FAQs - SPAM Filtering

How much junk email (spam) do companies receive?
	On average, 65% of the email that our customers receive is identified as spam, with some companies receiving as much as 80%.

If laws and regulations don't work, does that mean we have to live with spam?
	While it still helps to regulate the Internet and "police" junk emailers, most industry analysts advise companies that the best defense is to deploy anti-spam technology, with a focus on perimeter or gateway protection solutions. They also encourage companies to make sure that the solution they select is updated frequently to address evolving spammer tactics.

In addition to spam, viruses, and Directory Harvest Attacks, what other types of email-borne attacks are problematic for companies?
	There are a number of SMTP connection and content threats that can adversely affect the unprotected email server. Denial of service attacks, long standing open SMTP connections, email bombs, and even chain letters can overrun server transaction capacity or message store space.

Isn't spamming illegal? How are spammers able to get away with it?

There are approximately six bills that have been introduced at the Federal level, but no legislation has been enacted at this time. 15 states have anti-spam laws, which mostly carry fines, but they only effect spammers who live in the state with the legislation and who spam email users in that state. Spammers avoid getting caught by changing their own email address frequently, making it hard to track them down. They also use resources in other countries to send out their email blasts. In fact, 50% of all spam sent to U.S. email-users originates outside of the country. Spammers usually send their blasts from countries without anti-spam legislation, but even European and Canadian anti-spam laws do not cover inter-country activity.

What is a Directory Harvest Attack?

Directory Harvest Attacks (DHAs) are a sophisticated technique that spammers use to bypass typical email server checking mechanisms in order to access directories and receive a list of valid email addresses. During a DHA, spammers attempt to deliver messages to multiple addresses, such as johndoe@yourcompany.com, jdoe@yourcompany.com, and john@yourcompany.com. Addresses that are not rejected by the receiving mail server are determined as valid. These addresses are compiled and sold to other spammers worldwide. This is why a brand new email box can be full of unsolicited, junk email just hours after it has been set-up.

What is the relationship between a Directory Harvest Attack and spam?
	DHAs are used to "harvest" valid email addresses, which are then sold to spammers who use the addresses to launch massive spam attacks, typically within 36 hours.

Why has the spam volume been increasing for companies?

The dramatic growth of spam has been fueled by the use of a sophisticated email address collection technique called a Directory Harvest Attack (DHA). Spammers use DHAs to collect thousands of valid email addresses from unprotected mail servers. They also have become more advanced in the use of graphics, HTML, and techniques that introduce minor differences into each spam message. This technique is used to defeat the simple signature-based or reference database anti-spam methodologies (that depend upon large volumes of identical message being sent in order to identify junk email). CyberLynk's experience is that 90% of spam messages are unique — so these types of filtering technologies are often ineffective.