Email sent to an invalid addresses causes a Delivery Status Report (DSR), also known as a "bounce message" or "bounceback"to be sent back to "From" address. Usually, when you see bouncebacks for email you did not send, a spammer was forging your email address as the "From" address.
The bounceback messages (and possibly complaints) you get are called "backscatter".
Forging someone's email address is very simple. All the spammer has to do is change the "from address" in their own email sending program. Anyone can do it and you can't really stop them.
In general, you don't want to block these bounce messages. It's important to know if someone is forging your email address. However, there are a few steps you can take:
There are two theories on why spammers do this:
Most "false positives" (legitimate messages accidentally identified as spam) occur from bulk mailing list type mailings, and not from an actual personalized email message.
There are two main reasons:
1. The recipient doesn't remember signing up, and reports your messages as spam.
Sometimes, while using an online service, purchasing goods online, or filling out a form to enter a contest, the sender is not aware or has forgotten they have subscribed to a mailing list. When the recipient starts receiving mailing list messages, they may not remember explicitly subscribing and therefore report the emails as spam.
Sometimes a company will change names and, although the recipient was happy to receive the mailings before, doesn't recognize that the continued mailings are from the same company, thereby reporting the messages as spam.
2. The sender is using a mailing list service that has been Block-Listed.
Most mailing list type services offer a link tracking service, which replaces your domain name in the message with that of the tracking domain. This allows you to track who clicked on your links, but it also masks your domain name and forces you to include a third party domain name in your email message. Since most mailing list type services have problems with spammers signing up to use their service, this link tracking URL will probably have appeared in some spam and could be Block-Listed. You could end up getting your messages blocked by including this third party domain name in your email messages.
If too much spam is seen coming from the mailing list service's mail servers, the IP addresses of those mail servers could be added to Block List of known spammers. If your recipients are subscribed to these Block List, all email from the Block-Listed servers could be identified as spam, regardless of content. "Too much" spam from these mail servers could, for example, could be triggered by just one out of 1,000 recipients forgetting that they subscribed to a mailing list.
Following these five things will allow our analysts to recognize that this message that has been reported as spam may actually be the result of a legitimate subscription. Additionally, it will allow us to quickly recognize a link tracking URL as belonging to a mailing list service (with good policies), and not the actual spammer's URL.
Following these five things will allow our analysts to recognize that this message that has been reported as spam may actually be the result of a legitimate subscription.
CAN-SPAM Compliance Even if your messages are CAN-SPAM compliant, they can still be considered Unsolicited Bulk Email, which is the term we use to define spam. Even if a recipient has sent you queries or is a current customer, it is highly recommend that you include an unsubscribe link at the bottom of any sales follow-up or advertisement related messages. It is also good to remind them of how you got their information.
Unsubscribe links that the recipient simply has to click on are less likely to result in a spam complaint. Unsubscribe links are also less likely to get you listed as a spammer by our analysts. On the other hand, if you require your users to send in a postcard or send an email to unsubscribe, the decision as to whether or not you are a spammer is more likely to go against you. This is particularly true if you state that the recipient must send an email from the email address that is subscribed, but you don't state the email address you sent to. These are all considered part of "good subscription policies".
Conventional wisdom is that you should never click on the "remove" link in spam because it will only result in more spam. However, if you follow these guidelines, you can reduce the amount of unwanted email by clicking on some "remove" links.
Place the mouse on the "remove" link without clicking it. The status line of your email program should display the domain name in the link. The domain name is the word, sometimes with dashes, before the ".com" or ".net".
Probably the most important piece of information in the Whois information is the age of the domain name. Almost no spamming domains in the US/Canada are more than three years old and almost all established, legitimate companies registered their domain name more than five years ago. A spammer typically uses a domain name for only a few months.
(We similarly study the Whois information to determine which domains to add to our URL filtering. We are not aware of any domain name which was registered more than five years ago which is blocked by our service.)
In summary, if the email is from a legitimate company, especially one you recognize, you should follow their instructions to remove yourself from their mailings.
A few countries have outlawed spam while others debate such laws. Such laws will have limited effect since most spam comes from third-world countries that will never prosecute spammers; they simply have bigger problems. The solution is technology to stop as much spam as possible, wherever possible. In our estimation, most (shady) businesses find that spam barely works; the response rate is below .01%. If everyone blocked 95% of the spam, then the cost of sending spam would increase by a factor of 20. Even the shadiest business would no longer find it cost effective and would therefore stop sending it. (Let's hope so.)
In the meantime, if most of the "open relays" in the modern countries are reconfigured by their owners to be "closed relays", it will become much easier to block the remaining spam.
In our efforts to stop spam, we regularly inform legitimate ISPs and hosting companies that their systems are being used for spam. Most will shut down the websites used by spammers. Unfortunately, most spam websites run on computers outside the US/Canada.
We have also contacted our regional US Trade representative and explained how some anti-spam services are now blocking entire countries. We were surprised and pleased that our representative forwarded our message to his counterparts in the countries being blocked. Several foreign representatives in turn contacted us and explained that they understood the damage spam was causing, understood that having their country blocked was not desirable and that they would ask their governments to take steps to stop spammers. We encourage you to also take an active political role.
The answer is that 99% of spam wants you to click on a URL (web-site), to call a phone number, or send an order to a fax number.
The first level of filtering performed by SpamStopsHere is based on the URLs (web-sites) and phone/fax numbers mentioned in spam. We have found this to be very effective - we have seen 10 completely different looking spam messages, sent from 10 different mail systems (even in different countries) mention the same web-site or phone number. By actively "harvesting" new spam, we update our URL/Phone# list every five minutes.
Although our service does not filter on content based on simple words or phrases (which is too error-prone), we do filter on distinctive long phrases found in spam. An example is "diplomas from prestigious non-accredited universities"; it is extremely unlikely such phrases would ever occur in a legitimate email. This helps us stop recurring spam in which the URL changes very rapidly.
While a person can easily recognize spam, it is not easy for computers because they do not "understand" language. Spammers have also learned to defeat most content filters based on phrases and keywords. While you may see "free money" on the screen, the email message may not even contain that phrase; instead, complex HTML code visually places those two words next to each other. Without a vision system, a computer cannot recognize this obvious phrase.
The best attempts to block spam according to its content, e.g. SpamAssassin (tm), not only miss 5 - 10% of real spam, but also incorrectly block 1 - 2% of legitimate emails.
Since SpamStopsHere does not use content filtering based on "obvious" words and short phrases, it is much less likely to block legitimate emails. It can even be used by medical and legal organizations in which legitimate emails might discuss prescription medication, mortgage rates, profanity, and sexual terms.
An open-relay is a mail server which is not configured properly to prevent anyone on the Internet from using it to send e-mail messages. This is often unintentional, but is sometimes intentional. It is often the result of the organization owning the mail server not understanding security settings or just not caring about the consequences. Until the last few years, the default settings for most mail servers on Unix/Linux were as open-relays; many of these older machines are still running that way.
Spammers search the Internet for open-relays and then "program" them to send a continuous stream of spam. The owner of the open-relay typically learns of this via a flood of angry e-mails and then takes steps to shut it down. By then the spammer has moved on to another open-relay.
As explained above, most spam comes from criminals and shady businesses. Lists of millions of e-mail addresses are readily available for as little as $100. To send the spam to millions of addresses, they must use "cooperative" mail servers. Most legitimate mail servers are protected from spammers and most ISP prevent users from sending huge numbers of emails. Therefore spammers have to resort to the following methods:
No! Spam often has a fake "Return address" to try and fool you into thinking it came from Yahoo, Hotmail, or even Merrill Lynch. There rarely is a real Return-Address.
Most spam is sent from mail systems in the Far-East and South America; some is sent from mail servers and personal computers in the US/Canada that have been compromised (hacked) by spammers.
Since most spam wants you to click on a link or call a phone number, there is no need for a real email "Return" or "From:" addresses.
Some spam is even sent with the same "To:" and "From:" addresses. If you set up a simple spam filter which sends the email back to the sender, you end up sending the spam to yourself, which is the spammer's intention.
Most spam is sent by unethical hustlers, pornographers and outright scammers. Many spammers have criminal records; some attempt to dupe people into revealing their Credit Card number while "ordering" a product or service that doesn't really exist or has minimal value. Another primary purpose of spam is to dupe legitimate home businesses into purchasing an email list or spam service. In many countries, sending spam is illegal and is a sure way to ruin your business. In short, spam may work for criminals and shady businesses, but it does not work for legitimate businesses.
Never respond to a spam message; it can lead to harassment, attempts to hack your computer and attempts to steal your credit card number or identity. At a minimum, it will lead to more spam, especially if you click the infamous "Click to remove" link. For these reasons, it is important to block as much spam as possible and explain the dangers to your employees and family members.