You’re diligent about protecting your online identity. You may use disposable email addresses,limit forum posting or mask your email address with special characters or spaces when you do. Yet, somehow, despite your considerable efforts, spam finds its way into your inbox.
This common scenario is plaguing both casual and enterprise users. Latest estimates claim
spam represents over 90% of all email. Like millions of others, you’re probably wondering how this happens. Sometimes, a well meaning friend or co-worker is the culprit. Ever received one of those email chain letters?
Typically they contain your address, and a host of others, and by the third round of forwards,
chances are it will land in the hands of a spammer. But a more sophisticated method may also be used. In a Directory Harvest Attack (DHA), or dictionary attack, spammers employ the use of an automated program, called a botnet. This script targets known domains (think gmail.com or yahoo.com) and using common names, attempts to guess email addresses. The botnet sends an email to the address and in a simple process of elimination, those that come back undeliverable are discarded, while those that don’t become new additions to their spam databases. While an annoyance to end users, this tactic can also hobble corporate email servers overwhelmed by the sheer number of requests.
As we consider potential solutions, there are a few initial steps that come to mind. As a first
line of defense, do take care with online postings. Next, avoid using common names in your
address. Opt for tougher to guess combinations – something including numbers and letters. In
the end though, these remedies may prove ineffective for larger organizations.
In that case, a software solution is the answer. With the rise in these types of attacks, security
software vendors have responded with tools that can help foil DHA attempts. These services
can monitor statistics like frequency of misaddressed e-mails sent from a given IP address; if
the number crosses a predefined threshold, messages or senders are rejected. In the end, a mix of end-user education, policy, and software will likely be required to keep your company email addresses shielded from spam databases.
This guest post was provided by Veronica Henry on behalf of GFI Software, a leading
software developer that produces network and messaging security solutions for SMBs.
More information about GFI anti-spam solution can be found at http://www.gfi.com/mes
All product and company names herein may be trademarks of their respective owners.
RetroHack is happy to consider guest posts. If you’re interested in submitting a post to this blog, please contact us rather than leaving a comment to this particular post. No compensation was offered, requested, expected, or received for posting this article…it’s just good content, however I do create guest posts hosted on other blogs on behalf of GFI Software for pay.
You might also enjoy:
