Home
>
Spam Blocking
>
How Spammers Fool Whitelists - And How to Stop Them

How Spammers Fool Whitelists - And How to Stop Them

Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient, effective communication tool it was intended to be.

One method used to combat spam is whitelisting. Whitelists are databases of trusted email sources. The list may contain specific email addresses, IP addresses or trusted domains. Emails received from a whitelisted source are allowed to pass through the system to the user's email box. The list is built when users and email administrators manually add trusted sources to the whitelist. Once built, the catch-rate for spam can be close to 100%, however, whitelists produce an inordinate number of false positives.

It is virtually impossible to produce an exhaustive list of all possible legitimate email senders because legitimate email can come from any number of sources. To get around this difficulty, some organizations have instituted a challenge-response methodology. When an unknown sender sends an email to a user's account, the system automatically sends a challenge back to the sender. Some challenge-response systems require the sender to read and decipher an image containing letters and numbers. The image is designed to be unreadable by a machine, but easily recognizable by a human. Spammers would not spend the time required to go through a large number of challenge-response emails, so they drop the address and move on to those users who don't use such a system.

Whitelists are only partially successful and impractical for many users. For example, problems can arise when users register for online newsletters, order products online or register for online services. If the user does not remember to add the new email source to their whitelist, or if the domain or IP address is entered incorrectly, the communication will fail. Additionally, whitelists impose barriers to legitimate email communication and are viewed by some as just plain rude.

Whitelists are not widely used by email users and administrators as a primary tool to fight spam because of the high number of false positives, and the difficulties in creating a comprehensive list of email sources. Because whitelists are not widely used, spammers typically do not develop countermeasures. As with other spam fighting techniques, whitelists are most effective when used in conjunction with other anti-spam tools.

The Solution

When used individually, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of the population to adopt the same anti-spam method in order to be effective. You can learn more about the fight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting enterprise anti spam solution today.

family-safe home cleaners Morton Grove ..

In The News:

Discover Android's new Sound Notifications feature that alerts you to smoke alarms, doorbells, and baby cries even when wearing headphones.

New SantaStealer malware reportedly threatens holiday shoppers with password theft. This Christmas-themed info-stealer targets browsers and crypto wallets.

The Christmas season brings a surge in Netflix phishing scams targeting shoppers with fake emails. Stacey P received convincing scam but verified account first.

San Francisco Giants invite Jamie Grohsong to throw ceremonial first pitch at Oracle Park after he learned to play baseball with a bionic hand following an injury.

FBI warns cybercriminals are stealing family photos from social media to create fake proof of life images in virtual kidnapping scams targeting victims.

Instagram's new 'Your Algorithm' tool lets you control your Reels feed in real time. The app now gives you power to customize what videos you see.

Major Marquis fintech breach exposes 400,000-plus Americans' data through unpatched SonicWall vulnerability, with Texas hardest hit at 354,000 affected.

Free up iPhone storage fast by clearing large photos and videos from Messages app. Simple steps for iOS users to delete attachments without losing chats.

Scammers are flooding inboxes with fake tracking alerts that mimic real carriers, exploiting the holiday rush to steal logins and personal data.

The Fox News AI Newsletter brings you the latest news on AI technology advancements and the challenges and opportunities AI presents now and for the future.

Texas family reunites with missing 11-year-old cat Grayson after 103 days using Petco Love Lost's AI photo matching technology and community help.

Tired of AI customer service loops? These insider tricks help you escape "frustration AI" and get real human help when you need it most for urgent issues.

Unlock richer audio from your streaming apps with simple tweaks to volume normalization, equalizer settings, and quality preferences for cleaner sound.

Scammers are sending fake Facebook settlement payout emails that mimic legitimate notices from the privacy settlement administrator to deceive users.

Holiday shopping scams surge as fake refund emails target distracted consumers during Black Friday and holiday seasons, costing Americans billions annually.

The AI-powered IRMO M1 exoskeleton features four modes, including turbo, eco, training and rest for hiking, running, cycling and sports with eight-hour battery life.

OpenAI announced upgrades for its ChatGPT Images platform on Tuesday, saying the program can now make more precise edits and produce images more quickly.

Chrome for Android now turns web articles into AI-powered podcast conversations. Get hands-free browsing with Google Gemini's natural audio summaries.

LastPass faces $1.6 million fine from U.K. regulators after 2022 data breach exposed 1.6 million users. Password manager failed proper security controls.

Petco disclosed a data breach exposing customer Social Security numbers, financial account details, and driver's license information due to a software error.

Baseball teams can now analyze complete swing mechanics in normal training environments using Theia's markerless AI system that processes standard high-speed footage.

Smart home hacking fears overblown? Expert reveals real cybersecurity risks and simple protection tips to keep your connected devices safe from hackers.

MIT develops needle-free glucose monitor using light technology. Revolutionary device could replace painful finger pricks for diabetes management.

The ClickFix campaign disguises malware as legitimate Windows updates, using steganography to hide shellcode in PNG files and bypass security detection systems.

Researchers from Osaka Metropolitan University designed a 21-foot dome that combines aquaculture and hydroponics to create a self-sustaining urban food system.

How Spammers Fool Whitelists - And How to Stop Them

Spam Blocking