www.Tutorialsforu.info

Free Tutorials Cave

  • Increase font size
  • Default font size
  • Decrease font size
Your Ad Here



Fundamental Anti-Spam Techniques - Page 2

Saturday, 10 November 2007 14:17
E-mail Print
Article Index
Fundamental Anti-Spam Techniques
Page 2
All Pages
Page 2 of 2

Email Client Filtering

The capability to filter in the end user email client software is a method used throughout this book to help identify the modifications that anti-spam software makes to messages. The changes to email messages are usually either the addition of a header or headers indicating a spam score and other information or modifications to the subject line of the message. Chapter 9 includes coverage of how to configure popular email clients for use with the server-side solutions outlined in this book.

Distributed Collaborative Filtering

These systems calculate checksums of every message processed and place the result into a database. Then, each time a particular checksum is encountered, a counter is incremented. If the count for a particular checksum (email) is high, then the message is probably either a legitimate mailing list message to a large number of recipients or a spam message. In the case of a mailing list message, the sender can be whitelisted so that the message does not get misclassified as spam.

It is important to understand that Distributed Collaborative Filtering (also called Distributed Checksum Filtering, or DCF) systems do not identify messages as spam or non-spam. They simply count the number of times a message has been seen by a particular set of email systems and report that count appropriately. The DCF method is very good at what it does, but the system needs to be deployed as part of a larger anti-spam solution, or else a high rate of false positives will likely be encountered. Mailing messages will often be treated as spam unless some sort of whitelist is used with a DCF solution. Chapter 6, "Distributed Checksum Filtering," contains coverage of two common distributed collaborative filtering systems: DCC and Vipul's Razor.

Sender Verification

Sender verification is a broad category of techniques that require some action on the part of the sender in order to prove that the sender is not a spammer and that the message is not otherwise undesirable (such as an electronic virus). Numerous types of sender verification systems are available; we cover the following types in Chapter 12, "Sender Verification."

Challenge/Response

This method requires the receiver to send some sort of an acknowledgement back to the sender before the sender is able to view the message. Many email recipients won't respond to challenge/response systems. Another issue is the "chicken and the egg" problem, where two people who use challenge/response systems want to communicate with each other for the first time without any other method of communication. This is a difficult, if not impossible, situation to address with the challenge response solution.

Tagged Message Delivery Agent, Active Spam Killer, and Camram all have support for challenge response. They are covered in Chapter 12.

Special Use Email Addresses

One way to reduce the amount of spam is to generate special-purpose email addresses. Some MTAs (qmail in particular) make it very easy to generate email addresses on the fly that effectively can be one time (or special) use. Tagged Message Delivery Agent also has support for special-purpose email addresses.

Sender Compute

In the sender compute model, a recipient requires the sender to calculate an algorithm and send the result back to the recipient, usually in the form of a web page or special email header in the original email. This method is often called "proof of work" or "Internet postage," although the latter term implies money transferral, which doesn't happen in the sender compute model. Camram (covered in Chapter 12) contains support for the sender compute model, as well as challenge/response and a GUI interface to CRM114 (a highly accurate Bayesian classifier).

Other Anti-Spam Methods

The following methods are less effective in general and therefore less useful for most organizations. However, they may be useful for some people in some cases. They are not covered elsewhere in this book, except peripherally or in an appendix.

Reporting Spam

For the benefit of all who use email, it is a good idea to report spam. Although this is an after-the-fact method, it can reduce the amount of spam that everyone receives in the future. One of the best-known sites for reporting spam is http://spamcop.net. This and other ways of reporting spam are covered in Appendix B.

Charging per Email

Some people have suggested charging all senders per email message sent. This would require significant changes to the underlying email transfer protocol and would have to be addressed by a change in the SMTP protocol itself. Also, this idea brings up all of the usual issues related to handling moneydetermining who handles transferring funds from one party to another, settlement, escrow, and so on.

Third-Party Anti-Spam Solutions

A number of commercial anti-spam solutions are available on the market. Unfortunately, we can only cover a couple of types and solutions here.

Anti-Spam Services

Symantec Brightmail and Postini are anti-spam services where a subscribing organization's mail streams are "washed" of spam by the vendor's service. The resultant "cleaned" email stream is forwarded to your regular email infrastructure for delivery to the end user. Any messages identified as spam end up in a quarantined area on the vendor's infrastructure. Both Symantec and Postini claim patents on their respective solutions, which makes them unique. The benefits of using an anti-spam service like these include

  • No hassle for the IT department

  • No infrastructure to manage

  • No impact on the email infrastructure for blocked messages

The negatives of using anti-spam services include

  • Quoted accuracy rates of both products are below CRM114 and other Bayesian-based analysis programs, although this likely is due to the conservative marketing approach rather than the actual accuracy of the anti-spam services

  • Most services require "sidelining," where the email user must go to a web site to view spam and potential false positives.

For some organizations, a service-based solution is precisely what is needed. They are certainly worth considering when shopping for anti-spam solutions.

Anti-Spam Appliances

These devices are similar in nature to firewallsthey are standalone single-purpose devices that, instead of protecting your network from security events as firewalls do, protect your network from spam. McAfee, Inc. makes its SpamKiller anti-spam product available in an appliance product that can be extended to include its anti-virus products. Also, some firewalls have built-in anti-spam capability as well.

Some examples of products in this area include Ciphertrust Ironmail and Mirapoint. Benefits of anti-spam appliances include

  • One platform for managing anti-spam functions

  • Less headache for IT staff

Additional benefits of combining anti-spam with other security functions such as anti-virus or firewall include

  • Reduced box count and management overhead

  • Improved security policy enforcement

Of course, the downside to such devices is their potentially lower spam identification accuracy, flexibility, and cost. A big negative to anti-spam firewalls is the fact that it is much more difficult to swap out individual anti-spam components and replace them with higher accuracy techniques.



<< Prev - Next

 

Subscribe By Email

Enter your email address:

Delivered by FeedBurner

Translate

Donate

Development & maintainance needs time & money.
With your donation you can help us to keep this project alive
Donate:
  Monthly Monthly
Currency
Amount