Natalia Merzlyakova - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

How does snowshoe spam evade spam blockers?

Spam can use a process called 'snowshoe' to evade spam filters. Enterprise threats expert Nick Lewis explains how to block snowshoe spam.

Can you explain how the process called snowshoe helps spam evade antispam products? Is there anything my enterprise should implement to prevent this sort of spam?

In snowshoe spam, a spammer uses a large number of IP addresses -- most likely from a botnet or other compromised systems -- to send a small number of spam emails to a particular system while not exceeding the per day, per IP or other limits the email system has in place for detecting and blocking spam.

This same snowshoe technique can also be used to conceal the source of an attack. A large number of systems could be used to scan for vulnerabilities and to aggregate data, so if an individual system is blocked or detected, the overall attack is not detected. This could also be done for sending data out of a compromised network. In this scenario, a packet is sent to one external host at a time so it is more difficult to detect the overall attack.

To protect against snowshoe spam, an enterprise should validate that its antispam product has functionality to score email messages in many different ways to determine if an email is spam. For example, with some systems, an email can be checked against a blacklist to see if the source IP is known to be malicious. Alternatively, a system could count the number of email messages received from a particular IP address, and when that IP hits a certain threshold, all messages coming from it can be flagged as spam.

Botnet detection could also be used to check whether an email was sent from a botnet. If it was, this would make it quite unlikely the email was legitimate.

Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)

Next Steps

Check out SearchSecurity's latest news and advice on spam and email threats.

Spotting spam is getting easier with reputation-based systems

This was last published in February 2015

Dig Deeper on Email and Messaging Threats-Information Security Threats