Tips to Protect Your Hosting From Incoming and Outgoing SPAM
Millions of emails are sent out every day, but the majority of them still qualify as spam. Many companies use bots and web spy machines that crawl websites and collect personal information, like email addresses. They then save them into a database, which could be later used to blast unsolicited offers for different kinds of products.
This is what spam is actually all about.
Basically, this term encompasses the sending of unsolicited email messages with commercial or other personal intent that is otherwise prohibited.
Why is Spam so Dangerous?
Spamming is not tolerated on the internet. If you use your server to send unsolicited messages, you can get into all kinds of trouble.
At the very least, your service provider will receive complaints that will be forwarded to you. If you don’t handle them properly in due time, your provider has the right to disable access to the server and even cancel your account.
The truth is, no legitimate business needs to resort to spam tactics. There are many other legal means you can employ to grow and increase your client base. Email marketing is one of them. Even though it carries similarities with spam messaging, here you are targeting email addresses that users have voluntarily submitted to you.
What is Spamvertising?
Some businesses and individuals resort to clever tactics when it comes to blasting spam. For example, sending batches of messages from different servers. They do that in an attempt to hide their location and illegal activities.
Here is how it works.
A spammer hosts their business website on Server A. They send out spam from Servers B, C, D, and E, directing visitors to the website on server A.
That is known as spamvertising.
This practice is just as illegal as spamming, and you can be involved in it without even knowing. If a hacker breaches your account or successfully executes a phishing attack, they can infect your website, so it starts spamming on their behalf.
The reason for that is to steal personal information such as credit cards, PayPal login details, or other sensitive data from your site. Another goal is to infect computers with viruses/trojans and other types of malware.
That’s why you must be very strict about the security of your website. As soon as you receive notice from your hosting provider, you can scan your site for malware with a tool such as ClamAV or Maldet. If they’re not able to detect the malicious threat, you will have to manually scan each of your files and remove any malware content you find.
Alternatively, keeping a working backup of your website is always a great idea, so you can easily reinstate it when needed.
What is Mail Spoofing?
Another illegal method often employed for stealing personal information is mail spoofing. Email spoofing is the act of sending email messages with a forged email sender.
Practically, you can use any mail server to send email messages from any email box and pretend you are someone else. The other party that receives your message must have some technical skills to find out something is not right.
But why do people resort to mail spoofing?
Hackers find it quite easy to steal personal information via this method. Unsurprisingly, the most spoofed domain names belong to financial institutions such as banks, payment gateways, big ecommerce websites. Any unsuspecting victim may fall for the trap and enter their PayPal or credit card details, thinking they are providing them to a legitimate entity.
Once acquired, hackers can use your data for illegal purchases over the internet and even identity theft.
How is Spam being Sent?
The largest amount of spam messages comes from compromised servers and websites.
If you have a cPanel reseller hosting account, you must also advise your customers to regularly back up their data and follow essential security practices.
If you opt-in for a virtual or dedicated server, a system administrator should be able to manage this for you. Still, the easiest way is to have a managed VPS where your host will provide the trained professionals to monitor the account for you.
Spammers are getting smarter by the day, and they can now attack any device with an internet connection. For example, one of the latest spamming cases that made worldwide news happened via compromising online cameras.
Hackers scan websites on the internet all the time and run brute force attacks to gain access to servers with poor security. Why? Quite simple, really – it is cheaper to compromise a server and utilize its resources for free rather than paying for your own server.
How Can You Protect Your Website from Spam?
When it comes to spamming, we can outline two main types – incoming and outgoing spam.
Incoming Spam Protection
The easiest and free way to filter unsolicited email messages is by using SpamAssassin.
You can find the tool in cPanel -> Apache SpamAssassin, which is under the Email section. Simply click on the Enable Apache SpamAssassin button. Once you do, SpamAssassin will start scanning all incoming emails before delivering them to your Inbox.
Apache SpamAssassin can automatically remove messages flagged as spam if you want to. You can also configure it to save flagged messages to a separate folder called Spam Box. You can later review them to see if any legitimate email was redirected there by mistake.
If you click on the Configure SpamAssassin button at the bottom of the screen, you will be able to blacklist or whitelist specific email addresses or even entire domain names. That feature is great in case you have trusted senders, and you don’t want to miss a single email from them.
Apache SpamAssassin may not be the best tool for filtering incoming SPAM, but at least it’s absolutely free. If you want to have even better anti-spam protection – you must consider using an enterprise solution.
Another tool you can use to filter unsolicited emails is the Global Email Filters tool which is available in cPanel under the Email section. Once you click on the Create a New Filter button, you will be redirected to a new page. From there, you can add custom mail filters or block/discard email messages based on different factors.
Once you fill in the form and enter how you want the global mail filter to work, you can choose the action your mail server will undertake once the filter conditions are met.
ScalaHosting offers clients another solution that is proven to filter 99.96% of all unsolicited email messages without any extra configuration from your end. This wonderful service is provided by our partners from SpamExperts.
Their advanced system contains multiple servers that work in a cluster with built-in load balancing. If one of the filtering servers fails – another one will continue to filter the emails without any interruption to the service.
Outgoing Spam Protection
If your server sends out spam, its IP address can easily get blacklisted. As a result, no one on the server will be able to send email messages. They will simply bounce back as your server will already appear unreliable to other services.
If you manage a reseller hosting account to host client websites and they can’t send emails – your business will suffer as well.
What can you do to prevent it?
Use whatever tools you have to secure your website and server as much as possible. Install a firewall, invest in premium security software, or simply get a managed VPS service that also includes a dedicated IP address.
Mail Spoofing Protection
To protect your clients against mail spoofing, configure your mail server to detect and reject suspicious emails. If you don’t know how to configure it – contact your system administrator for more assistance.
If you’re a reseller, you can also educate your customers on protecting their domains from being spoofed. The process is actually pretty easy and does not require technical knowledge since you can do it from your control panel.
If you’re using cPanel, click on the Authentication icon under the Email section. Under the SPF option, click on the Enable button in case it is disabled.
That is not everything, though.
Make sure to select the box All Entry. After that, click on the Update button. Things should look like this:
This step is very important as it tells the mail servers that check for SPF records to reject any unauthorized messages. By enabling an SPF record, you authorize which mail servers can send messages from your domain. Keep in mind that not all mail servers do SPF checks but enabling this for your domain adds another layer of protection against spoofed emails.
Spam might be a powerful weapon for online attackers but, luckily, you have plenty of tools and good practices to protect yourself from falling victim. The above guide should give you enough information to start protecting your emails from spoofing, incoming, and outgoing spam.
Any other good practices you like to follow?