Here are three techniques to make your users' mailboxes spam-free.
by Keyur Shah
Posted March 23, 2004
Stopping spam is the most vexing problem e-mail administrators face today. Apart from being an annoying time waster, spam often carries viruses or malicious scripts that not only harm your applications, data, and operating system, but sap productivity, consume network bandwidth, and fill hard disks. Unfortunately, there is no easy way to avoid spam, and it's doubtful given the dubious ethics of spammers that any legal bar to spam would stop the rising tide anytime soon.
The biggest problem with blocking spam is that there's no method or product that works with total reliability for all users. In my experience, spam filters that run at the desktop tend to mistake legitimate messages for junk and require ongoing user intervention. Server-level filtering protects all users, is professionally managed, and when configured in the most aggressive manner possible, deletes spam before it reaches uses. This article looks at some of the techniques antispam tools employ, and weighs their strengths and weakness. It also outlines a quick-and-dirty method to stop spam at the desktop if your mail provider doesn't filter spam.
What is the Content of the E-mail?
An e-mail's content, in particular its word choice and grammar, can signal that it's spam. Spam contains certain patterns, such as liberal amounts of capital letters or multiple exclamation marks. The most common types of e-mail, such as multilevel marketing messages, are often attempts to entice the gullible with fraudulent schemes (see Figure 1).
Savvy people approach the following types of content with caution:
- Advertisements for products or services.
- Offers of money-making opportunities.
- Advertisements for pornographic Web sites.
- Vulgar content.
- Suspicious code in the message body or attachments.
On the other hand, a careful Spam tool will allow variations on the above to pass scrutiny:
- Legitimate messages from buyers or sellers at auction sites.
- Business plans if you are a venture capitalist or business professor.
- Messages from health-related organizations you support.
- The occasional off-color joke from a friend.
- Software patches from a trusted source.
The three most common ways of stopping spam are simple word filtering, pattern recognition, and connection filtering. A defense-in-depth approach uses these three, and sometimes more, to block spam. Here's an overview of each of these approaches.
A huge percentage of spam originates from a known list of servers. Blocking connections from servers on this list, or accepting messages and flagging them as highly suspect, eliminates a significant amount of spam. A company called Mail Abuse Prevention System maintains a database, called the Realtime Blackhole List (RBL), containing addresses of systems that should be prevented from making connections to your SMTP server. Other vendors offer similar lists, and it's a good idea to use multiple service providers to create a kind of fault tolerance in the event that one of them is offline or otherwise unreachable.
Back to top