Natalia Merzlyakova - Fotolia
Can you explain how the process called snowshoe helps spam evade antispam products? Is there anything my enterprise should implement to prevent this sort of spam?
In snowshoe spam, a spammer uses a large number of IP addresses -- most likely from a botnet or other compromised systems -- to send a small number of spam emails to a particular system while not exceeding the per day, per IP or other limits the email system has in place for detecting and blocking spam.
This same snowshoe technique can also be used to conceal the source of an attack. A large number of systems could be used to scan for vulnerabilities and to aggregate data, so if an individual system is blocked or detected, the overall attack is not detected. This could also be done for sending data out of a compromised network. In this scenario, a packet is sent to one external host at a time so it is more difficult to detect the overall attack.
To protect against snowshoe spam, an enterprise should validate that its antispam product has functionality to score email messages in many different ways to determine if an email is spam. For example, with some systems, an email can be checked against a blacklist to see if the source IP is known to be malicious. Alternatively, a system could count the number of email messages received from a particular IP address, and when that IP hits a certain threshold, all messages coming from it can be flagged as spam.
Botnet detection could also be used to check whether an email was sent from a botnet. If it was, this would make it quite unlikely the email was legitimate.
Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)
Check out SearchSecurity's latest news and advice on spam and email threats.
Spotting spam is getting easier with reputation-based systems
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading