How to be a spammer

JD had a comment on my Valentines day semi-fluff post, that really summed up the reality for senders. He said

Make sure your mail doesn’t look anything like spam — not just in the text and formatting, but in all of your mailing practices.

Good advice, your mail will not be blocked if it does not look like spam. What kinds of things do I mean? Here are things that spammers do, that often non-spammers do as well.
Ignore bounces. One of the absolute quickest ways to get blocked is to keep sending mail to non-existent addresses. Purge your lists, make sure you are removing those addresses that will never deliver.
Hide contact information. Do not use a domain privacy service, put your real business address in your whois records.
Fake contact information. Do not use blatantly fake information in your domain registration. Register your actual business address. Do not use 555-xxxx phone numbers.
Use free or very low cost vendors. Do not use free or advertising supported vendors for your webhosting, mail hosting, or DNS. Geocities hosted webpages, mydyndns.org hosted name servers, freemail addresses (aim, gmail, hotmail, yahoo addresses), these are ways spammers get around blocks.
Shift IP addresses. If you get an IP address blocked, for any reason, do not just start mailing from another IP. Figure out what the problem is and fix it. Skipping around blocks is what spammers do.
Mail from many different places. Do not send emails from a diverse set of IP addresses located all over the world. Spammers spread their sending out in order to dilute their spam metrics to avoid threshold based blocks. They have done this so often there is even a term for it: snowshoeing.
Use bad HELO values. Many botnets and spam infected windows machines use badly formatted or incorrect HELO values. Use a fully qualified domain name, in your domain, for a HELO value.
Use generic rDNS. Set a reverse DNS value for your IPs that does not contain the IP address or otherwise look programatically assigned.
Use incorrect HTML. Spammers hide text and use fake HTML tags in order to avoid content filters. Consequently, filters check HTML against the HTML specification.
Send different HTML and text in multipart/alternative email. In addition to using badly formatted and fake HTML, spammers put drastically different text in the text portion of HTML emails. Filters check for this and if too many differences between email parts makes mail look like spam.
Send no text part in HTML email. Spammers do this to avoid the above two filters. Do this and you look no different than they do.
Use multiple corporate identities. If you have separate divisions or brands that is one thing, but often spammers set up completely separate companies and conceal the relationship between those companies.
All of these things are spammer tactics meant to confuse, fool, deflect and avoid filtering mechanisms.
How many of them does your company do?

Related Posts

Blocklists and standards

I received a comment this morning on my post about e360 v. Spamhaus, which I think brings up a point that deserves a post of it’s own. Skinny says:

Read More

Wired editor has enough spam!

Seth Godin links to a post up over on The Long Tail about spammers who send PR mail to Chris Anderson, an editor at wired. Apparently lots of people send automated email to the editor of Wired hawking their latest and greatest product, service or photos.
In response to this overwhelming amount of mail, Chris has instituted a new email acceptance policy. He says

Read More

Yahoo and Spamhaus

Yahoo has updated and modified their postmaster pages. They have also put a lot of work into clarifying their response codes. The changes should help senders identify and troubleshoot problems without relying on individual help from Yahoo.
There is one major change that deserves its own discussion. Yahoo is now using the SBL, XBL and PBL to block connections from listed IP addresses. These are public blocklists run by Spamhaus. Each of them targets a different type of spam source.
The SBL is the blocklist that addresses fixed spam sources. To get listed on the SBL, a sender is sending email to people who have never requested it. Typically, this involves email sent to an address that has not opted in to the email. These addresses, known as spamtraps, are used as sentinel addresses. Any mail sent to them is, by definition, not opt-in. These addresses are never signed up to any email address lists by the person who owns the email address. Spamtraps can get onto a mailing list in a number of different ways, but none of them involve the owner of the address giving the sender permission to email them.
Additionally, the SBL will list spam gangs and spam supporters. Spam supporters include networks that provide services to spammers and do not take prompt action to remove the spammers from their services.
The XBL is a list of IP addresses which appear to be infected with trojans or spamware or can be used by hackers to send spam (open proxies or open relays). This list includes both the CBL and the NJABL open proxy list. The CBL list machines which appear to be infected with spamware or trojans. The CBL works passively, looking only at those machines which actively make connections to CBL detectors. NJABL lists machines that are open proxies and open relays.
The Policy Block List (PBL) is Spamhaus’ newest list. Spamhaus describes this list as

Read More