CONTACT US | SITEMAP
 
 
Search:
 
Home > Resources > Email Abuse

Spamming

1.0 Description

This document provides a general overview of email abuse: spamming . This document will help you to respond to these attacks.

Email "spamming and get-rich-scheme" is in which one email is sent to hundreds and thousands of addresses. Worse situations would be when the email is sent to mailing lists, in which the email is forwarded to hundred other users. The email can be in the form of chain letters or get -rich-scheme.

Spamming may be combined with email spoofing (in which the header is altered and makes it more difficult to trace the sender).

2.0 Technical Matters

2.1 If you provide email facilities to your users, your users are vulnerable to spamming.

2.2 Email spamming is almost impossible to prevent. Users with valid email address can "spam" other user with any valid email address.

2.3 When a large number of emails are directed to or through a single site, the site will experience time lag, and faked email address will cause bounced emails, that will eventually cause denial of service, in which the server may lose network connectivity, system crashes or failure of service.

2.4 Filling the disk space as a result of multiple postings and resulting growth of log information.

3.0 Possible Steps

3.1 Detection:

If your email system appears to be slow, emails not sent and received appropriately, your system might be processing too many emails.

If your users are complaining of full mailbox, they may be victims of spamming.

3.2 Reaction:

3.2.1 For providers / ISP:

Identify the source of the email-bomb. Review the email header for the email origin. Obtain the user account/identity from your logs. If it is a dedicated host/IP, configure your router to block any incoming packets from that host/IP.

Review the information on email policy and procedure in your organization. If your organization don't have the policy or so called Acceptable Use Policies (AUP), then may be it is a good time to create one. Refer to some samples on AUP for the reference.

Ensure you are updated to the latest sendmail version.

3.2.2 For individual email:

If you have been spammed, there are few steps can be taken before you can forward the mail to your ISP or to the spammer's provider.

First you have to find out the domain name the spammer is using. This can be done by looking at the full header of the mail. View and read the full header and determine the originate of the spammer. Then forward the mail with the full header to your ISP or the spammer's provider.

To find the appropriate email address to send, you can search the web page. Usually, you can get the contact email address through the web page. You may also use whois command to find the contact person of the domain (if it is a known domain/Internet provider).

Most ISPs have a dedicated email account for reporting email abuse such as . Another alternative, send it to or .

There are some etiquettes involve when you want to send an email to the ISP or the spammer's provider.

3.2.3 Please cc your spam report to MyCERT:

When you report to the ISP we would appreciate if you could cc your spam report to MyCERT for our record and reference purposes. However, if you receive mass spam emails daily, then it is not necessary to cc MyCERT. Reporting to the ISP without having to cc MyCERT would be sufficient.

3.3 Prevention:

Unfortunately, there is no easy way to prevent spamming. It is impossible to predict the origin of the email. There are sites that collect emails and sell/provide them to companies to market their product. Users have to be careful not so surrender their personal information, email address and password to any parties on the Internet, especially via the Web.

What you can do to prevent your organization against spamming:

3.3.1 Develop in-house tools to help you recognize or alert you to respond to a spamming. The tools should increase logging of your email packets, incoming/outgoing. Once you identified the emails, you can use other tools to discard the emails.

3.3.2 If you have a small network, you may want to configure your firewall or router to route all SMTP packets to your central email hub. Although this will not prevent attacks but it will reduce the amount of available SMTP port for SMTP-based intruder attack. This also means that if you wish to filter your emails, you can easily do so, by wrapping the sendmail server.

The sendmail 8.8 allows filtering that helps control abuse of smtp ports, and email abuse such as spamming. Please refer to sendmail version 8.8 for sendmail antispamming implementation.

3.3.3 Educate your users to inform you of spamming activities. Incorporate relevant policy and procedures in managing your email usage.

3.3.4 Do not propagate the problem by forwarding or replying to spam emails.

4.0 More Information

4.1 Visit spamming site.

4.2 Tips and help for regular users.

4.3 Computer Virus Hoaxes.

4.4 Defeat the Chain Letters.
   

Disclaimer | Copyright © 2008 - CyberSecurity Malaysia