fbpx
Wikipedia

Anti-spam techniques

January 01, 1970

"Spam blacklist" redirects here. For Wikipedia's spam control mechanism, see Wikipedia:Spam blacklist.

Various anti-spam techniques are used to prevent email spam (unsolicited bulk email).

No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) as opposed to not rejecting all spam email (false negatives) – and the associated costs in time, effort, and cost of wrongfully obstructing good mail.[1]

Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

End-user techniques edit

There are a number of techniques that individuals can use to restrict the availability of their email addresses, with the goal of reducing their chance of receiving spam.

Discretion edit

Sharing an email address only among a limited group of correspondents is one way to limit the chance that the address will be "harvested" and targeted by spam. Similarly, when forwarding messages to a number of recipients who don't know one another, recipient addresses can be put in the "bcc: field" so that each recipient does not get a list of the other recipients' email addresses.

Address munging edit

Main article: Address munging

Email addresses posted on webpages, Usenet or chat rooms are vulnerable to e-mail address harvesting.[2] Address munging is the practice of disguising an e-mail address to prevent it from being automatically collected in this way, but still allow a human reader to reconstruct the original: an email address such as, "no-one@example.com", might be written as "no-one at example dot com", for instance. A related technique is to display all or part of the email address as an image, or as jumbled text with the order of characters restored using CSS.

Avoid responding to spam edit

A common piece of advice is to not to reply to spam messages[3] as spammers may simply regard responses as confirmation that an email address is valid. Similarly, many spam messages contain web links or addresses which the user is directed to follow to be removed from the spammer's mailing list – and these should be treated as dangerous. In any case, sender addresses are often forged in spam messages, so that responding to spam may result in failed deliveries – or may reach completely innocent third parties.

Contact forms edit

Businesses and individuals sometimes avoid publicising an email address by asking for contact to come via a "contact form" on a webpage – which then typically forwards the information via email. Such forms, however, are sometimes inconvenient to users, as they are not able to use their preferred email client, risk entering a faulty reply address, and are typically not notified about delivery problems. Further, contact forms have the drawback that they require a website with the appropriate technology.

In some cases contact forms also send the message to the email address given by the user. This allows the contact form to be used for sending spam, which may incur email deliverability problems from the site once the spam is reported and the sending IP is blacklisted.

Disable HTML in email edit

Main article: HTML email

Many modern mail programs incorporate web browser functionality, such as the display of HTML, URLs, and images.

Avoiding or disabling this feature does not help avoid spam. It may, however, be useful to avoid some problems if a user opens a spam message: offensive images, obfuscated hyperlinks, being tracked by web bugs, being targeted by JavaScript or attacks upon security vulnerabilities in the HTML renderer. Mail clients which do not automatically download and display HTML, images or attachments have fewer risks, as do clients who have been configured to not display these by default.

Disposable email addresses edit

Main article: Disposable email address

An email user may sometimes need to give an address to a site without complete assurance that the site owner will not use it for sending spam. One way to mitigate the risk is to provide a disposable email address — an address which the user can disable or abandon which forwards email to a real account. A number of services provide disposable address forwarding. Addresses can be manually disabled, can expire after a given time interval, or can expire after a certain number of messages have been forwarded. Disposable email addresses can be used by users to track whether a site owner has disclosed an address, or had a security breach.[4]

Ham passwords edit

Systems that use "ham passwords" ask unrecognised senders to include in their email a password that demonstrates that the email message is a "ham" (not spam) message. Typically the email address and ham password would be described on a web page, and the ham password would be included in the subject line of an email message (or appended to the "username" part of the email address using the "plus addressing" technique). Ham passwords are often combined with filtering systems which let through only those messages that have identified themselves as "ham".[5]

Reporting spam edit

Main article: Spam reporting

Tracking down a spammer's ISP and reporting the offense can lead to the spammer's service being terminated[6] and criminal prosecution.[7] Unfortunately, it can be difficult to track down the spammer, and while there are some online tools such as SpamCop and Network Abuse Clearinghouse to assist, they are not always accurate. Historically, reporting spam in this way has not played a large part in abating spam, since the spammers simply move their operation to another URL, ISP or network of IP addresses.

In many countries consumers may also report unwanted and deceptive commercial email to the authorities, e.g. in the US to the US Federal Trade Commission (FTC),[8] or similar agencies in other countries.[9]

Automated techniques for email administrators edit

There are now a large number of applications, appliances, services, and software systems that email administrators can use to reduce the load of spam on their systems and mailboxes. In general these attempt to reject (or "block"), the majority of spam email outright at the SMTP connection stage. If they do accept a message, they will typically then analyze the content further – and may decide to "quarantine" any categorised as spam.

Authentication edit

Further information: Email authentication, Sender Policy Framework, DKIM, and DMARC

A number of systems have been developed that allow domain name owners to identify email as authorized. Many of these systems use the DNS to list sites authorized to send email on their behalf. After many other proposals, SPF, DKIM and DMARC are all now widely supported with growing adoption.[10][11][12] While not directly attacking spam, these systems make it much harder to spoof addresses, a common technique of spammers - but also used in phishing, and other types of fraud via email.

Challenge/response systems edit

Main article: Challenge-response spam filtering

A method which may be used by internet service providers, by specialized services or enterprises to combat spam is to require unknown senders to pass various tests before their messages are delivered. These strategies are termed "challenge/response systems".

Checksum-based filtering edit

Checksum-based filter exploits the fact that the messages are sent in bulk, that is that they will be identical with small variations. Checksum-based filters strip out everything that might vary between messages, reduce what remains to a checksum, and look that checksum up in a database such as the Distributed Checksum Clearinghouse which collects the checksums of messages that email recipients consider to be spam (some people have a button on their email client which they can click to nominate a message as being spam); if the checksum is in the database, the message is likely to be spam. To avoid being detected in this way, spammers will sometimes insert unique invisible gibberish known as hashbusters into the middle of each of their messages, to make each message have a unique checksum.

Country-based filtering edit

Some email servers expect to never communicate with particular countries from which they receive a great deal of spam. Therefore, they use country-based filtering – a technique that blocks email from certain countries. This technique is based on country of origin determined by the sender's IP address rather than any trait of the sender.

DNS-based blacklists edit

Main article: DNSBL

There are large number of free and commercial DNS-based Blacklists, or DNSBLs which allow a mail server to quickly look up the IP of an incoming mail connection - and reject it if it is listed there. Administrators can choose from scores of DNSBLs, each of which reflects different policies: some list sites known to emit spam; others list open mail relays or proxies; others list ISPs known to support spam.

URL filtering edit

Main article: DNSBL § URI DNSBLs

Most spam/phishing messages contain an URL that they entice victims into clicking on. Thus, a popular technique since the early 2000s consists of extracting URLs from messages and looking them up in databases such as Spamhaus' Domain Block List (DBL), SURBL, and URIBL.[13]

Strict enforcement of RFC standards edit

Further information: SMTP RFC standards

Many spammers use poorly written software or are unable to comply with the standards because they do not have legitimate control of the computer they are using to send spam (zombie computer). By setting tighter limits on the deviation from RFC standards that the MTA will accept, a mail administrator can reduce spam significantly - but this also runs the risk of rejecting mail from older or poorly written or configured servers.

Greeting delay – A sending server is required to wait until it has received the SMTP greeting banner before it sends any data. A deliberate pause can be introduced by receiving servers to allow them to detect and deny any spam-sending applications that do not wait to receive this banner.

Temporary rejection – The greylisting technique is built on the fact that the SMTP protocol allows for temporary rejection of incoming messages. Greylisting temporarily rejects all messages from unknown senders or mail servers – using the standard 4xx error codes.[14] All compliant MTAs will proceed to retry delivery later, but many spammers and spambots will not. The downside is that all legitimate messages from first-time senders will experience a delay in delivery.

HELO/EHLO checkingRFC 5321 says that an SMTP server "MAY verify that the domain name argument in the EHLO command actually corresponds to the IP address of the client. However, if the verification fails, the server MUST NOT refuse to accept a message on that basis." Systems can, however, be configured to

  • Refuse connections from hosts that give an invalid HELO – for example, a HELO that is not an FQDN or is an IP address not surrounded by square brackets.
  • Refusing connections from hosts that give an obviously fraudulent HELO
  • Refusing to accept email whose HELO/EHLO argument does not resolve in DNS

Invalid pipelining – Several SMTP commands are allowed to be placed in one network packet and "pipelined". For example, if an email is sent with a CC: header, several SMTP "RCPT TO" commands might be placed in a single packet instead of one packet per "RCPT TO" command. The SMTP protocol, however, requires that errors be checked and everything is synchronized at certain points. Many spammers will send everything in a single packet since they do not care about errors and it is more efficient. Some MTAs will detect this invalid pipelining and reject email sent this way.

Nolisting – The email servers for any given domain are specified in a prioritized list, via the MX records. The nolisting technique is simply the adding of an MX record pointing to a non-existent server as the "primary" (i.e. that with the lowest preference value) – which means that an initial mail contact will always fail. Many spam sources do not retry on failure, so the spammer will move on to the next victim; legitimate email servers should retry the next higher numbered MX, and normal email will be delivered with only a brief delay.

Quit detection – An SMTP connection should always be closed with a QUIT command. Many spammers skip this step because their spam has already been sent and taking the time to properly close the connection takes time and bandwidth. Some MTAs are capable of detecting whether or not the connection is closed correctly and use this as a measure of how trustworthy the other system is.

Honeypots edit

Main article: Honeypot (computing)

Another approach is simply creating an imitation MTA that gives the appearance of being an open mail relay, or an imitation TCP/IP proxy server that gives the appearance of being an open proxy. Spammers who probe systems for open relays and proxies will find such a host and attempt to send mail through it, wasting their time and resources, and potentially, revealing information about themselves and the origin of the spam they are sending to the entity that operates the honeypot. Such a system may simply discard the spam attempts, submit them to DNSBLs, or store them for analysis by the entity operating the honeypot that may enable identification of the spammer for blocking.

Hybrid filtering edit

SpamAssassin, Policyd-weight and others use some or all of the various tests for spam, and assign a numerical score to each test. Each message is scanned for these patterns, and the applicable scores tallied up. If the total is above a fixed value, the message is rejected or flagged as spam. By ensuring that no single spam test by itself can flag a message as spam, the false positive rate can be greatly reduced.

Outbound spam protection edit

Outbound spam protection involves scanning email traffic as it exits a network, identifying spam messages and then taking an action such as blocking the message or shutting off the source of the traffic. While the primary impact of spam is on spam recipients, sending networks also experience financial costs, such as wasted bandwidth, and the risk of having their IP addresses blocked by receiving networks.

Outbound spam protection not only stops spam, but also lets system administrators track down spam sources on their network and remediate them – for example, clearing malware from machines which have become infected with a virus or are participating in a botnet.

PTR/reverse DNS checks edit

Further information: Reverse DNS lookup and Forward-confirmed reverse DNS

The PTR DNS records in the reverse DNS can be used for a number of things, including:

  • Most email mail transfer agents (mail servers) use a forward-confirmed reverse DNS (FCrDNS) verification and if there is a valid domain name, put it into the "Received:" trace header field.
  • Some email mail transfer agents will perform FCrDNS verification on the domain name given in the SMTP HELO and EHLO commands. See #Strict enforcement of RFC standards § HELO/EHLO .
  • To check the domain names in the rDNS to see if they are likely from dial-up users, dynamically assigned addresses, or home-based broadband customers. Since the vast majority of email that originates from these computers is spam, many mail servers also refuse email with missing or "generic" rDNS names.[15]
  • A Forward Confirmed reverse DNS verification can create a form of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address. While reliant on the DNS infrastructure, which has known vulnerabilities, this authentication is strong enough that it can be used for whitelisting purposes because spammers and phishers cannot usually bypass this verification when they use zombie computers to forge the domains.

Rule-based filtering edit

Further information: Email filtering

Content filtering techniques rely on the specification of lists of words or regular expressions disallowed in mail messages. Thus, if a site receives spam advertising "herbal Viagra", the administrator might place this phrase in the filter configuration. The mail server would then reject any message containing the phrase.

Header filtering looks at the header of the email which contains information about the origin, destination and content of the message. Although spammers will often spoof fields in the header in order to hide their identity, or to try to make the email look more legitimate than it is many of these spoofing methods can be detected, and any violation of the RFC 5322 standard on how the header is to be formed can also serve as a basis for rejecting the message.

SMTP callback verification edit

Main article: callback verification

Since a large percentage of spam has forged and invalid sender ("from") addresses, some spam can be detected by checking that this "from" address is valid. A mail server can try to verify the sender address by making an SMTP connection back to the mail exchanger for the address, as if it were creating a bounce, but stopping just before any email is sent.

Callback verification has various drawbacks: (1) Since nearly all spam has forged return addresses, nearly all callbacks are to innocent third party mail servers that are unrelated to the spam; (2) When the spammer uses a trap address as his sender's address. If the receiving MTA tries to make the callback using the trap address in a MAIL FROM command, the receiving MTA's IP address will be blacklisted; (3) Finally, the standard VRFY and EXPN commands[16] used to verify an address have been so exploited by spammers that few mail administrators enable them, leaving the receiving SMTP server no effective way to validate the sender's email address.[17]

SMTP proxy edit

Main article: SMTP proxy

SMTP proxies allow combating spam in real time, combining sender's behavior controls, providing legitimate users immediate feedback, eliminating a need for quarantine.

Spamtrapping edit

Main article: Spamtrap

Spamtrapping is the seeding of an email address so that spammers can find it, but normal users can not. If the email address is used then the sender must be a spammer and they are black listed.

As an example, if the email address "spamtrap@example.org" is placed in the source HTML of a web site in a way that it isn't displayed on the web page, human visitors to the website would not see it. Spammers, on the other hand, use web page scrapers and bots to harvest email addresses from HTML source code - so they would find this address. When the spammer later sends to the address the spamtrap knows this is highly likely to be a spammer and can take appropriate action.

Statistical content filtering edit

Main article: Bayesian spam filtering

Statistical, or Bayesian, filtering once set up requires no administrative maintenance per se: instead, users mark messages as spam or nonspam and the filtering software learns from these judgements. Thus, it is matched to the end user's needs, and as long as users consistently mark/tag the emails, can respond quickly to changes in spam content. Statistical filters typically also look at message headers, considering not just the content but also peculiarities of the transport mechanism of the email.

Software programs that implement statistical filtering include Bogofilter, DSPAM, SpamBayes, ASSP, CRM114, the email programs Mozilla and Mozilla Thunderbird, Mailwasher, and later revisions of SpamAssassin.

Tarpits edit

Main article: Tarpit (networking)

A tarpit is any server software which intentionally responds extremely slowly to client commands. By running a tarpit which treats acceptable mail normally and known spam slowly or which appears to be an open mail relay, a site can slow down the rate at which spammers can inject messages into the mail facility. Depending on the server and internet speed, a tarpit can slow an attack by a factor of around 500.[18] Many systems will simply disconnect if the server doesn't respond quickly, which will eliminate the spam. However, a few legitimate email systems will also not deal correctly with these delays. The fundamental idea is to slow the attack so that the perpetrator has to waste time without any significant success.[19]

An organization can successfully deploy a tarpit if it is able to define the range of addresses, protocols, and ports for deception.[20] The process involves a router passing the supported traffic to the appropriate server while those sent by other contacts are sent to the tarpit.[20] Examples of tarpits include the Labrea tarpit, Honeyd,[21] SMTP tarpits, and IP-level tarpits.

Collateral damage edit

See also: Scunthorpe problem

Measures to protect against spam can cause collateral damage. This includes:

  • The measures may consume resources, both in the server and on the network.
  • When a mail server rejects legitimate messages, the sender needs to contact the recipient out of channel.
  • When legitimate messages are relegated to a spam folder, the sender is not notified of this.
  • If a recipient periodically checks his spam folder, that will cost him time and if there is a lot of spam it is easy to overlook the few legitimate messages.
  • Measures that imposes costs on a third party server may be considered to be abuse and result in deliverability problems.

Automated techniques for email senders edit

There are a variety of techniques that email senders use to try to make sure that they do not send spam. Failure to control the amount of spam sent, as judged by email receivers, can often cause even legitimate email to be blocked and for the sender to be put on DNSBLs.

Background checks on new users and customers edit

Since spammer's accounts are frequently disabled due to violations of abuse policies, they are constantly trying to create new accounts. Due to the damage done to an ISP's reputation when it is the source of spam, many ISPs and web email providers use CAPTCHAs on new accounts to verify that it is a real human registering the account, and not an automated spamming system. They can also verify that credit cards are not stolen before accepting new customers, check the Spamhaus Project ROKSO list, and do other background checks.

Confirmed opt-in for mailing lists edit

Main article: Opt-in email

A malicious person can easily attempt to subscribe another user to a mailing list — to harass them, or to make the company or organisation appear to be spamming. To prevent this, all modern mailing list management programs (such as GNU Mailman, LISTSERV, Majordomo, and qmail's ezmlm) support "confirmed opt-in" by default. Whenever an email address is presented for subscription to the list, the software will send a confirmation message to that address. The confirmation message contains no advertising content, so it is not construed to be spam itself, and the address is not added to the live mail list unless the recipient responds to the confirmation message.

Egress spam filtering edit

Main article: Egress filtering

Email senders typically now do the same type of anti-spam checks on email coming from their users and customers as for inward email coming from the rest of the Internet. This protects their reputation, which could otherwise be harmed in the case of infection by spam-sending malware.

Limit email backscatter edit

Main article: Backscatter (email)

If a receiving server initially fully accepts an email, and only later determines that the message is spam or to a non-existent recipient, it will generate a bounce message back to the supposed sender. However, if (as is often the case with spam), the sender information on the incoming email was forged to be that of an unrelated third party then this bounce message is backscatter spam. For this reason it is generally preferable for most rejection of incoming email to happen during the SMTP connection stage, with a 5xx error code, while the sending server is still connected. In this case then the sending server will report the problem to the real sender cleanly.

Port 25 blocking edit

Firewalls and routers can be programmed to not allow SMTP traffic (TCP port 25) from machines on the network that are not supposed to run Mail Transfer Agents or send email.[22] This practice is somewhat controversial when ISPs block home users, especially if the ISPs do not allow the blocking to be turned off upon request. Email can still be sent from these computers to designated smart hosts via port 25 and to other smart hosts via the email submission port 587.

Port 25 interception edit

Network address translation can be used to intercept all port 25 (SMTP) traffic and direct it to a mail server that enforces rate limiting and egress spam filtering. This is commonly done in hotels,[23] but it can cause email privacy problems, as well making it impossible to use STARTTLS and SMTP-AUTH if the port 587 submission port isn't used.

Rate limiting edit

Machines that suddenly start sending lots of email may well have become zombie computers. By limiting the rate that email can be sent around what is typical for the computer in question, legitimate email can still be sent, but large spam runs can be slowed down until manual investigation can be done.[24]

Spam report feedback loops edit

Main article: Feedback Loop (email)

By monitoring spam reports from places such as spamcop, AOL's feedback loop, and Network Abuse Clearinghouse, the domain's abuse@ mailbox, etc., ISPs can often learn of problems before they seriously damage the ISP's reputation and have their mail servers blacklisted.

FROM field control edit

Both malicious software and human spam senders often use forged FROM addresses when sending spam messages. Control may be enforced on SMTP servers to ensure senders can only use their correct email address in the FROM field of outgoing messages. In an email users database each user has a record with an email address. The SMTP server must check if the email address in the FROM field of an outgoing message is the same address that belongs to the user's credentials, supplied for SMTP authentication. If the FROM field is forged, an SMTP error will be returned to the email client (e.g. "You do not own the email address you are trying to send from").

Strong AUP and TOS agreements edit

Most ISPs and webmail providers have either an Acceptable Use Policy (AUP) or a Terms of Service (TOS) agreement that discourages spammers from using their system and allows the spammer to be terminated quickly for violations.

Legal measures edit

See also: Email spam legislation by country

From 2000 onwards, many countries enacted specific legislation to criminalize spamming, and appropriate and enforcement can have a significant impact on spamming activity.[25] Where legislation provides specific text that bulk emailers must include, this also makes "legitimate" bulk email easier to identify.

Increasingly, anti-spam efforts have led to co-ordination between law enforcement, researchers, major consumer financial service companies and Internet service providers in monitoring and tracking email spam, identity theft and phishing activities and gathering evidence for criminal cases.[26]

Analysis of the sites being spamvertised by a given piece of spam can often be followed up with domain registrars with good results.[27]

New solutions and ongoing research edit

Several approaches have been proposed to improve the email system.

Cost-based systems edit

Main article: Cost-based anti-spam systems

Since spamming is facilitated by the fact that large volumes of email are very inexpensive to send, one proposed set of solutions would require that senders pay some cost in order to send email, making it prohibitively expensive for spammers. Anti-spam activist Daniel Balsam attempts to make spamming less profitable by bringing lawsuits against spammers.[28]

Machine-learning-based systems edit

Artificial intelligence techniques can be deployed for filtering spam emails, such as artificial neural networks algorithms and Bayesian filters. These methods use probabilistic methods to train the networks, such as examination of the concentration or frequency of words seen in the spam versus legitimate email contents.[29]

Other techniques edit

Channel email is a new proposal for sending email that attempts to distribute anti-spam activities by forcing verification (probably using bounce messages so back-scatter does not occur) when the first email is sent for new contacts.

Research conferences edit

Spam is the subject of several research conferences, including:

References edit

  1. ^ . Digital Security Guide | Safeonline.ng. 2016-09-07. Archived from the original on 2022-05-18. Retrieved 2021-12-21.
  2. ^ Email Address Harvesting: How Spammers Reap What You Sow April 24, 2006, at the Wayback Machine, Federal Trade Commission. URL accessed on 24 April 2006.
  3. ^ "Information Technology: Threats" 2016-03-07 at the Wayback Machine, vermont.gov
  4. ^ Customers: TD Ameritrade failed to warn of breach 2012-03-05 at the Wayback Machine
  5. ^ David A. Wheeler, (May 11, 2011) Countering Spam by Using Ham Passwords (Email Passwords) 2012-02-04 at the Wayback Machine
  6. ^ This depends on provider's policy; for example: Go Daddy Legal Department. "Universal Terms of Service Agreement". GoDaddy.com. from the original on 4 July 2014. Retrieved 5 September 2014. We do not tolerate the transmission of spam. We monitor all traffic to and from our web servers for indications of spamming and maintain a spam abuse complaint center to register allegations of spam abuse. Customers suspected to be using our products and services for the purpose of sending spam are fully investigated. If we determine there is a problem with spam, we will take the appropriate action to resolve the situation.
  7. ^ The latter depends on local law; for example: "Canada's Law on Spam and Other Electronic Threats". fightspam.gc.ca. from the original on 10 September 2014. Retrieved 5 September 2014. Canada's anti-spam legislation (CASL) is in place to protect Canadians
  8. ^ "Spam" 2013-12-17 at the Wayback Machine, OnGuardOnline.gov
  9. ^ "Anti-spam" 2016-02-24 at the Wayback Machine, NZ Department of Internal Affairs
  10. ^ Butcher, Mike. DMARC Promises A World Of Less Phishing Archived 2017-06-26 at Wikiwix. Tech Crunch. Jan 30, 2012
  11. ^ Kerner, Sean Michael (2 January 2018). "DMARC Email Security Adoption Grows in U.S. Government". e-Week. Retrieved 20 December 2018.
  12. ^ Stilgherrian (18 December 2018). "Australian government lags UK in deploying DMARC email spoofing prevention". Retrieved 20 December 2018.
  13. ^ Jose Marcio Martins Da Cruz; John Levine (May 2009). "URL filtering". Anti-Spam Research Group wiki. from the original on 8 December 2015. Retrieved 2 December 2015.
  14. ^ "4.XXX.XXX Persistent Transient Failure" 2016-03-03 at the Wayback Machine, IETF.org
  15. ^ "Frequently Asked Questions". The Spamhaus Project. from the original on 2007-01-06.
  16. ^ "VRFY command—Verify whether a mailbox exists on the local host". IBM. 16 June 2017. Retrieved 19 December 2018.
  17. ^ "On the dubious merits of email verification services". www.spamhaus.org. from the original on 2015-09-08.
  18. ^ Leonard, Clifton; Svidergol, Brian; Wright, Byron; Meloski, Vladimir (2016). Mastering Microsoft Exchange Server 2016. Hoboken, NJ: John Wiley & Sons. p. 630. ISBN 9781119232056.
  19. ^ Provos, Niels; Holz, Thorsten (2007-07-16). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Pearson Education. ISBN 9780132702058.
  20. ^ a b Shimeall, Timothy; Spring, Jonathan (2013). Introduction to Information Security: A Strategic-Based Approach. Waltham, MA: Syngress. p. 74. ISBN 9781597499699.
  21. ^ Joshi, R. C.; Sardana, Anjali (2011). Honeypots: A New Paradigm to Information Security. Boca Raton, FL: CRC Press. p. 252. ISBN 9781439869994.
  22. ^ "Shutting Down the Highway to Internet Hell". eWeek. 2005-04-08. Retrieved 2008-05-31.
  23. ^ Why can't I send mail from my hotel room? 2006-01-10 at the Wayback Machine AskLeo!, December 2005
  24. ^ Rate Limiting as an Anti-Spam Tool eWeek, June 2004
  25. ^ "Two companies fined for breaching the Spam Act". Computerworld. June 22, 2007. from the original on March 16, 2012.
  26. ^ Alleged Spam King Soloway Arrested March 17, 2009, at the Wayback Machine May 31, 2007
  27. ^ "Results: 54,357 site shutdowns (67,095 pending)". KnujOn. from the original on 17 May 2008. Retrieved 2008-05-23.
  28. ^ Paul Elias, (December 26, 2010). , archived from the original on December 27, 2010. Associated Press
  29. ^ Özgür, Levent; Güngör, Tunga; Gürgen, Fikret (2004). Spam Mail Detection Using Artificial Neural Network and Bayesian Filter. Lecture Notes in Computer Science. Vol. 3177. pp. 505–510. doi:10.1007/978-3-540-28651-6_74. ISBN 978-3-540-22881-3. {{cite book}}: |journal= ignored (help)

External links edit

  • Anti-Spam Research Group wiki, which was created by ASRG and is still alive
  • Anti spam info & resource page of the US Federal Trade Commission (FTC)
  • , The Coalition Against Unsolicited Bulk Email, Australia
  • Composing abuse reports – what to send, how to send it, where to send it – and what not to send or do.
  • Historical Development of Spam Fighting in Relation to Threat of Computer-Aware Criminals, and Public Safety by Neil Schwartzman.
  • Email Security Guide, How to identify and protect yourself from spam email
  • Spam Laws United States, European Union, and other countries' laws and pending legislation regarding unsolicited commercial email.
  • Secret to Stopping Spam An article about spam in Scientific American

January 01, 1970
anti, spam, techniques, this, article, contains, instructions, advice, content, please, help, rewrite, content, that, more, encyclopedic, move, wikiversity, wikibooks, wikivoyage, april, 2024, spam, blacklist, redirects, here, wikipedia, spam, control, mechani. This article contains instructions advice or how to content Please help rewrite the content so that it is more encyclopedic or move it to Wikiversity Wikibooks or Wikivoyage April 2024 Spam blacklist redirects here For Wikipedia s spam control mechanism see Wikipedia Spam blacklist Various anti spam techniques are used to prevent email spam unsolicited bulk email No technique is a complete solution to the spam problem and each has trade offs between incorrectly rejecting legitimate email false positives as opposed to not rejecting all spam email false negatives and the associated costs in time effort and cost of wrongfully obstructing good mail 1 Anti spam techniques can be broken into four broad categories those that require actions by individuals those that can be automated by email administrators those that can be automated by email senders and those employed by researchers and law enforcement officials Contents 1 End user techniques 1 1 Discretion 1 2 Address munging 1 3 Avoid responding to spam 1 4 Contact forms 1 5 Disable HTML in email 1 6 Disposable email addresses 1 7 Ham passwords 1 8 Reporting spam 2 Automated techniques for email administrators 2 1 Authentication 2 2 Challenge response systems 2 3 Checksum based filtering 2 4 Country based filtering 2 5 DNS based blacklists 2 6 URL filtering 2 7 Strict enforcement of RFC standards 2 8 Honeypots 2 9 Hybrid filtering 2 10 Outbound spam protection 2 11 PTR reverse DNS checks 2 12 Rule based filtering 2 13 SMTP callback verification 2 14 SMTP proxy 2 15 Spamtrapping 2 16 Statistical content filtering 2 17 Tarpits 2 18 Collateral damage 3 Automated techniques for email senders 3 1 Background checks on new users and customers 3 2 Confirmed opt in for mailing lists 3 3 Egress spam filtering 3 4 Limit email backscatter 3 5 Port 25 blocking 3 6 Port 25 interception 3 7 Rate limiting 3 8 Spam report feedback loops 3 9 FROM field control 3 10 Strong AUP and TOS agreements 4 Legal measures 5 New solutions and ongoing research 5 1 Cost based systems 5 2 Machine learning based systems 5 3 Other techniques 5 4 Research conferences 6 References 7 External linksEnd user techniques editThere are a number of techniques that individuals can use to restrict the availability of their email addresses with the goal of reducing their chance of receiving spam Discretion edit Sharing an email address only among a limited group of correspondents is one way to limit the chance that the address will be harvested and targeted by spam Similarly when forwarding messages to a number of recipients who don t know one another recipient addresses can be put in the bcc field so that each recipient does not get a list of the other recipients email addresses Address munging edit Main article Address munging Email addresses posted on webpages Usenet or chat rooms are vulnerable to e mail address harvesting 2 Address munging is the practice of disguising an e mail address to prevent it from being automatically collected in this way but still allow a human reader to reconstruct the original an email address such as no one example com might be written as no one at example dot com for instance A related technique is to display all or part of the email address as an image or as jumbled text with the order of characters restored using CSS Avoid responding to spam edit A common piece of advice is to not to reply to spam messages 3 as spammers may simply regard responses as confirmation that an email address is valid Similarly many spam messages contain web links or addresses which the user is directed to follow to be removed from the spammer s mailing list and these should be treated as dangerous In any case sender addresses are often forged in spam messages so that responding to spam may result in failed deliveries or may reach completely innocent third parties Contact forms edit Businesses and individuals sometimes avoid publicising an email address by asking for contact to come via a contact form on a webpage which then typically forwards the information via email Such forms however are sometimes inconvenient to users as they are not able to use their preferred email client risk entering a faulty reply address and are typically not notified about delivery problems Further contact forms have the drawback that they require a website with the appropriate technology In some cases contact forms also send the message to the email address given by the user This allows the contact form to be used for sending spam which may incur email deliverability problems from the site once the spam is reported and the sending IP is blacklisted Disable HTML in email edit Main article HTML email Many modern mail programs incorporate web browser functionality such as the display of HTML URLs and images Avoiding or disabling this feature does not help avoid spam It may however be useful to avoid some problems if a user opens a spam message offensive images obfuscated hyperlinks being tracked by web bugs being targeted by JavaScript or attacks upon security vulnerabilities in the HTML renderer Mail clients which do not automatically download and display HTML images or attachments have fewer risks as do clients who have been configured to not display these by default Disposable email addresses edit Main article Disposable email address An email user may sometimes need to give an address to a site without complete assurance that the site owner will not use it for sending spam One way to mitigate the risk is to provide a disposable email address an address which the user can disable or abandon which forwards email to a real account A number of services provide disposable address forwarding Addresses can be manually disabled can expire after a given time interval or can expire after a certain number of messages have been forwarded Disposable email addresses can be used by users to track whether a site owner has disclosed an address or had a security breach 4 Ham passwords edit Systems that use ham passwords ask unrecognised senders to include in their email a password that demonstrates that the email message is a ham not spam message Typically the email address and ham password would be described on a web page and the ham password would be included in the subject line of an email message or appended to the username part of the email address using the plus addressing technique Ham passwords are often combined with filtering systems which let through only those messages that have identified themselves as ham 5 Reporting spam edit Main article Spam reporting Tracking down a spammer s ISP and reporting the offense can lead to the spammer s service being terminated 6 and criminal prosecution 7 Unfortunately it can be difficult to track down the spammer and while there are some online tools such as SpamCop and Network Abuse Clearinghouse to assist they are not always accurate Historically reporting spam in this way has not played a large part in abating spam since the spammers simply move their operation to another URL ISP or network of IP addresses In many countries consumers may also report unwanted and deceptive commercial email to the authorities e g in the US to the US Federal Trade Commission FTC 8 or similar agencies in other countries 9 Automated techniques for email administrators editThere are now a large number of applications appliances services and software systems that email administrators can use to reduce the load of spam on their systems and mailboxes In general these attempt to reject or block the majority of spam email outright at the SMTP connection stage If they do accept a message they will typically then analyze the content further and may decide to quarantine any categorised as spam Authentication edit Further information Email authentication Sender Policy Framework DKIM and DMARC A number of systems have been developed that allow domain name owners to identify email as authorized Many of these systems use the DNS to list sites authorized to send email on their behalf After many other proposals SPF DKIM and DMARC are all now widely supported with growing adoption 10 11 12 While not directly attacking spam these systems make it much harder to spoof addresses a common technique of spammers but also used in phishing and other types of fraud via email Challenge response systems edit Main article Challenge response spam filtering A method which may be used by internet service providers by specialized services or enterprises to combat spam is to require unknown senders to pass various tests before their messages are delivered These strategies are termed challenge response systems Checksum based filtering edit Checksum based filter exploits the fact that the messages are sent in bulk that is that they will be identical with small variations Checksum based filters strip out everything that might vary between messages reduce what remains to a checksum and look that checksum up in a database such as the Distributed Checksum Clearinghouse which collects the checksums of messages that email recipients consider to be spam some people have a button on their email client which they can click to nominate a message as being spam if the checksum is in the database the message is likely to be spam To avoid being detected in this way spammers will sometimes insert unique invisible gibberish known as hashbusters into the middle of each of their messages to make each message have a unique checksum Country based filtering edit Some email servers expect to never communicate with particular countries from which they receive a great deal of spam Therefore they use country based filtering a technique that blocks email from certain countries This technique is based on country of origin determined by the sender s IP address rather than any trait of the sender DNS based blacklists edit Main article DNSBL There are large number of free and commercial DNS based Blacklists or DNSBLs which allow a mail server to quickly look up the IP of an incoming mail connection and reject it if it is listed there Administrators can choose from scores of DNSBLs each of which reflects different policies some list sites known to emit spam others list open mail relays or proxies others list ISPs known to support spam URL filtering edit Main article DNSBL URI DNSBLs Most spam phishing messages contain an URL that they entice victims into clicking on Thus a popular technique since the early 2000s consists of extracting URLs from messages and looking them up in databases such as Spamhaus Domain Block List DBL SURBL and URIBL 13 Strict enforcement of RFC standards edit Further information SMTP RFC standards Many spammers use poorly written software or are unable to comply with the standards because they do not have legitimate control of the computer they are using to send spam zombie computer By setting tighter limits on the deviation from RFC standards that the MTA will accept a mail administrator can reduce spam significantly but this also runs the risk of rejecting mail from older or poorly written or configured servers Greeting delay A sending server is required to wait until it has received the SMTP greeting banner before it sends any data A deliberate pause can be introduced by receiving servers to allow them to detect and deny any spam sending applications that do not wait to receive this banner Temporary rejection The greylisting technique is built on the fact that the SMTP protocol allows for temporary rejection of incoming messages Greylisting temporarily rejects all messages from unknown senders or mail servers using the standard 4xx error codes 14 All compliant MTAs will proceed to retry delivery later but many spammers and spambots will not The downside is that all legitimate messages from first time senders will experience a delay in delivery HELO EHLO checking RFC 5321 says that an SMTP server MAY verify that the domain name argument in the EHLO command actually corresponds to the IP address of the client However if the verification fails the server MUST NOT refuse to accept a message on that basis Systems can however be configured to Refuse connections from hosts that give an invalid HELO for example a HELO that is not an FQDN or is an IP address not surrounded by square brackets Refusing connections from hosts that give an obviously fraudulent HELO Refusing to accept email whose HELO EHLO argument does not resolve in DNS Invalid pipelining Several SMTP commands are allowed to be placed in one network packet and pipelined For example if an email is sent with a CC header several SMTP RCPT TO commands might be placed in a single packet instead of one packet per RCPT TO command The SMTP protocol however requires that errors be checked and everything is synchronized at certain points Many spammers will send everything in a single packet since they do not care about errors and it is more efficient Some MTAs will detect this invalid pipelining and reject email sent this way Nolisting The email servers for any given domain are specified in a prioritized list via the MX records The nolisting technique is simply the adding of an MX record pointing to a non existent server as the primary i e that with the lowest preference value which means that an initial mail contact will always fail Many spam sources do not retry on failure so the spammer will move on to the next victim legitimate email servers should retry the next higher numbered MX and normal email will be delivered with only a brief delay Quit detection An SMTP connection should always be closed with a QUIT command Many spammers skip this step because their spam has already been sent and taking the time to properly close the connection takes time and bandwidth Some MTAs are capable of detecting whether or not the connection is closed correctly and use this as a measure of how trustworthy the other system is Honeypots edit Main article Honeypot computing Another approach is simply creating an imitation MTA that gives the appearance of being an open mail relay or an imitation TCP IP proxy server that gives the appearance of being an open proxy Spammers who probe systems for open relays and proxies will find such a host and attempt to send mail through it wasting their time and resources and potentially revealing information about themselves and the origin of the spam they are sending to the entity that operates the honeypot Such a system may simply discard the spam attempts submit them to DNSBLs or store them for analysis by the entity operating the honeypot that may enable identification of the spammer for blocking Hybrid filtering edit SpamAssassin Policyd weight and others use some or all of the various tests for spam and assign a numerical score to each test Each message is scanned for these patterns and the applicable scores tallied up If the total is above a fixed value the message is rejected or flagged as spam By ensuring that no single spam test by itself can flag a message as spam the false positive rate can be greatly reduced Outbound spam protection edit Outbound spam protection involves scanning email traffic as it exits a network identifying spam messages and then taking an action such as blocking the message or shutting off the source of the traffic While the primary impact of spam is on spam recipients sending networks also experience financial costs such as wasted bandwidth and the risk of having their IP addresses blocked by receiving networks Outbound spam protection not only stops spam but also lets system administrators track down spam sources on their network and remediate them for example clearing malware from machines which have become infected with a virus or are participating in a botnet PTR reverse DNS checks edit Further information Reverse DNS lookup and Forward confirmed reverse DNS The PTR DNS records in the reverse DNS can be used for a number of things including Most email mail transfer agents mail servers use a forward confirmed reverse DNS FCrDNS verification and if there is a valid domain name put it into the Received trace header field Some email mail transfer agents will perform FCrDNS verification on the domain name given in the SMTP HELO and EHLO commands See Strict enforcement of RFC standards HELO EHLO To check the domain names in the rDNS to see if they are likely from dial up users dynamically assigned addresses or home based broadband customers Since the vast majority of email that originates from these computers is spam many mail servers also refuse email with missing or generic rDNS names 15 A Forward Confirmed reverse DNS verification can create a form of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address While reliant on the DNS infrastructure which has known vulnerabilities this authentication is strong enough that it can be used for whitelisting purposes because spammers and phishers cannot usually bypass this verification when they use zombie computers to forge the domains Rule based filtering edit Further information Email filtering Content filtering techniques rely on the specification of lists of words or regular expressions disallowed in mail messages Thus if a site receives spam advertising herbal Viagra the administrator might place this phrase in the filter configuration The mail server would then reject any message containing the phrase Header filtering looks at the header of the email which contains information about the origin destination and content of the message Although spammers will often spoof fields in the header in order to hide their identity or to try to make the email look more legitimate than it is many of these spoofing methods can be detected and any violation of the RFC 5322 standard on how the header is to be formed can also serve as a basis for rejecting the message SMTP callback verification edit Main article callback verification Since a large percentage of spam has forged and invalid sender from addresses some spam can be detected by checking that this from address is valid A mail server can try to verify the sender address by making an SMTP connection back to the mail exchanger for the address as if it were creating a bounce but stopping just before any email is sent Callback verification has various drawbacks 1 Since nearly all spam has forged return addresses nearly all callbacks are to innocent third party mail servers that are unrelated to the spam 2 When the spammer uses a trap address as his sender s address If the receiving MTA tries to make the callback using the trap address in a MAIL FROM command the receiving MTA s IP address will be blacklisted 3 Finally the standard VRFY and EXPN commands 16 used to verify an address have been so exploited by spammers that few mail administrators enable them leaving the receiving SMTP server no effective way to validate the sender s email address 17 SMTP proxy edit Main article SMTP proxy SMTP proxies allow combating spam in real time combining sender s behavior controls providing legitimate users immediate feedback eliminating a need for quarantine Spamtrapping edit Main article Spamtrap Spamtrapping is the seeding of an email address so that spammers can find it but normal users can not If the email address is used then the sender must be a spammer and they are black listed As an example if the email address spamtrap example org is placed in the source HTML of a web site in a way that it isn t displayed on the web page human visitors to the website would not see it Spammers on the other hand use web page scrapers and bots to harvest email addresses from HTML source code so they would find this address When the spammer later sends to the address the spamtrap knows this is highly likely to be a spammer and can take appropriate action Statistical content filtering edit Main article Bayesian spam filtering Statistical or Bayesian filtering once set up requires no administrative maintenance per se instead users mark messages as spam or nonspam and the filtering software learns from these judgements Thus it is matched to the end user s needs and as long as users consistently mark tag the emails can respond quickly to changes in spam content Statistical filters typically also look at message headers considering not just the content but also peculiarities of the transport mechanism of the email Software programs that implement statistical filtering include Bogofilter DSPAM SpamBayes ASSP CRM114 the email programs Mozilla and Mozilla Thunderbird Mailwasher and later revisions of SpamAssassin Tarpits edit Main article Tarpit networking A tarpit is any server software which intentionally responds extremely slowly to client commands By running a tarpit which treats acceptable mail normally and known spam slowly or which appears to be an open mail relay a site can slow down the rate at which spammers can inject messages into the mail facility Depending on the server and internet speed a tarpit can slow an attack by a factor of around 500 18 Many systems will simply disconnect if the server doesn t respond quickly which will eliminate the spam However a few legitimate email systems will also not deal correctly with these delays The fundamental idea is to slow the attack so that the perpetrator has to waste time without any significant success 19 An organization can successfully deploy a tarpit if it is able to define the range of addresses protocols and ports for deception 20 The process involves a router passing the supported traffic to the appropriate server while those sent by other contacts are sent to the tarpit 20 Examples of tarpits include the Labrea tarpit Honeyd 21 SMTP tarpits and IP level tarpits Collateral damage edit See also Scunthorpe problem Measures to protect against spam can cause collateral damage This includes The measures may consume resources both in the server and on the network When a mail server rejects legitimate messages the sender needs to contact the recipient out of channel When legitimate messages are relegated to a spam folder the sender is not notified of this If a recipient periodically checks his spam folder that will cost him time and if there is a lot of spam it is easy to overlook the few legitimate messages Measures that imposes costs on a third party server may be considered to be abuse and result in deliverability problems Automated techniques for email senders editThere are a variety of techniques that email senders use to try to make sure that they do not send spam Failure to control the amount of spam sent as judged by email receivers can often cause even legitimate email to be blocked and for the sender to be put on DNSBLs Background checks on new users and customers edit Since spammer s accounts are frequently disabled due to violations of abuse policies they are constantly trying to create new accounts Due to the damage done to an ISP s reputation when it is the source of spam many ISPs and web email providers use CAPTCHAs on new accounts to verify that it is a real human registering the account and not an automated spamming system They can also verify that credit cards are not stolen before accepting new customers check the Spamhaus Project ROKSO list and do other background checks Confirmed opt in for mailing lists edit Main article Opt in email A malicious person can easily attempt to subscribe another user to a mailing list to harass them or to make the company or organisation appear to be spamming To prevent this all modern mailing list management programs such as GNU Mailman LISTSERV Majordomo and qmail s ezmlm support confirmed opt in by default Whenever an email address is presented for subscription to the list the software will send a confirmation message to that address The confirmation message contains no advertising content so it is not construed to be spam itself and the address is not added to the live mail list unless the recipient responds to the confirmation message Egress spam filtering edit Main article Egress filtering Email senders typically now do the same type of anti spam checks on email coming from their users and customers as for inward email coming from the rest of the Internet This protects their reputation which could otherwise be harmed in the case of infection by spam sending malware Limit email backscatter edit Main article Backscatter email If a receiving server initially fully accepts an email and only later determines that the message is spam or to a non existent recipient it will generate a bounce message back to the supposed sender However if as is often the case with spam the sender information on the incoming email was forged to be that of an unrelated third party then this bounce message is backscatter spam For this reason it is generally preferable for most rejection of incoming email to happen during the SMTP connection stage with a 5xx error code while the sending server is still connected In this case then the sending server will report the problem to the real sender cleanly Port 25 blocking edit Firewalls and routers can be programmed to not allow SMTP traffic TCP port 25 from machines on the network that are not supposed to run Mail Transfer Agents or send email 22 This practice is somewhat controversial when ISPs block home users especially if the ISPs do not allow the blocking to be turned off upon request Email can still be sent from these computers to designated smart hosts via port 25 and to other smart hosts via the email submission port 587 Port 25 interception edit Network address translation can be used to intercept all port 25 SMTP traffic and direct it to a mail server that enforces rate limiting and egress spam filtering This is commonly done in hotels 23 but it can cause email privacy problems as well making it impossible to use STARTTLS and SMTP AUTH if the port 587 submission port isn t used Rate limiting edit Machines that suddenly start sending lots of email may well have become zombie computers By limiting the rate that email can be sent around what is typical for the computer in question legitimate email can still be sent but large spam runs can be slowed down until manual investigation can be done 24 Spam report feedback loops edit Main article Feedback Loop email By monitoring spam reports from places such as spamcop AOL s feedback loop and Network Abuse Clearinghouse the domain s abuse mailbox etc ISPs can often learn of problems before they seriously damage the ISP s reputation and have their mail servers blacklisted FROM field control edit Both malicious software and human spam senders often use forged FROM addresses when sending spam messages Control may be enforced on SMTP servers to ensure senders can only use their correct email address in the FROM field of outgoing messages In an email users database each user has a record with an email address The SMTP server must check if the email address in the FROM field of an outgoing message is the same address that belongs to the user s credentials supplied for SMTP authentication If the FROM field is forged an SMTP error will be returned to the email client e g You do not own the email address you are trying to send from Strong AUP and TOS agreements edit Most ISPs and webmail providers have either an Acceptable Use Policy AUP or a Terms of Service TOS agreement that discourages spammers from using their system and allows the spammer to be terminated quickly for violations Legal measures editSee also Email spam legislation by country From 2000 onwards many countries enacted specific legislation to criminalize spamming and appropriate legislation and enforcement can have a significant impact on spamming activity 25 Where legislation provides specific text that bulk emailers must include this also makes legitimate bulk email easier to identify Increasingly anti spam efforts have led to co ordination between law enforcement researchers major consumer financial service companies and Internet service providers in monitoring and tracking email spam identity theft and phishing activities and gathering evidence for criminal cases 26 Analysis of the sites being spamvertised by a given piece of spam can often be followed up with domain registrars with good results 27 New solutions and ongoing research editSeveral approaches have been proposed to improve the email system Cost based systems edit Main article Cost based anti spam systems Since spamming is facilitated by the fact that large volumes of email are very inexpensive to send one proposed set of solutions would require that senders pay some cost in order to send email making it prohibitively expensive for spammers Anti spam activist Daniel Balsam attempts to make spamming less profitable by bringing lawsuits against spammers 28 Machine learning based systems edit Artificial intelligence techniques can be deployed for filtering spam emails such as artificial neural networks algorithms and Bayesian filters These methods use probabilistic methods to train the networks such as examination of the concentration or frequency of words seen in the spam versus legitimate email contents 29 Other techniques edit Channel email is a new proposal for sending email that attempts to distribute anti spam activities by forcing verification probably using bounce messages so back scatter does not occur when the first email is sent for new contacts Research conferences edit Spam is the subject of several research conferences including TRECReferences edit 10 Tips to Avoid Spam Digital Security Guide Safeonline ng Digital Security Guide Safeonline ng 2016 09 07 Archived from the original on 2022 05 18 Retrieved 2021 12 21 Email Address Harvesting How Spammers Reap What You Sow Archived April 24 2006 at the Wayback Machine Federal Trade Commission URL accessed on 24 April 2006 Information Technology Threats Archived 2016 03 07 at the Wayback Machine vermont gov Customers TD Ameritrade failed to warn of breach Archived 2012 03 05 at the Wayback Machine David A Wheeler May 11 2011 Countering Spam by Using Ham Passwords Email Passwords Archived 2012 02 04 at the Wayback Machine This depends on provider s policy for example Go Daddy Legal Department Universal Terms of Service Agreement GoDaddy com Archived from the original on 4 July 2014 Retrieved 5 September 2014 We do not tolerate the transmission of spam We monitor all traffic to and from our web servers for indications of spamming and maintain a spam abuse complaint center to register allegations of spam abuse Customers suspected to be using our products and services for the purpose of sending spam are fully investigated If we determine there is a problem with spam we will take the appropriate action to resolve the situation The latter depends on local law for example Canada s Law on Spam and Other Electronic Threats fightspam gc ca Archived from the original on 10 September 2014 Retrieved 5 September 2014 Canada s anti spam legislation CASL is in place to protect Canadians Spam Archived 2013 12 17 at the Wayback Machine OnGuardOnline gov Anti spam Archived 2016 02 24 at the Wayback Machine NZ Department of Internal Affairs Butcher Mike DMARC Promises A World Of Less Phishing Archived 2017 06 26 at Wikiwix Tech Crunch Jan 30 2012 Kerner Sean Michael 2 January 2018 DMARC Email Security Adoption Grows in U S Government e Week Retrieved 20 December 2018 Stilgherrian 18 December 2018 Australian government lags UK in deploying DMARC email spoofing prevention Retrieved 20 December 2018 Jose Marcio Martins Da Cruz John Levine May 2009 URL filtering Anti Spam Research Group wiki Archived from the original on 8 December 2015 Retrieved 2 December 2015 4 XXX XXX Persistent Transient Failure Archived 2016 03 03 at the Wayback Machine IETF org Frequently Asked Questions The Spamhaus Project Archived from the original on 2007 01 06 VRFY command Verify whether a mailbox exists on the local host IBM 16 June 2017 Retrieved 19 December 2018 On the dubious merits of email verification services www spamhaus org Archived from the original on 2015 09 08 Leonard Clifton Svidergol Brian Wright Byron Meloski Vladimir 2016 Mastering Microsoft Exchange Server 2016 Hoboken NJ John Wiley amp Sons p 630 ISBN 9781119232056 Provos Niels Holz Thorsten 2007 07 16 Virtual Honeypots From Botnet Tracking to Intrusion Detection Pearson Education ISBN 9780132702058 a b Shimeall Timothy Spring Jonathan 2013 Introduction to Information Security A Strategic Based Approach Waltham MA Syngress p 74 ISBN 9781597499699 Joshi R C Sardana Anjali 2011 Honeypots A New Paradigm to Information Security Boca Raton FL CRC Press p 252 ISBN 9781439869994 Shutting Down the Highway to Internet Hell eWeek 2005 04 08 Retrieved 2008 05 31 Why can t I send mail from my hotel room Archived 2006 01 10 at the Wayback Machine AskLeo December 2005 Rate Limiting as an Anti Spam Tool eWeek June 2004 Two companies fined for breaching the Spam Act Computerworld June 22 2007 Archived from the original on March 16 2012 Alleged Spam King Soloway Arrested Archived March 17 2009 at the Wayback Machine May 31 2007 Results 54 357 site shutdowns 67 095 pending KnujOn Archived from the original on 17 May 2008 Retrieved 2008 05 23 Paul Elias December 26 2010 Man quits job makes living suing e mail spammers archived from the original on December 27 2010 Associated Press Ozgur Levent Gungor Tunga Gurgen Fikret 2004 Spam Mail Detection Using Artificial Neural Network and Bayesian Filter Lecture Notes in Computer Science Vol 3177 pp 505 510 doi 10 1007 978 3 540 28651 6 74 ISBN 978 3 540 22881 3 a href Template Cite book html title Template Cite book cite book a journal ignored help External links editAOL s postmaster page describing the Anti Spam Technical Alliance ASTA Proposal Anti Spam Research Group wiki which was created by ASRG and is still alive Anti spam info amp resource page of the US Federal Trade Commission FTC CAUBE AU Fight Spam in Australia The Coalition Against Unsolicited Bulk Email Australia Composing abuse reports what to send how to send it where to send it and what not to send or do Computer Incident Advisory Committee s suggestions E Mail Spamming countermeasures Detection and prevention of E Mail spamming Shawn Hernan with James R Cutler and David Harris Historical Development of Spam Fighting in Relation to Threat of Computer Aware Criminals and Public Safety by Neil Schwartzman Email Security Guide How to identify and protect yourself from spam email Mail DDoS Attacks through Mail Non Delivery Messages and Backscatter Spam Laws United States European Union and other countries laws and pending legislation regarding unsolicited commercial email Secret to Stopping Spam An article about spam in Scientific American Retrieved from https en wikipedia org w index php title Anti spam techniques amp oldid 1222843822, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.