spam goes through user computers infected with malware - zombie networks. What can be opposed to this onslaught? The modern IT security industry offers many solutions, and there are various technologies in the arsenal of antispammers. However, none of the existing technologies is a magic "silver bullet" against spam. There is simply no one-size-fits-all solution. Most modern products use several technologies, otherwise the effectiveness of the product will not be high.
The most famous and common technologies are listed below.
Blacklists
They are also DNSBL (DNS-based Blackhole Lists). This is one of the oldest anti-spam technologies. Block mail from the IP servers listed in the list.
Mass Control (DCC, Razor, Pyzor)
The technology assumes the identification of mass messages in the mail flow that are absolutely identical or differ slightly. Huge mail flows are required to build a workable bulk analyzer, so this technology is offered by large vendors with significant volumes of mail that they can analyze.
Checking internet message headers
Spammers write special programs to generate spam messages and spread them instantly. At the same time, they make mistakes in the design of the headers, as a result, spam does not always comply with the requirements of the RFC postal standard, which describes the format of headers. These errors can be used to calculate a spam message.
Content filtering
Also one of the old, proven technologies. The spam message is checked for spam-specific words, text fragments, pictures and other typical spam characteristics. Content filtering began by analyzing the subject of a message and those parts of it that contained plain text (HTML), but now spam filters check all parts, including graphic attachments.
As a result of the analysis, a text signature can be built or the "spam weight" of the message can be calculated.
Content filtering: bayes
Statistical Bayesian algorithms are also designed to analyze content. Bayesian filters do not need constant tuning. All they need is prior training. After that, the filter adjusts to the subjects of letters typical for this particular user. Thus, if a user works in the education system and conducts trainings, then personally his messages on this topic will not be recognized as spam. For those who do not need offers to attend the training, the statistical filter will classify such messages as spam.
Greylisting
Temporary refusal to receive the message. The failure comes with an error code that all mail systems understand. After a while, they re-send the message. And programs that send spam, in this case, do not re-send the letter.
The most famous and common technologies are listed below.
Blacklists
They are also DNSBL (DNS-based Blackhole Lists). This is one of the oldest anti-spam technologies. Block mail from the IP servers listed in the list.
- Pros: The blacklist cuts off mail from a suspicious source by 100%.
- Cons: They give a high rate of false positives, so use with caution.
Mass Control (DCC, Razor, Pyzor)
The technology assumes the identification of mass messages in the mail flow that are absolutely identical or differ slightly. Huge mail flows are required to build a workable bulk analyzer, so this technology is offered by large vendors with significant volumes of mail that they can analyze.
- Pros: If the technology has worked, then it is guaranteed to determine the mass mailing.
- Cons: First, a "large" mailing list may not be spam, but a completely legitimate mail (for example, Ozon.ru, Subscribe.ru send thousands of almost identical messages, but this is not spam). Secondly, spammers are able to "break through" such protection using intelligent technologies. They use software that generates different content - text, graphics, etc. - in every spam message. As a result, mass control does not work.
Checking internet message headers
Spammers write special programs to generate spam messages and spread them instantly. At the same time, they make mistakes in the design of the headers, as a result, spam does not always comply with the requirements of the RFC postal standard, which describes the format of headers. These errors can be used to calculate a spam message.
- Pros: The process of recognizing and filtering spam is transparent, regulated by standards and quite reliable.
- Cons: Spammers learn quickly and there are fewer spam header errors. Using this technology alone will stop no more than a third of all spam.
Content filtering
Also one of the old, proven technologies. The spam message is checked for spam-specific words, text fragments, pictures and other typical spam characteristics. Content filtering began by analyzing the subject of a message and those parts of it that contained plain text (HTML), but now spam filters check all parts, including graphic attachments.
As a result of the analysis, a text signature can be built or the "spam weight" of the message can be calculated.
- Pros: Flexibility, the ability to quickly fine tune. Systems based on this technology can easily adapt to new types of spam and rarely make mistakes when distinguishing between spam and normal mail.
- Cons: Updates are usually required. The filter is configured by specially trained people, sometimes by entire antispam laboratories. This support is expensive, which affects the cost of the spam filter. Spammers devise special tricks to bypass this technology: they introduce random "noise" into spam, which makes it difficult to find and evaluate spam characteristics of a message. For example, they use non-letter characters in words (for example, this is how the word viagra can look like when using this technique: vi_a_gra or vi @ gr @), generate a variable color background in images, etc.
Content filtering: bayes
Statistical Bayesian algorithms are also designed to analyze content. Bayesian filters do not need constant tuning. All they need is prior training. After that, the filter adjusts to the subjects of letters typical for this particular user. Thus, if a user works in the education system and conducts trainings, then personally his messages on this topic will not be recognized as spam. For those who do not need offers to attend the training, the statistical filter will classify such messages as spam.
- Pros: Customization.
- Cons: Works best on individual mail flow. Setting up bayes on a corporate server with disparate mail is a difficult and thankless task. The main thing is that the end result will be much worse than for individual boxes. If the user is lazy and does not train the filter, then the technology will not be effective. Spammers specifically work to bypass Bayesian filters, and they succeed.
Greylisting
Temporary refusal to receive the message. The failure comes with an error code that all mail systems understand. After a while, they re-send the message. And programs that send spam, in this case, do not re-send the letter.
- Pros: Yes, this is also a solution.
- Cons: Delay in mail delivery. For many users, this solution is unacceptable.
