Natalia Merzlyakova - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does snowshoe spam evade spam blockers?

Spam can use a process called 'snowshoe' to evade spam filters. Enterprise threats expert Nick Lewis explains how to block snowshoe spam.

Can you explain how the process called snowshoe helps spam evade antispam products? Is there anything my enterprise should implement to prevent this sort of spam?

In snowshoe spam, a spammer uses a large number of IP addresses -- most likely from a botnet or other compromised systems -- to send a small number of spam emails to a particular system while not exceeding the per day, per IP or other limits the email system has in place for detecting and blocking spam.

This same snowshoe technique can also be used to conceal the source of an attack. A large number of systems could be used to scan for vulnerabilities and to aggregate data, so if an individual system is blocked or detected, the overall attack is not detected. This could also be done for sending data out of a compromised network. In this scenario, a packet is sent to one external host at a time so it is more difficult to detect the overall attack.

To protect against snowshoe spam, an enterprise should validate that its antispam product has functionality to score email messages in many different ways to determine if an email is spam. For example, with some systems, an email can be checked against a blacklist to see if the source IP is known to be malicious. Alternatively, a system could count the number of email messages received from a particular IP address, and when that IP hits a certain threshold, all messages coming from it can be flagged as spam.

Botnet detection could also be used to check whether an email was sent from a botnet. If it was, this would make it quite unlikely the email was legitimate.

Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)

Next Steps

Check out SearchSecurity's latest news and advice on spam and email threats.

Spotting spam is getting easier with reputation-based systems

Dig Deeper on Email and Messaging Threats-Information Security Threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

4 comments

Send me notifications when other members comment.

Please create a username to comment.

Which spam detection tools and techniques do you rely on?
Cancel
I mainly rely on the IBM Security Software Development kit to analyze my content. This protects me and my clients from spam, as well as malicious and inappropriate web content. This kit essentially employs an updated URL filter base to provide me with accurate analysis. It also offers me an application programming interface for efficient integration and flexible configuration,which helps me in achieving impeccable filter quality that is essentially greater than 99%.
Cancel
Enterprises should have a way to scan email messages to determine if it’s a spam. Snowshoe technique tries to conceal the source of an attack.
Cancel
It's a vicious cycle. We build bigger and better walls to block spam to stop phishing threats and other attacks and those that want to do bad just look for the cracks.  I believe it a game we will never win. We just need to keep making it tougher for them to get in.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close