawback. This includes newsletter signups, new blogger or member signups, event registrations, etc.
The message that is automatically sent (the auto-response) is called Backscatter.
Some RBL organizations are blacklisting networks and servers for producing high volumes of backscatter, even though the majority of these messsages may be legitimate.
Historically, very few email service providers would filter email based on a Backscatter RBL listings, but this practice is becoming more common as the global spam problem continues to grow.
Who's Got The Captcha?
We've learned that BoxTrapper and email auto-responders are designed to send email back to the sender.
For scripts such as newsletter signups or "contact us" forms, it is easy to avoid unwanted Backscatter by installing a Captcha script on your signup form.
A Captcha can take differnet forms. The most common type asks the visitsor to type a series of letters and numbers in a randomly generated picutre near the submit button on the form. Another type of Captcha will ask the visitor solve a simple math problem.
The concept here is that the Captcha's request will be too difficult for any web-bot automation to handle -- and this usually works.
With the Captcha in place, only humans will be able to submit your form and, if you have an auto-responder set up, it will only be sent to the email addresses of people that intend to receive it. The Captcha doesn't prevent backscatter, but it will minimize it.
Without the Captcha, spammers can run an automated script to submit your form over and over again. And if you have an auto-responder for that form, every email address that is submitted will receive it.
Some of those email addresses may belong users who are working with spy-ware hacked PCs. When your message is received, the spyware grabs your "Live" email address and broadcasts it to spammers using the hacked PC.
Without the Captcha, this scenario can rapidly turn into a kind of feedback loop:
- Spammer fills in your form.
- Form script sends an email auto-response.
- Response email gets cirulated to other spammers.
- Those spammers send you spam and they add your website to their list of sites with Captcha-less forms that are easy to exploit.
This is a situation which can very rapidly spiral out of control, getting the Linksky server IP address blacklisted.
And it is completely preventable.
Google's excellent, and free reCAPTCHA can be installed on neary any web site:
A math logic WordPress Captcha (Note: We find math captcha's to be very effective.)
The Drupal Are You Human Playthru captcha:
The Joomla KEY Captcha module (one of many available for Joomla):
Phishing is unsolicited email from a sender who's primary goal is to separate you from your valuables. And it is astonishing how effective these scammers have been over the years. Indeed, BILLIONS of dollars have been lost to these culprits.
Why are we completing our How to be 99% Spam Free e-book with a chapter about phishing? Easy. It is a near certainty that if ANY response is made to a phishing email, then your email address will be targeted for more of these same kinds of messages.
Unless you enjoy receiving email all day long about the passing of a dear (unnamed) loved one, or a warrant issued to you from the FBI, or from a lottery stating that you've won, or from Madam (insert random name here) who needs your assistance in relocating her fortune to your bank account, etc. -- then never, ever respond to any out-of-the-blue phishing attempts.
Unfortunately, more and more of us are finding it hard to resist poping open one of these messages and clicking the link therein.
Here is a major TIP that can help to avoid clicking that link, and to avoid becoming a victim of a phishing scam in the process.
Ask yourself, "What are they trying to get me to do, and why?"
Such questions will help replace emotion with logic. In doing so, you will have immunized yourself against the social engineering power behind the phishing attempt.
It's a fact: If phishing does not evoke an emotional response, then it will have no effect, then such scam methodology would dissappear overnight.
So, here's an exercise that anyone can do. Let's say you receive an email out-of-the-blue, and it has an official look about it. It may even contain well recognized company logos like FedEx, Bank of America, Amazon, etc. Here's what it says, and here's what you should ask yourself before taking any action:
You're being evicted.
"What are they trying to get me to do?"
You're telephone statement will be $899 this month. "What are they trying to get me to do?"
You're being summoned to appear.
"What are they trying to get me to do?"
There's a child predator in your neighborhood.
"What are they trying to get me to do?"
Your dear friend has just passed away.
"What are they trying to get me to do?"
You've just won the jackpot.
"What are they trying to get me to do?"
Dear I need your help to recover my vast fortune. "What are they trying to get me to do?"
And the scams go on. For all of it, just ask that nine-word question. This will help to put you in the you safe zone where phishing is concerned.
Don't just take our word for it. Let cowboy anti-phishing guru Stratus Roland tell you about all the ins and outs of phishing scams.
And for a really good time, click the YouTube button link, put the video in HD and view full screen. Then sit back and we promise you'll never cease to be amazed.