Tuesday, March 14, 2006

Everything You Should Know About SPAM. Part II

The Damage
Mailing doesn't cost anything for a spammer, but SPAM can cause serious damages for a receiver. SPAM makes the work of informational systems and resources difficult, as it creates useless loading. Moreover, Network users have to spend much time on filtration of useless advertisements. In order to avoid this, users need to install anti-SPAM filters which can also delete important e-mails recognizing them as a SPAM. SPAM can also be used as ‘black PR’ and to spread computer viruses.

How to Fight SPAM
Perhaps the most effective way to fight SPAM is not to let spammers know your e-mail address. This can be hard to perform but some precautionary measures can be taken.
• Do not show your e-mail address on web sites and in Usenet groups without necessity.
• Do not register on suspicious sites. If a useful site requires registration you can point a temporary e-mail address that you won’t use again.
• Never answer SPAM and never visit included links. If you do it you will confirm using this e-mail address and will receive more SPAM.

There is special software developed for automatic SPAM defining (the so-called SPAM filters). It is developed for both end users and server usage. This software works according to two main principles:
1. A letter’s content is analyzed and the conclusion is made whether the letter is SPAM or not. If the letter is classified as SPAM it can be marked, placed into other folder or deleted. Such software can work on both a server and client’s PC. Using this approach you will not see the filtered SPAM, but you will have some expenses, because anti-SPAM software receives every SPAM-letter (spending your money) and only then decides whether to show it or not.
2. The second principle is to detect the sender as a spammer without checking the content of the letter. This software can work only on the server that receives letters directly. This approach can lessen the costs as the money is spent only on communication with spammer mail programs (i.e. on the rejection of receiving letters) and addressing other servers (if required) during the check. But the profit will be not that big as you may expect. If a receiver refuses to receive a letter spammer programs try to avoid the protection and send letters in a different way. Every such attempt is to be repelled separately, which enlarges the load on the server.
The place of the installation of the anti-SPAM software (a end user’s PC or for example provider’s mail server) defines who will be responsible for the SPAM filtration expenses. If an end user filters SPAM he is responsible for expenses as he will receive all letters including SPAM. If the server filters SPAM, the user is not responsible for expenses because he receives only useful letters, and all the expenses are to be done by the server’s owner.

Black Lists
Black lists include IP-addresses of those computers which are known to spread SPAM. Lists of PCs which can be used for the mailing (‘open relays’ and ‘open proxies’), as well as ‘dialup’ lists are also available. One can use a local list or a list which is supported by somebody else. Those black lists the inquiry to which is performed via the DNS service are widely popular. They are called DNSBL (DNS Black List). Today this method is not very effective. Spammers find new PCs for their purposes faster than they are included into black lists. Besides, a couple of computers that send SPAM can compromise the whole mail domain and thousands of law-abiding users will not be able to send e-mails to those servers that use such black lists.

Mail Servers Authorization
There are many different ways to confirm that the PC that sends letters ‘has the right’ to do it (Sender ID, SPF, Caller ID, Yahoo DomainKeys). However, these technologies sometimes limit mail servers’ functionality:
• Forwarding letters automatically from one mail server to another (SMTP Forwarding) can be impossible.
• Providers follow such a policy, according to which clients can perform SMTP-connections with provider servers only. In this case mail servers’ authorization is impossible or hard to perform.

Grey Lists
The ‘grey lists’ method is based upon the fact that the software signed to send SPAM ‘behaves’ differently from common mail servers: spammer programs do not try to repeatedly send e-mails if a temporary error occurs, as it is required by SMTP protocol.
At first all unknown servers are placed to the grey list and letters from them are not received. The temporary error code is sent to the sender’s server, that is why common letters (not SPAM) are not lost, but the delivery of them is delayed (they stand in the line and are delivered with the next try). If the server acts as it is expected to, it is automatically placed to the white list and all next letters are received without any delays.
Due to this method up to 90% of SPAM is filtered without much risk to lose important letters. However, it is not perfect.
• Some letters that do not fulfill SMTP protocol requirement can be removed from servers by mistake.
• The delay with the delivery can be up to half an hour (and even more), which can be unacceptable in case with urgent correspondence.
• Big mail services use several servers with different IP-addresses. Moreover, there can be the situation when a number of servers try to send one and the same letter in turn. This can cause very long delays when sending letters.

Statistic Methods of SPAM Filtration
These methods use the statistic analysis of the letter’s content for making the decision whether it is a SPAM letter. The biggest success was achieved with the help of algorithms, based on Bayes theory. Statistic Methods of SPAM Filtration requires ‘teaching’ filters. It means using sorted manually letters in order to define the statistic peculiarities of common letters and SPAM. This method can remove up to 95-97% of SPAM.

Other Methods
• Common toughening of the requirements to letters, for example the refusal to accept letters with wrong sender address (letters from domains that do not exist), the examination of the domain name using IP-address of the computer from which the letter is sent, etc. These measures are in fact history and are not taking seriously today. They filter only the most primitive SPAM – very low percentage.
• “Call-Answer” types of systems, etc.


Post a Comment

<< Home