Chapter 2. Spam and Anti-Spam Techniques
As spam increased in volume and became more of a problem, anti-spam techniques were developed to counteract it. Tools to block spam were developed by a group of professionals. These tools were not always automated, but when used by system administrators of large sites, they could successfully filter spam for a large number of users. In response, spammers evolved their techniques to increase the number of spams delivered by working around and through the filters. As spam filters improved, spammers designed other methods of bypassing the filters and the cycle repeated. This resulted in the development of both spam and anti-spam techniques and tools over a number of years. This evolutionary process continues today.
Anti-spam tools use a wide range of techniques to reduce the volume of spam received by a user. A number of these techniques will be described in this chapter. SpamAssassin is an important Open Source tool that we will examine in the light...
Spammers have developed a complex arsenal of techniques for spamming. Important spamming techniques are described in the following sections.
An open relay is a computer that allows any user to send email. Spammers use such computers to send spam without the email being traced to its true origin. Open relays are discussed in detail in Chapter 3.
Collecting Email Addresses
Early spammers had to collect email addresses in order to send spam. They use a variety of methods, from collecting email addresses from the Internet and Internet newsgroups to simply guessing email addresses. Email address collection is discussed in detail in Chapter 4.
Most people can detect spam from the email subject or sender. It is often easy to discard spam emails without even looking at the body. One technique used by spammers is to hide the true content of their emails. Often, the subject of an email is a simple "Hi"; alternatively, an email might appear to...
As the techniques to deliver spam have become more sophisticated, so have the techniques to detect and filter spam from legitimate email. The main techniques are described in the following sections. These techniques can be used on the email server by a system administrator, or an anti-spam service can be purchased from an external vendor.
Filters are based upon common words or phrases in an email body, for example 'buy', 'last chance', and 'Viagra'. SpamAssassin includes a variety of keyword filters and allows easy addition of new rules.
Open Relay Blacklists (ORBLs)
Open relay blacklists (ORBLs) are lists of open relays that have been reported and added to these blacklists after being tested. Anti-spam tools can query open relay blacklists and filter out emails originating from these sources. SpamAssassin can integrate with several open relay blacklists.
It has always been possible to complain to an ISP about a spammer. Some ISPs take complaints...
There is a significant market for commercial spam-filtering services. Typically, these are suitable for individuals and small companies that access email via POP3. The different approaches taken by providers are described below.
In this approach, the users give their details to the anti-spam service provider. This information includes their ISP details, username, and password. The anti-spam service company then regularly connects to the ISP on behalf of the user and collects all the emails. The spam is filtered out and ham email is forwarded to another POP3 account.
One obvious disadvantage of this approach is that the account username and password have to be passed to another party. It is not wise to give out this sensitive information.
Another disadvantage is that any emails wrongly identified as spam may be lost forever. If the anti-spam service provider provides an archive of spams emails, they can be reviewed and any wrongly identified emails...
There are many anti-spam tools available. Some are available for free, and others are commercial products. Most anti-spam tools use more than one of the anti-spam techniques. SpamAssassin is the acknowledged leader of the free anti-spam tools and can perform as well as the commercial solutions.
SpamAssassin is a popular anti-spam tool that is now a top level project at the Apache Software Foundation.
SpamAssassin is based on rules and uses a score-based system. There are a number of rules; each rule performs a test on the email, and each rule has a score. When an email is processed by SpamAssassin, it is tested against each rule. For each rule found to be 'true' for an email, the score associated with the rule is added to the overall score for that email. Once all the rules have been used, the total score for the email is compared to a threshold value. If the score exceeds the threshold, then the email is marked as spam.
SpamAssassin does...
Spam, and the tools used to create and filter it have evolved over time. There is a continuous evolution in the techniques used by both sides.
Anti-spam services are currently available for both individuals and small organizations.
SpamAssassin encompasses many of the current anti-spam tools and techniques in a single package, which is flexible and highly configurable by both system administrators and users. In this chapter, we covered the features of SpamAssassin in the context of anti-spamming ability and techniques used to prevent spam.