Author Archives: vbori

Honeypot: trap the spammer!

Don’t just defend yourself: attack! Did you know that you can set up traps for spammers? These are fake email addresses that you create and publish just for those who would like to send you unwanted emails. We call it Honeypot.

So how it works? It’s quite easy. First, you need to compile a list of bogus addresses which will be used as bait. It can be anything in your domain, like 1234@example.com or peter@example.com.

When you have them set up, you need to place them right in the face of spammers, where they can easily find them. Make sure that legitimate users will not run into the honeypot addresses, so when you get any emails to these “fake” addresses, you will know that they are malicious. Anyone sending to these spam trap addresses will be automatically blacklisted, so make sure you publish the honeypots on your website where only address harvester robots can pick them up (and not real users).

Ready to declare war? Read this article for detailed instructions.

 

Addressing the Self-Spam Problem

Have your users ever complained about spam which they apparently received from themselves? Spammers have a tendency to forge the sender address so they can bypass filtering  –  they either spoof a legitimate (trustworthy) sender address, or they simply insert the recipient address in the From: field to confuse their target. The latter is a phenomena what we call self-spam (for obvious reasons). There are several methods to address this problem:

Solution 1: Comparing addresses

The first method is comparing the sender and recipient addresses, and if they match, blacklist the email: it is unlikely a user will ever send an email to himself/herself which is relayed through an external server. To perform this comparison, Vamsoft provides a so called “External Agent”. External Agents can be used to extend the core functionality of ORF to address specific campaigns, among other things. To download the agent, click here. Setup instructions can be found in the readme.txt file shipped with the Agent.

 Solution 2: Sender Policy Framework record

The second method is publishing an Sender Policy Framework record. The SPF policy allows you to tell others which hosts are allowed to send emails from your domain. If a spammer tries to spoof your domain, the recipient can check your policy online, and if the sender host is not authorized to send emails from your domain, reject the email. As your own server can also check this policy, you can effectively use it to stop self spam emails. To learn more about SPF, visit this website.

Solution 3: Blacklist yourself

The third method is blacklisting your own domain name: since ORF ignores internal and outgoing emails, this will not block legitimate emails, only spoonfed ones.

To learn more about these solutions, possible caveats when implementing them, and other type of self-spam campaigns, read this article.

 

 

 

 

Vamsoft is Social

Good news! As you have might seen it already, we started to spread the news on many platforms, besides our official website. We know that it is important that you can get the news first hand and to have a platform where you can turn to us with all your questions. Now you can find us on Facebook, Twitter and LinkedIn and on Google+. What’s more, we have started blogging again, letting you know what’s cooking in the kitchen of Vamsoft. We really want to hear from you too, so if you have any questions, comments, or just a story you want to share with us, don’t hesitate to contact us on one of our social channels. Let’s talk!