I / NetWarden.net / WebTerritory.net website don't send out any email, except to customers and the emails are never unsolicited advertising (they are already customers). However I get 'bounced' emails (of emails that I never sent) everyday saying that my email has been blocked by an email filter because it was spam or sometimes I get the odd email from a live person that 'directly' tells me to stop. This also happens even with email addresses that are never used for sending e.g. form input addresses or addresses that don't even exist however has one of my domains after the '@' symbol.

This is due to some cleaver spammer that made a BOT (or hired a programmer to make one) that infects other computers, riffles through the victims address book and send out spam based on those addresses or even worse send the addresses back to the spammer to add to his live email database to sell to other spammers.

If you received one of these emails that appear to be from me or one of my clients or websites, however never heard of it before today, good chance that it is a spoofed email message containing spam.

Warning: Some emails look like something helpful, but really is a virus in disguise! Never open, follow any links or click within a suspect spam message, it is safer to just delete it. If it looks legitimate, ask the sender first (the from address should be available without having to reply to or open the message). BTW: Always make sure your anti-virus is checking all email and is up to date.
 

Regular users can stop here.
 

It is not good if anyone's legitimate email get blocked, because a filter/user added their email address or domain to a black list because some spam BOT on multiple zombie systems has spoofed it (these bots send out thousands of spam emails using someone else's network/address/domain). Email address/domain black lists don't work, global blacklists of this type cause more damage than good, this is because spammers rarely use there own networks, domains or addresses!

Attack the spam, not the email address. Spam should be treated like malware (viruses), email should be scanned for black list spam patterns in content and/or title not email addresses. Users can choose what keywords (and/or links to ad domains) they use to reject email or if the email contains typical spam ploys (body is only images or a 1 pixel image or has invisible text, etc.) it is automatically rejected. Just like anti-virus programs, anti-spam programs should update using a spam signature file or global blacklist of spam patterns and this file can be updated by adding patterns that are commonly found to be spam by the users. Users can also keep a keyword white list as well, a senders name in the text body or if they are looking for something and want messages about it.

If such an anti-spam program exists, please let me know, if not please take this challenge and develop one.

Wayne D Schulz,
NetWarden.net / WebTerritory.net
 

First problem - I am getting tired of dealing with messages from filters that send out email that does nothing but say the message has been blocked. Don't get me wrong, It is a good thing that any spam email that is spoofing my email address or domain gets killed before it reaches a live user (I don't have to deal with the hate mail from users that think I sent it), however sending notice of it is totally pointless. Spammers and bots are not going to care, the victim of the address spoof won't be able to do anything with it (only make them worry about it), and it just adds to the network congestion.

second problem - It is not good if my legitimate email get blocked, because a filter blindly added my email address or domain to a black list. Black lists based on email address/domain don't work, spammers never use there own networks, domains or addresses anymore.

A problem designed by a clever spammer needs a clever yet simple solution!

I have an idea, why not filters that when it receives an email suspected of being spam it holds it and sends a link (and message ID) to the sender/reply address to visit the filter's web page for sender verification. If the sent verification email bounces back as unknown user or invalid address, it knows the received email is bogus and kills it. If sends successfully, however no visit in 10 days, it kills it. If the sender does visit the page, he/she has to type in a code that is on screen that is only human readable. If successful the email message is delivered. If the sent verification message is received by a sever that is also running the same or compatible filter, it checks it's send log (for matching message ID), if so lets the verification message in for the sender to verify, if not, bounces the verification message allowing the first filter to dump the spam message.

This would work, spammers are not going to manually verify thousands (not even hundreds) of sent emails. If all email servers had this system, spam could be history.

If you have comments or suggestions on this please let me know.

Wayne D Schulz,
NetWarden.net / WebTerritory.net