May 29th, 2003, 02:11 PM
The best approach to combat spam
My mail server has an anti spam feature that enables it to scan the body content of any incoming mails for certain words. And, when it founds them the email is either rejected or deleted.
Now, I began to realize that it may be the best approach to combat spam email because I can create filters that would reject emails which contains certain hyperlink names, like the spammers’ domain name, email address or even his porn image file name.
I collect them most from links like:
Since, RBL and firewall ACL can only block already known offending hosts and IP addresses – you can still get the spammer email again and again from newly found open relay and open proxies. But, if you block it through mail body content filter, you will never see the spammer email again unless he/she edits it with a new domain name and so on.
Sorry if this email caused you inconvenience.
to stop me sending you more please go here
To stop this go here
Click here to Claim Your prize!
no more? push here
Visit us at:
not for me
CLICK HERE FOR MORE INFO
The good thing about this approach is that the spammer may never know - why his/her email is being rejected. The other good thing is that the spammer will have to pay for a new domain names and host service, if the spammer email has to have value like an email reply from the victim or a web visit from the victim.
What do you guys think about this approach? And, why it’s not a common feature on most email server software?
May 29th, 2003, 04:15 PM
I think the approach is valid and I would think it would exist to some degree on mail servers. I know I can filter within the Outlook client software based on message content.
However, I think the main reason to NOT filter this way is processing power. You are asking the email server to not only route messages based on the header information, but also to actually open and read each message to scan for certain words or phrases. This will hugely impact the performance of the mail server- especially in a large corporation that is receiving thousands of emails an hour.
The signature-based approach to virus blocking seems to me like it will eventually hit a wall as well. The weekly vendor updates for AV software can be up around 4Mb or 5Mb already. What happens in 5 years when there are thousands more known viruses and the weekly update gets to be 100Mb? It will become too daunting to download and update every week and it seems like the AV software would consume a lot of resources to try to process all traffic against a signature database of that size.
I like your solution at the client level though. Outlook lets you add filter words to the JunkMail rule or you can manually create rules to handle messages in a specific way based on message content, subject line, or just about any other feature of the email.
I used MailWasher but the free version only works for 1 account and I have about 5. I am currently using K9 to filter my spam. It takes some time for it to learn and I had to whitelist some domains so they wouldn't get flagged but it seems to be doing OK. I'll give it another couple weeks and see how accurate it is.
May 29th, 2003, 04:56 PM
I use this approach on my mail server (Merak Professional) which has 20 domains with about 140 users on the Dell PowerEdge Raq, Windows 2000, Pentium III, 520MB RAM. So far, the only difference I have noticed is that my customers hardly get any spam, no cpu or memory deterioration.
This is my stats for a day.
Message received/sent 422/573
My mail server process it in this order RBL,Filter,CF and virus. As you can see by the failures my filter catches 120 spam after process the RBL.
Anyway, most mail server now uses RBL that in my opinion would use more processing, memory and bandwidth than filtering.
May 29th, 2003, 05:06 PM
On the enterprise level, you can take the heat off of your e-mail servers by using an appliance like my favorite, IronMail. It has a layered approach to removing spam. We process about 250,000 messages a day and IronMail has proven itself time and time again otherwise I wouldn't shamelessly promote it
Enterprise Spam Profiler (ESP) aggregates the results of five detection tools to create a highly accurate overall probability that a message is spam.
FirstAct™, IronMail’s update service, detects and blocks spam messages by creating signatures and policies and providing them to IronMail units in the field.
Statistical Lookup Service to compare message signatures in order to identify bulk email via collaborative filtering.
Header Analysis to identify forged headers by applying heuristics.
Weighted content filtering of keywords identified using Bayesian analysis.
Heuristic message scanning to identify new threats and spam outbreaks.
Whitelists, blacklists, and automated list updating.
Other tools including Reverse DNS lookup, Realtime Blackhole List support.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden