Tags: spam traps

Insights About Spamhaus & SpamCop

Insights About Spamhaus & SpamCop

Beyond • February 27, 2017

In previous posts, we have discussed types of spam traps and how an email marketer can stay out of them. In this article, we are going to talk about the blacklist services Spamhaus and Spamcop. Spamhaus Spamhaus is an international non-profit organization that helps the majority of Internet Service Providers, ESPs, corporations and other security vendors by tracking spammers and blocking the vast majority of spam and malware sent over internet. It provides several blacklists such as SBL, XBL, PBL, DBL and ZEN, which can be used by mailbox providers for protection against spam-like activities. SBL - The Spamhaus Block List is the collection of IP addresses from which Spamhaus doesn’t recommend the receipt of email. It is maintained by a devoted team of investigators spread over 10 countries. XBL - Exploits Block List is a real-time database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines and other types of trojan-horse exploits. PBL - The Policy Block List is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server, except those provided for specifically by an ISP for that customer\'s use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges. DBL - The Domain Block List is a real-time database of domains (typically web site domains) found in spam messages. Mail server software capable of scanning email message body contents for URIs can use the DBL to identify, classify or reject spam containing DBL-listed domains. ZEN – This is the latest Spamhaus list which combines all of the blocklist zones. It is the most recommended, as it integrates the feature of SBL, XBL, PBL. Rather, you should be using only zen.spamhaus.org in your IP blocklist configuration. Never use ZEN together with other Spamhaus IP blocklists as it will simply be wasting DNS queries and slowing your mail queue. SpamCop Spamcop is the premium service for reporting spam and it gets its list by crawling the internet and from users that report spam. Spamcop discovers the genesis of unwanted email and reports it to the pertinent Internet Service providers. It’s reporting service is free and you can get started by clicking this link: https://www.spamcop.net/anonsignup.shtml. What is the SpamCop Blocking List (SCBL)? The SpamCop Blocking List (SCBL) is a combative spam-fighting tool that indexes IP addresses which have transmitted reported email to SpamCop users. The SCBL is a quick and automatic list of sites sending reported mail, with multiple report sources, including automated reports and SpamCop user submissions. The SCBL also quickly and automatically delists these sites when reports cease. You can read about the working rules of SCBL and it’s implementation here: https://www.spamcop.net/fom-serve/cache/297.html. What to do if you are listed on a Spamhaus or Spamcop blacklist? Take prompt action: To know if you are listed on Spamhaus enter your IP address or domain name here: https://www.spamhaus.org/lookup/ . If you are blocked on Spamhaus, getting delisted should be your first concern as it will affect your deliverability. Review your recent email sends to find the possible issues that triggered the blacklisting. Gauze your list for bounces and inactive email IDs. Resolve the issue: To get delisted from Spamhaus, you need to fix the issue that caused the blacklisting. Your technical support will be able to guide you through the process. Some of the points you should check are: Review your list procurement - Investigate all your sources of list acquisition and stop sending emails to rented or purchased lists. Follow all the components involved to maintain list quality such validation of email addresses and implementing double opt-in. Remove inactive & bounced IDs: Inactive users are vulnerable to spam traps. These are users not engaging to your campaigns and a segmentation policy should be placed to filter out these contacts. Mailbox providers will send an unknown user code a year in advance before turning it into a spam trap. It is important that you identify bounces and remove contacts identified on feedback loops. As soon as you complete the above checklist, follow the delisting process here:  https://www.spamhaus.org/lookup/. While completing the delist form, briefly inform them that you have fixed the issue. Once you are removed from a blacklist, make sure to monitor metrics like complain rates, unknown user rates and spam trap hits proactively.


Read More

Honey Pot Spam Traps

Beyond • November 28, 2016

‘Honey Pot spam trap,’ a term you’re likely to surmise as being a baiting technique used to trap spammers. It’s a technique used by Internet Service Providers (ISPs) and anti-spamming authorities to identify and penalize spammers. The ‘honey pot’ for a spammer is obviously contact details, or more precisely, email IDs. Spammers use harvesting softwares to collect random email IDs from the web, which are filled up by users on different forums and websites. Databases containing harvested email IDs are then sold to innocent marketers (the lazy ones), who seek some fresh new prospects for their email marketing campaigns. At the end of the day, these email IDs get bombarded with marketing emails, which they have never subscribed to and are of no relevance to them. So the next time you find your inbox cluttered with marketing emails, you’ll have a clue about how you have fallen prey to spamming. Even the best offers will not placate the customer who finds spam in their inbox. However, spamming will hurt the marketer more than it does to a prospector customer. Anti-spam organizations, who have been unrelentingly fighting spam for so long, create and spread email IDs across the web so that they get harvested by spammers in order catch them red handed. If you send an email to these IDs, no matter if you agree or not, you will be booked as a spammer. Beware this honey pot can give you a sour mouthful. This technique is called a ‘Honey Pot spam trap.’ Project Honey Pot: Project Honey Pot is bad news for spammers. Spammers guffawed all over cyberspace and celebrated their heyday. It was affecting the email marketing industry and people started to hate email marketing, which is and was one of the most effective ways to deliver your marketing messages. Matt Prince and his anti-spam fighters at Unspam stepped into the scene with this brilliant web based Honey Pot network, to identify spammers and the spambots they use to harvest addresses from websites called Project Honey Pot (PHP). Today, PHP serves various government and law enforcement organizations to fight and reduce spamming. The PHP software installs addresses on your website, which are custom tagged to the time and IP of a visitor (even if it is a bot). If these addresses start receiving messages, obviously it is a clear case of spamming. We will also be able to track the exact time when these addresses were harvested and also the IPs which did that. In simple layman terms, PHP will include email addresses on your website which are invisible to the naked eye (display: none CSS rule), but which bots can scrape. Each invisible email address is a unique email address leading the spammer into the spam trap. Today Project Honey Pot stands tall as far as combating spam is concerned. In fact, they have even diversified their efforts to defend against other types of spamming. They have taken initiatives to prevent comment spamming and also dictionary attacks. PHP also launched services which leverage the data to allow website administrators to keep malicious web robots off their sites. The stats are in favor of this organization in fighting spam: Project Honey Pot so far: Project Statistics (as of June 18, 2016) Time From Harvest To First Spam Slowest: 3 years, 4 months, 2 weeks, 3 days, 21 hours, 1 min, 31 secs Fastest: 1 sec Average: 2 weeks, 5 days, 11 hours, 49 mins, 41 secs Harvester Traffic 1.55% of all honey pot visitors are harvesters Spams Sent 951.9 messages to the average spam trap address 1,700,752 messages sent to the most targeted trap Spam Servers Per Harvester 414.4 spam servers per harvester Monitoring 123,004,531 IPs 228,934,209 spam traps Identified 256,773 harvesters 375,028 search engines 106,406,578 spam servers 1,280,557 comment spammers 27,580,502 dictionary attackers 30,896 rule breakers 382,951 bad web hosts Active (This Week) 3,116 harvesters 137,139 spam servers 5,149 comment spammers 34,760 dictionary attackers 111 rule breakers Received 2,839,586,684 unique spam messages 5,677,168 unique messages this week Monitoring Capability 618,345,000,000 spam traps Top-5 Countries For Harvesting China (32.5%) Spain (12.2%) United States (8.7%) Romania (4.4%) Germany (3.2%) Top-5 Countries For Spam Sending China (9.3%) Brazil (8.5%) Russia (6.8%) United States (6.4%) India (6.0%) Top-5 Countries For Dictionary Attacks India (10.9%) Brazil (8.4%) Russia (7.1%) China (6.2%) Vietnam (5.9%) Top-5 Countries For Comment Spamming China (31.2%) United States (15.9%) Russia (10.0%) Ukraine (5.5%) Brazil (3.8 %) Source: https://www.projecthoneypot.org/statistics.php You can also be part of the effort to fight spam. Count yourself in by giving your details on the PHP website and agreeing to their policies and agreements. You need to do this to enroll your website in project Honey Pot. If more websites contain the PHP software, the more effective it will be in fighting spam. Basically, PHP is a collective effort by a group of individuals working together to fight spam. How to drop off the Honey Pot spam list: It is always recommended that email marketers use services like the ProjectHoneyPot.org, Windows Smart Network Data Services and Return Path’s Sender Score tool to ensure list hygiene. You can accidentally find yourself tangled in the spam trap in the following scenarios: You are reusing an IP which was listed in the spam trap. Your ISP did not play it’s part in preventing spam and complying with the best practices to prevent spamming from the email server you share or are a part of. In such cases, it will be /24 listing and you can request to be whitelisted. Your IP address has been involved in the activity without your consent or knowledge. Spamming/malware bots do have a way of infecting systems without the operator knowing they are there. If this not the case you have to check on your email marketing practices because it’s pretty certain you were directly or indirectly involved in spamming. A honey pot are an automated system and have nothing to do with you on a personal level. Since it is possible to get into a honey pot list inadvertently during your email marketing endeavors, the remedies are as follows: You can send a request to whitelist your IP. You may automatically whitelist any IP within the /24 of your requesting IP. Whitelisted IPs will automatically become delisted by bad activity occurring after the whitelisting date. A delay penalty will then be incurred for the next whitelist submission. Remove all those email Ids from your email list who have never clicked or opened your emails for a span of 6 months. ( this is a preventive measure but will save you from hitting a spam trap multiple times) If you are an email marketer and have been for some time, then you will be well aware of the fact that it is the marketing channel which gives the highest ROI when compared to other digital marketing channels. Emails are personal communication to a customer and spamming exasperate them. As responsible marketers, we should preserve and sustain the channel and join the fight against spam. Happy sending!


Read More

How Do Dead Email Addresses Get Turned Into Spam Traps?

Practical Marketer • September 20, 2016

Brands that depend on email marketing always ensure that they check the spam scores of their emails before hitting the send button. Regardless of following all measures of legitimate email marketing, are you falling into the prey of spam traps? This happens when you fail to keep your subscription list updated enough. ISPs choose inoperative addresses to use as spam traps A spam trap is an email address which is specially created by ISPs to find spammers.  ISPs pick random dormant email addresses and customize them into their version of spam traps. It could be those email IDs which were once active, but after a period of inactivity, they started returning hard bounces. If theses addresses receive emails, ISPs will understand that the list is either purchased or rented. Mostly rightful though enervated digital marketers fall into this trap as they fail to revise their list regularly. Drop your Hard Bouncers or get stacked into the spam can Mailers should be clear about the types of bounces they receive for their email campaigns. Hard bounces occur when the email address is either invalid or it doesn’t exist. All types of terminated email addresses including Hotmail aliases return hard bounces even if their primary addresses are still active as Mailer Daemons are unable to identify them. If you continue to send emails to hard bounces ISPs smell it as spamming and will finally lump you into the spam can. Attrition rates can overshoot one-third of your list Churn rate is an important factor for any business with a subscriber-based service model. It can multiply up to one-third every year. There could be numerous reasons for which people drop their email addresses but one of them could be the rapid increase in the use of Hotmail aliases by customers. People hide their primary email information from the marketers by creating aliases and dispose of them later. The primary reason driving email churn is the value and efficacy of your marketing campaign. Lack of relevance of your content, over-emailing could be some of the marketer driven reasons. The other reasons could be the change of domains, perhaps a start-up business failed to flourish and all the email addresses associated started returning hard bounces. The common types of spam traps are: Pure, Pristine or True Spam Traps are either created by ISPs, mailbox providers or blacklists services like Spamhaus, Spamcop. They place these email addresses on public websites in a way that is hidden from a normal user but can be scraped by email harvesting bots. Mailing to pristine spam traps can cause several deliverability issues and can even lead to blacklist. Recycled Spam traps are those email addresses that were used by real users in past became abandoned and then converted into a trap by mailbox providers. If you follow unclear list collecting practices you may pick recycle spam trap. Is it possible to remove 100% spam traps from your list? ISPs, anti-spam authorities and inbox providers such as Gmail, Yahoo, AOL and Hotmail never disclose which email addresses are traps. Revealing this list will certainly weaken their purpose of catching spammers. The optimum possible solution is to follow proper list acquisition process. It is always preferable to monitor your reputation proactively using Return Path reputation monitoring. The biggest small change to your email marketing strategy Your company must delete all the hard bounce email addresses on priority. The result will be visible in your campaign reports as an increased open rate. Companies relying on email marketing can put to an end by the blockage of their email marketing campaigns. Hence, it is important for a legitimate email marketer to consider their list cleaning as imperative as making payroll. Benchmark Email adds these addresses to a suppression list which ensures that even if you send emails to them will not get delivered as we understand they are of no use. We want our customers to practice lawful email marketing, therefore we have decided to educate them.


Read More