You probably have a pretty good idea how well you're doing in the fight against spam based on the feedback you get from users. However, spamming techniques continually evolve and keeping up the fight is challenging.
Take this quiz to test your understanding of spam and pick up some spam mitigation tactics along the way. (Scroll down to the bottom of the page for the answers.)
1.) What term describes a version of e-mail spoofing in which the message looks like the recipient sent it to himself, i.e. the recipient's name appears on the "from" line as well as the "to" line?
2.) To avoid directory harvest attacks (DHAs), one – albeit misguided -- school of thought is to accept all e-mail, whether or not the recipient is valid. How does this decrease the chances of a successful DHA?
3.) What is the name for a denial-of-service attack that results from mail transfer agents (MTAs) sending bounce messages to a valid source address that has been spoofed in spam?
4.) What type of program harvests e-mail addresses from the Internet in order to build mailing lists for sending spam?
5.) According to MessageLabs, nearly 70% of all spam and phishing e-mails now originate from vast armies of compromised, robot-like machines. What are these compromised machines called?
6.) What are the two methods used in a DHA to harvest valid e-mail addresses?
7.) What antispam capability in Exchange 2003 blocks messages that are destined for users who do not exist within the Active Directory?
8.) What is the word for the deliberate alteration of an e-mail address so that a human reader can decode it but a spambot cannot?
9.) What word describes the practice of comparing the routing addresses of incoming e-mail to a list of servers that spammers are suspected of using in an effort to block spam?
From the editors: More quizzes
Can't get enough quizzes? Check out our links below.
Geek speak: All hail email security!
10.) In programs used to filter spam, what is the term for a legitimate message mistakenly marked as spam?
1. Self-sending spam is unsolicited e-mail that looks like you sent it to yourself; your name appears on the "from" line as well as the "to" line. (Read the rest of the definition.)
2. Answer from Worst
practices in antispam and antivirus defense:
The second reason why you might accept e-mail that your MTAs can't deliver is in a misguided attempt to deal with directory harvest attacks (DHAs). The theory behind a DHA is that the spammer tries every possible e-mail address, starting with email@example.com and ending with firstname.lastname@example.org, in the hopes of identifying those that are legitimate. If you only accept mail for existing users, then you expose your e-mail directory to the spammer. They find out who can receive mail and, it is presumed, can more efficiently send you junk mail. To avoid the dreaded DHA, one school of thought is to simply accept all mail, whether or not the recipient is valid. This doesn't give the spammer any information, although it does tie up your MTA while it accepts mail for nonexistent users. (Read the rest of this article)
3. Answer from Worst
practices in antispam and antivirus defense:
It's even worse if the spammer puts in a valid address. You now send a bounce message to someone who didn't send the e-mail in the first place. In the quantities that spammers send their junk around, this amounts to a denial-of-service attack. There's even a name for it: a "Joe job" attack. The last time this happened to my company, we collected over a million bounced messages from MTAs that had accepted mail they couldn't deliver -- and then wanted to return it to us. That's a lot of really stupid MTAs. (Read the rest of this article)
4. Answer from the SearchSecurity.com
A spambot is a program designed to collect, or harvest, e-mail addresses from the Internet in order to build mailing lists for sending unsolicited e-mail, also known as spam. A spambot can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations. Because e-mail addresses have a distinctive format, spambots are easy to write. (Read the rest of the definition.)
5. Answer from Invasion force:
Attackers can use the bots and their hosts for a variety of purposes, some seemingly innocuous to the compromised enterprise. For instance, botnets have become the distribution method of choice for spam and phishing attacks. According to e-mail security service provider MessageLabs, nearly 70% of all spam and phishing e-mails now originate from botnets. Tracing these attacks is difficult due to the many layers between the source machines and the attacker. (Read the rest of this article.)
6. Answer from the SearchSecurity.com
A directory harvest attack can use either of two methods for harvesting valid e-mail addresses. The first method uses a brute-force approach to send a message to all possible alphanumeric combinations that could be used for the username part of an e-mail at the server, up to and including those of length n characters (where n is some preset positive integer such as 15). The second and more selective method involves sending a message to the most likely usernames -- for example, for all possible combinations of first initials followed by common surnames. (Read the rest of the definition.)
7. Answer from Built-in spam
Another antispam option found on the Message Delivery Properties sheet is recipient filtering. Recipient filtering involves blocking messages sent to particular recipients. At first, such an option might sound ineffective in the war against spam, but if you look at the Recipient Filtering tab you will notice that the tab contains a check box labeled Filter Recipients Who Are Not In The Directory. This option allows Exchange to block all messages that are destined for users who do not exist within the Active Directory. (Read the rest of this tip.)
8. Answer from the SearchSecurity.com
Munging is the deliberate alteration of an e-mail address online with the intent of making the address unusable for Web-based programs that build e-mail lists for spamming purposes. (Read the rest of the definition.)
9. Answer from Beware of DNS
DNS blacklisting is the practice of comparing the routing addresses of incoming emails to a list of servers that spammers are suspected to use. If an email appears to be from a blacklisted server, it is blocked, usually with a 503-type error for the recipient (assuming the recipient is contactable!). (Read the rest of this tip.)
10. Answer from the SearchSecurity.com
In programs used to filter spam, a false positive is a legitimate message mistakenly marked as spam. Messages that are determined to be spam may be rejected by a server or client-side spam filter program and returned to the sender as bounce email. (Read the rest of the definition.)
How'd you do?
9-10 correct: Spam slayer
6-8 correct: Spam sufficient
3-5 correct: Spam softie
0-2 correct: Spam slacker
This was first published in April 2005