Article
2446
Stop Snowshoe Spam in Its Tracks
Winter is approaching, it's chilly out there, and many of you are digging out from under a blizzard … of unwanted email. I'm talking about snowshoe spam, which these days accounts for up to 50% of spam volume.
Just as snowshoe distributes weight across a large surface to avoid falling through the ice, snowshoe spamming spreads spam output across many IPs and domains — in effect, “spreading its weight” so it doesn't trigger automated filters. Using these techniques, spammers use many small IP ranges on many ISPs, which in turn use many different domains that rapidly change IP addresses. Snowshoe spam is particularly tricky because it appears to come from seemingly legitimate, uncompromised IP addresses.
Most importantly, although these IPs usually sends a modest volume of bulk email, collectively these anonymous IP ranges are capable of huge throughput. The result? An avalanche of spam.
Fortunately, M+Guardian and Spamhaus are there to shelter you from the harsh elements. M+Guardian now incorporates Spamhaus’ newly announced Composite Snowshoe (CSS) block list to combat the dramatic rise in snowshoe spamming.
Spamhaus CSS is an automatically-generated list of IPs that have been detected sending snowshoe spam. CSS listings are automatically removed a few days after the last time a listed IP or one of its near neighboring IPs stops sending snowshoe spam. The Spamhaus block list team is taking the CSS data and continue to create manual listings for active snowshoe ranges, identify the spammers behind snowshoe operations, and associate those listings with Register Of Known Spam Operations (ROKSO) records or create new records where appropriate.
We knew that, even though several botnets were knocked offline last summer, the reprieve would be short lived. Fortunately, there are organizations like Spamhaus to fight the good fight. It might seem like the good guys are always one step behind, but spam-blocking by nature is reactionary. So, a more accurate way to think about it is we're hot on their heels, always watching and quickly reacting.
Click here for more detailson how Messaging Architects and Spamhaus are working together to protect your messaging network.
– Maximilian Morgan
M+Guardian Product Manager
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
- Check out What's New in the Latest Release of M+Guardian
- Messaging Architects Awards Danville School District's Christel Powell for her Commitment to GroupWise and the M+Platform
- Dealing with the Latest Risks in Corporate Messaging: Eliminating PDF Spam with M+Guardian
- Case Study: M+Guardian and the College of Veterinary at Medicine at Michigan State University
- Release of M+Guardian 2007.3 Confirms Messaging Architects' Path as Technology Innovator in Messaging Security
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- 2446 reads
0