A modern spam mass mailing containing hundreds of thousands of messages can be distributed within a few minutes. Most often spam comes from zombie networks – formed by a quantity of users’ computers infected by malicious programs. What can be done to resist these attacks? Currently the IT security industry offers a lot of solutions and anti-spam developers have various technologies available in their arsenal. However, none of these technologies can be deemed to be a ’silver bullet’ in the fight against spam. A universal solution simply does not exist. Most state-of-the-art products have to integrate several technologies, otherwise the overall effectiveness of the product is not very high.
The most well-known and widely spread technologies are specified below.
DNSBL (DNS-based Blackhole Lists) is one of the oldest anti-spam technologies. This blocks the mail traffic coming from IP servers on a specified list.
This technology provides detection of completely identical or slightly varying bulk emails in mail traffic. An efficient ‘bulk email’ analyzer needs huge traffic flows, so this technology is offered by major vendors who have considerable traffic volumes, which they can analyze.
Special programs are written by spammers that can generate spam messages and instantaneously distribute them. Sometimes, mistakes made by the spammers in the design of the headings mean that spam messages do not always meet the requirements of the RFC standard for a heading format. These mistakes make it possible to detect a spam message.
Content filtration is another time-proven technology. Spam messages are scanned for specific words, text fragments, pictures and other spam features. Initially, content filtration analyzed the theme of the message and the text contained within it (plain text, HTML etc). Currently spam filters scan all parts of the message, including graphical attachments.
The analysis may result in the creation of a text signature or calculation of the ’spam weight’ of the message.
Statistical Bayesian algorithms are just another approach to the analysis of content. Bayesian filters do not require constant adjustments. All they need is initial ‘teaching’. The filter ‘learns’ the themes of emails typical for a particular user. For example, if a user works in the educational sphere and often holds training sessions, any emails with a training theme will not be detected as spam. If a user does not normally receive training invitations, the statistical filter will detect this type of messages as spam.
Greylisting is the temporary denial of the ability to receive a message. The denial includes an error code understood by all email systems. Normally the sender would then resend the message. However, once denied, the programs used by spammers do not resend emails.