Web Hosting and Web Application Services are a means for committing email fraud. Having said that, it is also important to note that due to the constant monitoring and countermeasures adopted by web hosting services, email fraud is within control and can be detected and prosecuted easily. Web hosts work very hard in preventing their services or software from being used as a launchpad for illegal and unethical activities. This article explains how web hosts contribute towards making the internet a safer place by securing email services.
Email servers and web servers come with a wide array of authentication systems, which prevent illegitimate access to email and other related services. Hosting Servers implement multiple security measures to prevent malicious or dangerous emails from circulating on the internet, but more often than not, it is due to the client’s negligence and carelessness that such incidents occur. Among other things, servers ensure that when a mail is being sent out, it is authenticated i.e. it is confirmed by a user whose account is existing on the server. The user must authenticate the email with his email address and password. Only after the email has been authenticated will the mail be sent out through the server. Similarly, even if a person is sending mails out through a website contact form, the contact form also needs to be able to authenticate the email so that the email is delivered by the server. This type of SMTP Authentication, ensures that only legitimate mails which have a seal of authenticity can be sent out.
For incoming email, hosts implement some interesting techniques to curb suspicious or malicious mails. Even before the email is delivered to the recipient server, a connection is made from the sending server to the receiving server. At this time a check is done which runs the IP Address of the sender through a blacklist which contains a list of known spam sources or known malicious IP Addresses. If the IP address comes clean, then the rest of the connection and the subsequent email message is allowed to go through. If the IP address is listed on the blacklist then the receiving server will immediately drop the connection and stop accepting any further information from the sender. This prevents the sender from even making a proper connection to pass on any information, if his IP Address is blacklisted. This saves on the entire process of filtering the email, segregating it and generating a bounce message from the users spam filter settings. It saves on CPU time of the server and also helps minimize time wastage in rejecting junk mail.
When an email is received on an email server, web hosts usually send the email through a spam filter, which scans the email for suspicious content and gives it a numeric rating. Based on the numeric rating, the email may bounce back to the sender, or be marked as SPAM and sent to a spam mail folder in the recipients mail account, or the message maybe put through a second level of user defined filters or may be successfully delivered if it is clean. The spam filter software scans the headers of the message and the message body along with attachments, to determine the possibility of the mail being spam or illegitimate. Certain suspicious keywords, like “loan” or $$$ or “millions” or even a standard salutation like “Dear XYZ” can give a bad rating to the mail. If the mail originates from a free email account, it gets a few points lower than if it comes from a private domain name. If the mail contains any prohibited attachments or suspicious file extensions, the message is rejected. If there are too many links or numbers in the mail or special characters, the rating will be bad.
Besides the automated systems, server administrators need to regularly monitor the network activity for any suspicious or anomalous behavior. Spike in email traffic, a sudden bandwidth spurt or even a large number of login attempts to an email account could mean the start of an attack and could cause downtime. If detected early, the appropriate security measures can be taken to ensure that the attack is contained or throttled. Spam mail is usually sent through compromised accounts, to lists that are harvested from the internet. By capping the number of emails that can be pumped out from an account or by restricting accounts based on delivery success rate, web hosting companies can successfully reduce the amount of email offences. However, a balance needs to be struck between genuine limitations and convenience of use for clients.