Although they are annoying as hell, one thing has to be said about spammers. They are inventive in finding new ways to avoid spam filters. The snowshoe spam attack is one such “inventive” way to avoid spam blacklists.
What is the Snowshoe Spam Email?
The first instances of snowshoe spam emails date back to 2009, but the technique gained momentum in 2014. At least, it seems that cybersecurity professionals started to pay more attention to it then.
So what exactly is snowshoe spam, then?
This is a spamming technique where the spammer uses a wide array of IP addresses and domains to spread out his spam. What this does is that it allows spammers to trick and often evade spam filters and allow some of their unsolicited emails to reach users’ inboxes.
Imagine spam filters as being a thin layer of snow and ice. Normally, if you tried to step on some ice in your regular shoes, the ice beneath you would crack from your weight, and you would fall into the freezing water. Brrr.
In comes the genius invention known as the “snowshoe”. This stylish shoe spreads your weight to a much larger area than a regular shoe. Thanks to that, you don’t end up swimming in ice-cold water.
Snowshoe email works on the same principle. Spread the spam through multiple IPs and avoid spam filters.
How to Prevent a Snowshoe Spam Attack?
Unfortunately, as many victims of a snowshoe spam attack can tell you, this spamming technique can be very effective.
Snowshoe spam often looks like a legitimate bulk email. Remember that this is a technique from 2009. Bulk email was still a legitimate and widespread email marketing technique. Today, that’s no longer the case for the most part, and even completely legitimate bulk email might lead to getting your email flagged as spam.
There is an important distinction between legitimate bulk emailers and snowshoe spammers.
The IPs used by the first have allocated SWIP, and they normally come from legitimate companies.
Spamshoers will use unallocated SWIP (Shared Whois Project) or, if they do use allocated ones, it will be to very small companies that no one has heard about.
Another problem with detecting snowshoe spam emails, particularly in the United States, is that snowshoe spammers often don’t violate the CAN-SPAM Act. They will use their domains and include a P.O. Box, thus meeting the requirement to have a postal address.
Furthermore, snowshoe spam techniques work much better where opt-out is required (the US) rather than opt-in (the EU). This is because even though you will often find an unsubscribe option in a snowshoe spam email (again, talk about craftily “adhering” to the regulations), snowshoe spammers will either ignore your unsubscribe request or, if they remove you from an email list, they will add you to another.
Fortunately, organizations have started working toward a solution to stop snowshoe spam almost as soon as snowshoe spamming first reared its ugly head.
In 2009, the Spamhaus Project announced the Spamhaus CSS, or the Spamhaus Composite Snowshoe list, “available to detect and respond more quickly to IPs emitting snowshoe spam.”.
The good news is that snowshoe spamming is not that easy to set up. Spammers usually need access to a wide array of IP addresses and domains to better spread their load.
This is often their (spammers) undergoing. Legitimate businesses, you see, don’t normally use a wide range of IP addresses when sending emails. For them, it’s very important to show who owns the originating domain and that’s how they show their integrity.
Snowshoe spammers, on the other hand, don’t do that and instead want to avoid detection and make it harder to track down the domain owner.
However, depending on the domain registrar and the TLD, it is often easy to buy multiple domains for cheap. This does aid customers, but also helps spammers.
Of course, the problem is also that you might be flagged and end up on a snowshoe spam blacklist even if you are not guilty of it. That might happen if you are trying to beat filters and rate limiters or use multiple domains.
To avoid your legitimate email being mistaken for a snowshoe spam email, it’s best to use as few IP addresses and domains as you can, and if you need to, use subdomains and not multiple domains. That way, spam filters won’t mistakenly recognize your email as snowshoe spam.
Conclusion
Snowshoe spammers often hide behind anonymous email services to avoid tracking and detection. This makes it more difficult to report abuse against them.
It’s sad that so many anonymous email services turn a blind eye to spam and do little to nothing to prevent their service from being used for it. Here at Schleuder, we have a very strong anti-spam and anti-phishing stance.
We want our legitimate users, i.e. journalists, whistleblowers, or cannabis buyers, to feel safe using our email service, not spammers. We have zero tolerance for email abuse and spam.
If you happen to find our email service being used for abuse like snowshoe spam, for instance, please forward the abusive message to abuse@Schleuder.com. We will take the necessary steps to investigate and take appropriate action.
Ready to take back your privacy with a legitimate, secure email provider? Sign up for Schleuder: Armored Email!