How To Avoid Looking Like A Malware Sender

Tonya Gordon
Jul. 22, 2015 by Tonya Gordon

Malware Email AttachmentsI recently was catching up on my email, and I was struck that there wasn’t a single marketing message with an attachment in my inbox. The only notes with attachments were transactional in nature: a receipt from a store I made a purchase from and a voicemail notification from my company’s phone system. Those transactional messages didn’t have any images, nor were they long with a bunch of offers. Sure, there were a few links to their website where I could find marketing offers, but no big call to action beyond the essential transactional purpose of the message.

Now curious, I also took a look at my spam folder. In contrast, it had quite a few messages with attachments that looked to be marketing. Upon further investigation, though, it became very clear that those seeming marketing messages actually contained malware. Yikes.

Now you may think, how does this affect me? “The attachments I send aren’t malware, so what’s the problem?” Simple: you might be lumped in with the bad guys because receivers will judge you guilty by association. Anything you do that looks even slightly like the behavior of malware spammers will hurt your deliverability. In this post, I’ll look at some popular techniques used by these bad actors.

Malware_1

First and foremost, the bulk sending of non-transactional messages with attachments has become a clear indicator to ISPs that your messages have a high risk of being malware. It’s hard to understate what a significant problem computers infected with malware have become for ISPs. When a PC gets infected, it’s often used for sending more spam, which harms the ISP’s reputation, eats up bandwidth, and degrades their network for their customers. When an ISP permits marketing or other bulk senders to send attachments, they’re taking a very sizable risk of exacerbating this problem.

Forewarned and forearmed, I picked apart the header of a message that purported to be from a well-known sender, USAA. However, I immediately noticed a major red flag: a lack of authentication. SPF failed, and there was not a DKIM or Domain Key Signature. It is important to do both SPF and DKIM authentications in order to get into the inbox. ISPs have made it clear that without it, you’re fighting an uphill battle, and at high likelihood of being disposed of as spam.

Malware_2

SparkPost understands the importance of authentication and therefore signs with SPF and goes the extra step of signing with DKIM for the sending domain as well as the SparkPost domain.

Malware_3_4_5

Moving on from the message headers of this spoofed USAA message, I saw that this spammer was trying really hard to convince me to open the attachment. Sure, the imperfect grammar was a good warning that something wasn’t legit, but a recipient who is a USAA member, and perhaps not reading carefully, just might fall for it—and then, boom, the spammer’s mission is accomplished. Those of us in the business may be a little jaded, but if this technique weren’t effective, it wouldn’t still be around after all these years. It’s a major reason ISPs have become more and more strict about blocking bulk messages with attachments.

Malware_6

As we saw, the example malware spam above was sent in mass, without authentication, and with an attachment. To maximize deliverability legitimate senders should strive to look as different from that profile as possible. In most cases, it is far better to send an email with no attachment and instead include a link for your recipient to click to access the content you otherwise would have attached. But, if you do find yourself unavoidably in need of sending attachments there are a few key things to keep in mind:

  1. Don’t send attachments in bulk. Instead, send them only in response to transactions initiated by your subscriber. If a subscriber is expecting an email, they are more likely to locate the message and open it, even if it’s in the spam folder.
  2. Don’t include images or marketing-centric calls to action. It’s OK to reference offers and point them to your site, but be careful not to look like you are attempting to slide in the attachment with a marketing message.
  3. Don’t send apps or executable files, as they will be blocked instantly. There is a host of file types that are not allowed by ISPs. Do some advance testing to make sure what you are sending will be accepted by the ISPs you are sending to.
  4. Watch your grammar and spelling. Content is looked at very carefully when sending attachments.
  5. Authenticate! This is a best practice when sending any message, transactional or commercial.

Even when following these best practices, you may still find yourself in the spam folder. If that’s the case, it may be best to throw in the towel and try another approach—like using a file-hosting service to handle the attachment.

Related Content

Send an Email to Santa

We’re making sure your holiday wishes make it to Santa’s inbox this year! Email Santa your holiday wish and SparkPost might make it come true!

read more

How To Read Email Headers

Email headers host a treasure trove of information. Learn how to read them and understand more about the mail you're sending and receiving.

read more

10 Steps to Email Deliverability for Beginners

Email deliverability doesn’t have to be a mystery. Get our easy, step-by-step guide on deliverability for beginners and be on your way to sending success.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and get started for free.

Get Started

Send this to a friend