In our 2014 Threat Report, we noted that snowshoe spam was gaining popularity amongst spammers using new techniques to evade detection and sneak through loopholes in anti-spam laws. Over the last several months, we’ve noticed the volume of snowshoe spam continuing to build at a tremendous pace.
Snowshoe spam is essentially unsolicited bulk email. And it’s been effective, because like a snowshoe, it spreads the load across a large area. In this case, distributing spam across a huge range of IP addresses many of which are used briefly, and only once, sending out massive volumes of spam in very short bursts. The temporary aspect of these campaigns has also given rise to the term ‘hit-and-run’ spam. Naturally, this technique makes it challenging for filters to determine spam based on reputation.
In addition to this, spammers are also getting increasingly creative and sophisticated with the content of their spam messages, striving for exacting duplication of legitimate bulk mail or using randomization techniques to evade detection. This has the added impact of making it challenging to separate unsolicited mail from solicited mail based on content.
And in many jurisdictions, including the US and many others, this type of spam is actually legal. Unfortunately, where regulations exist, they often only require an opt-out, making it terribly easy to spam and remain compliant. And as you might expect, while most snowshoe spam offers an unsubscribe option in accordance with regulations it’s never adhered to (or they may simply remove you from one list and add you to another).
So what can be done?
Do we just surrender to the spammers and let our email inboxes fill with junk? Of course not. It’s going to take a concerted effort on behalf of regulators, ISPs, email security companies, and even end-users to put the brakes on snowshoe spam.
At Sophos, we use a variety of sophisticated technology to identify and block the latest spam and we’re continually investing in threat research and new spam detection techniques. As an example, we’re looking at ways we can extend reputation filtering, but not just by blocking senders with bad reputation. We believe it’s also necessary to consider known senders of good reputation, and more importantly, identify messages originating from senders with little or no reputation for deeper analysis, as it’s those messages where the vast bulk of snowshoe spam lurks.
You can also do your part in keeping your email addresses protected from becoming spam targets. Don’t use your primary business email to sign up for offers, newsletters, website accounts, or anything else online. And also be sure not to share it or publish it on social media, blogs, forums or other discussion groups.
Ultimately, stronger legislation will also be required. In Canada, where I live, we’ve recently implemented new legislation that requires an explicit ‘opt-in’, and it’s working! So whether you’re inundated by snowshoe spam or not, you can help by reaching out to your local legislator and demanding better regulatory protection.