6LfOo-8UAAAAAM0gCOx1UxKqjWy3yBetFhcL_Bnh

Tips on blocking business email SPAM

by | Email, General, Help, Security

Background

Depending on the type of business email system you have there are many ways to block spam. Most business level email providers have some sort of built in filtering system. A common hosting platform that provides email is Cpanel. Your Cpanel email system may be invisible to you. Many people view email using an email client like Outlook, Thunderbird, MAC Mail or some app for their smartphone.

The filtering tools offered by your email client can be limited. It is best to find the source of your email. Is it a Cpanel version, Hosted Exchange or some other interface. Once you know what you are really working with you will have a better grip on how to deal with SPAM. Contact your service provider to find out what system you are on if you do not already know. Find out what general Junk email filtering tools are provided.

SPAM Categories

I classify Junk mail into three categories. There are more but I use a simple 3 category rule. You can read about all the classifications here on Wikipedia Spam Email.

First is industry specific Junk mail. Let’s say you own a restaurant. You likely get food and restaurant equipment related Junk email. Normally this is due to signing up for things that require your email address like online purchases.

Second is general Junk / SPAM email. This is the type that covers a wide spectrum. This type of SPAM may include but is not limited to Sex and Dating, Shopping, Health related issues, Travel and so on.

Third is dangerous Junk mail. This is the type of email that may contain a virus or links trying to gather information like passwords or even to get you to change your domain name provider. The problem is to the untrained eye these emails can look legitimate. The only advice I can give here is DO NOT CLICK anything that you are not 100% sure of. Do not even allow images to come through if you are not sure of the sender.

Prevention

The old saying that an ounce of prevention is worth a pound of cure is appropriate here. There are a few simple rules to follow.

Never use your actual email address unless you have to.

Throwaway Email

Let’s suppose you need to enter your email, confirm a link that will be sent to you and never use that email address again. Simply go to http://www.throwawaymail.com/ get a temporary email, use it and wait for the email link to come in. Once your are done confirming you can simply leave the page.

If you need to login to a website and want to be able to retrieve a forgotten password via email get a secondary free email account. Services like Gmail, Hotmail, Yahoo etc are available for this purpose. I have a hotmail account I use all the time just for this purpose. You may need to login once every 6 months or so to keep the email account active. I just empty my folders and leave.

Never put your business email on your website.

In the old days it was common to put your email address out where anyone could click on it or see it. However, spammers started using robots to crawl the web looking for email addresses. Today you should use a Contact Form. This not only hides your email address from spammers (if done correctly) it keeps your customers emails organized with fields you want filled out.

If you have your email address out there now, remove it as fast as you can. If you must have it on your website try to use an email obfuscator. These do not always work so this is a last resort. You can try this free one from Cloudflare.

Filtering Email

Almost every business email account is going to have some type of filtering tool(s) built in. The issue is how to deal with the emails that your built in filters miss. There are too many business email types to go into great detail here. However, I will outline some general filtering rules and techniques.

Industry specific Junk mail. Most of the time you will have a Remove link at the bottom. I do not suggest using this for all types of Junk email.  For industry specific Junk email I would use the Remove or Unsubscribe link if the business is one that you know. Any reputable company is not going to want to get reported as sending SPAM. If the remove feature does not work you should complain directly to the company sending the email.

If you are getting industry specific email from a company you do not know use your Block, Junk or Spam button in your email client. Many times clicking an Unsubscribe or Remove link only confirms to the Spammer that your seeing their Junk. Treat this type of Industry specific SPAM email like general Junk email.

General Junk email. This type of email can get out of hand. Most of us can handle a few a day. If too many are getting to your inbox there are filtering options / rules in most email clients like Outlook. The most common use is to simply block a specific email sender or specific words in a subject like Viagra, Diabetes, etc. This does not always work since Spam emails might be coming from various email addresses and contain various subjects. You can’t block them all.

One of the most overlooked rules you can set is related to Headers. That is because most people do not look at nor would they understand email headers.

To see your email headers you must find a link that says something like View Message Source or View Headers etc. I’m not going to lie. This can be daunting to many people. However, the rewards are worth it. Do not worry about what you do not understand and focus on what you do understand. I’ll paste in an example below from an actual Spam email. I’m removing my email address. This is only a partial header as they can get very lengthy.

Content goes x-store-info:CnuewmGKkJzNjuOw4Ko28wB3rXpWYbsxHH4OTdNpFeCDf1Bv8rNlNP/ebbuszuqHp282LsyI0lt2F41fjOtNTdOqPXbR1vpTqwTume+fe+kExDKDad8XDKKE0A1rCq4m3MScz4D6JtY= Authentication-Results: hotmail.com; spf=pass (sender IP is 213.246.56.210; identity alignment result is fail and alignment mode is relaxed) smtp.mailfrom=fdgsgdf@tyahan.tetraautomotive.com; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=account.microsoft.com; x-hmca=none header.id=account-security-noreply@account.microsoft.com X-SID-PRA: account-security-noreply@account.microsoft.com X-AUTH-Result: NONE X-SID-Result: NONE X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MjtHRD0xO1NDTD00 X-Message-Info: 7FmAUICozuvZue0+2WUkwYrQo9KMuKCxHT/zrpff1asBWS2biQXTXzpmHUgovY1qYkmrgfZElAT22ImEunqkE3HjCel4mV5QeLBrP422KjUX/GgdZ3u7r+a3BeXt8QHgzV3clbnwbOyx5Y7jEVo2TqzT/5iVeIzlq5rFr2Q5wn6g9hydLYE1Qq/LE5AsldUpWOwOfzyiL+RSmVZum9+0ZTV7hJqF8kSp Received: from tyahan.tetraautomotive.com ([213.246.56.210]) by COL004-MC6F15.hotmail.com with Microsoft SMTPSVC(7.5.7601.23008); Mon, 4 May 2015 09:19:06 -0700 Received: from localhost (127.0.0.1) by tyahan.tetraautomotive.com id h8udvk16lt0e for <myemail@mydomain.com>; Mon, 4 May 2015 12:19:05 -0400 (envelope-from <fdgsgdf@tyahan.tetraautomotive.com>) Subject:lubyg: =?UTF-8?B?WW91ciBJbnZpdGF0aW9u?= From:=?UTF-8?B?R2xvYmFsIFdobydzIFdobw==?=<account-security-noreply@account.microsoft.com> Reply-to: <fdgdfgdf@tyahan.tetraautomotive.com> To:myemail@mydomain.com Date: Mon, 04 May 2015 12:19:05 -0400 Content-Type: text/html; charset=us-ascii; Return-Path: fdgsgdf@tyahan.tetraautomotive.com Message-ID: <COL004-MC6F15YP0QzB0006d926@COL004-MC6F15.hotmail.com> X-OriginalArrivalTime: 04 May 2015 16:19:06.0238 (UTC) FILETIME=[0B0549E0:01D08686]

In the above example you will see the from email address. You may or may not notice that these email addresses do not look right. To block any email coming from any variation of that email address you would want to make the rule:

If any message header contains tyahan or tetraautomotive then send to Junk folder. That is not all. You may have also noticed the Sender IP. In this particular case the IP address is coming from France. You can look up IP address locations at this web address:

http://whois.domaintools.com/

results in the following:

http://whois.domaintools.com/213.246.56.210

If most or all of your business emails should be coming from a particular country like the USA you can safely block the IP range rather than just that IP address.

You may notice in the page above there is an line that says inetnum: 213.246.56.0 – 213.246.57.255. If you block 213.246. you will block everything coming from that range which will all be outside the USA. Use a similar rule to the one I outlined above. If any message header contains 213.246. move to Junk.

There are other unique items you can look for in email message headers. However, this can get risky if you do not know what you are doing. There are too many possibilities to go into in this blog article.