Filter
View
Poll
Links
MacBidouille
RC5 MacBidouille
Follow us on Twitter
Hardmac on Facebook
Refurb
There is currently no item in the refurb

Protect yourself from spam

par namu - 05/06/2004
Rundown of the various method of protection against this problem

Spam, that underlying pest that stacks up in our electronic mailboxes. For the EU, it represents more than 50% of the electronic communications within the EU, and costs 10 billion Euros to the web users every year. And it just keeps getting worse.

And we passively wait for a miracle end to that junk, one that would be radical and definitive, that just never comes.
But while we wait for email tracing systems such as DomainKeys and the likes to become mainstream, it is possible to fight spam locally, one email account at a time. The tools are ready now, and they do the job. Let's review the solutions available to an internet user suffocating in the pile of advertisements for viagra, credit cards (or worse) by following the journey of a spam mail sent by an imaginary spammer, to an imaginary email account : death.to.spam@macbidouille.com

Hiding from spammers
The first obvious way to avoid spam, is to make sure not to be in their email listings. For that, one needs to avoid displaying one's email address, but still be reachable by your correspondents... Tough break, which can still be overcome by archaically encrypting one's email address so that it is still humanly "readable", for instance
death_to_spam@macbidouille.com-replace the _ by .
or another example :
death(dot)to(dot)spam(at)macbidouille(dot)com.
The text can also be replaced by an image file, or one can use a less naive form of encryption.

Another way to hide from spammers is to use a "phantom" address : a temporary account, for a few days of use only. Such services are available from Mailinator and Jetable .
One can also use a filtering services that redirects the legitimate messages to your secret email address and deletes junk ones. Sort of a screening process, if you will. Spammotel , Despammed , Sneakemail and a few others. But that just useful to those who managed to keep their account spam free.
To avoid seeing your email address added to spammers listings, there are a few rules of thumb to follow : never forward chain letters and do not type your address anywhere and everywhere.
For the sake of our example, let's imagine for a moment that our user death.to.spam left his/her address on a weblog. A special bot scans the page from a search engine, finds the email address, parses it, and adds it to a listing. Later, the spammer that runs this bot fetch the list, and start sending messages to all those addresses.

Blocking spam at the gates.

In our example, spam is sent either directly by the SMTP server of the spammer, or via one of the many improperly configured SMTP servers around the globe... and that is when that server tries to establish a connection to the SMTP server of macbidouille.com, requesting it to store a junk email which recipient is its user, death.to.spam.
In this case, it is obvious that our server must refuse this malicious connection. However possible, it requires a little bit of work:
Blocking spam upon reception means to make it impossible for the spammer to send junk mails to your email account or your domain name (a domain being the address to a network of computers, in our example : macbidouille.com). This method acts on the SMTP server level, so it can only be used if you can administrate that server. If you only use the mail account given by your ISP or a webmail service (Yahoo / Caramail / Hotmail / etc...), you can directly skip to the next section.
The first and most important step to take when configuring a SMTP server is to make sure it is going to be impossible for spammers to take advantage of it to spread spam all over : NEVER configure a server in "Open-relay" mode, It must be impossible to send emails from one domain to any other domain. The only permitted transactions must be from an external domain to your domain, and vice-versa from your domain to an external domain. For instance, it must be forbidden to send an email from happyspammer.net to victim.org via macbidouille.com ! The server must serve only the need of its users *from* its domain. So it has to be clear that the recipient/sender domain must be the same domain as your server.
Warning, the IP address needs to be matched and verified against the announced server (this is called reversed DNS), so that no one can spoof identities !
Then you have to make sure no one can spoof your identity or any of your server's users identity, by limiting the availability of the SMTP service to the valid/active users of your domain, and by setting up an authentication method (by password, preferably), once again to avoid having people pretending to be a user of yours. That way, spam won't go THROUGH you. (i.e. you will not relay spam)
All done? all right, you have one more option: setting up a blacklist of known spam domains for your server to work against. For that, you need to set your server to check one or a few list(s) of already blacklisted spam servers. That way, it won't even try to allow/initiate the connection to/from those shady bad boys.

It is also possible to blacklist an entire geographical IP block, but that can (and it usually is) a bit too efficient...


Filtering spam on the server

Upon reception by the macbidouille.com SMTP server, the spam mail is stored until the user death.to.spam retrieves it. It is possible to already act now to get rid of the spam, using tools such as the excellent SpamAssassin or the new (and promising) DSpam , and MimeDefang . Those programs analyze the received emails, and flag or delete the ones that identify as spam, using a few methods, or a combination (for a better efficiency) of some of the ones that have been proven reliable:

Bayes statistical analysis: This consists in giving each word a "spam score" and a "non spam score", those values being revised with each new message, to ever refine the detection algorithm. The algorithmic sum of the differences for each of the words of a message determines whether a message is spam or not.
Reverse-MX: This is about the verification of the origin of the messages, and the validity of the headers. For instance a message that comes from a said domain, which IP doesn't resolve against the domain name (the RMX value of a DNS record) is most likely spam.
Message analysis: This method build on Bayes Analysis, by detecting keywords, for instance intentionally malformed HTML tags or typical spamming methods, like a missing sender domain.
Collaborative authentication: That's idea behind Vipul's Razor. Since usually the same advertisement mail is sent to a few thousand addresses, one of the victim can uniquely identify the junk mail and share its signature among all Razor users, so that the program will automatically block/delete it upon reception.
Token chain analysis: This also builds on the Bayes method by considering group of words, by coupling them together. For instance, the group of word "viagra cheap" gets a higher score than if those words were separated, this minimizes the odds of false positives.
External injection: Behind this weird name is actually a very simple method that boosts the effiency of (once again) the Bayes method: the detection algorithm is built on all users of the filter.


There are a few other methods, like a blacklist of spam domains, word filtering (a bit too simplistic, though), a whitelist, etc...
The big webmail providers like Yahoo and Hotmail often offer filtering services of their own. Sometimes it is also possible to configure those filters manually, but then things get really complex very fast.


Filtering spam on the client
Ok, let's imagine that the advertisement message got through the filters and the blacklists. It is now stored on the macbidouille.com SMTP server. The user death.to.spam then connects to the POP server of macbidouille.com to retrieve his/her emails.

It is still possible to act at that moment to delete the spam, for instance with the use of MailWasher, which connects in the background to the POP server and deletes spam directly on the server, before you retrieve them, or SpamCruncher, that applies SpamAssassin detection methods while the mails are still on the server.
Another hybrid method, between filtering on the server and filtering on the client, consists in using a POP proxy. The program acts as a POP client on one side, fetching your emails, and on the other as a POP server, to which you connect to retrieve your mail, detecting spam in between. That's how POPFile (to install POPFile on MacOS X you first need to install extra Perl modules : DBI DBD-SQLite and HTML-Tagset, for more info on this please refer to MacOSXHints, or the June 2004 edition of Mac and Co) and the also very nice Cerebrus work.
Okay, let's say that death.to.spam has downloaded the message. it is now stored on the email database of his/her client (Mail.app, Entourage, Outlook, Eudora, etc...). It should be possible to automatically filter spam and send it directly to the trash, so that death.to.spam doesn't have to do that manually (which can quickly get annoying). For that, most email clients feature a spam filter, which you usually just need to turn on (and sometimes train a bit). For instance, Mail.app filters can be activated through the preferences, under the "junk mail" tab. Set the filter to training mode, to refine the filtering process, then switch it to automatic when you feel it's good and ready.
There are also a few additional filters, like JunkMatcher for Mail.app, or SpamBayes for Outlook. The Anti SPAM Collective has a very extensive list of tools/utilities.

...and play dead
There is still one more step you can take to protect yourself from spam... because once death.to.spam is going to read the spam email, he/she might unknowingly confirm his/her address to the spammer (who is then never going to let that address go and eventually sell it to other spammers) : because the received email is an HTML page that contains a tiny little image hosted on the spammer's server. It is imperative to disable the display of images in HTML message by default. this is a standard option in most email clients. The extra benefit is that you do not waste any bandwidth.
Of course do not EVER NEVER reply to a spam message. First, you might actually flood the mailbox of a perfectly legitimate we users whose identity has been spoofed (and therefore is innocent of spamming), but secondly you're just adding to the enormous volume of email being exchanged, and that for no benefit at all.

And finally, it is important to protect yourself from any worm, virus and/or trojan, effectively, these malicious pieces of code are very often used to transform your computer into a SMTP relay zombie ideal for spammers (in addition to some other ill effects). that is why one must consider infectious emails as spam, and try by all mean to block those nasty messages with all the methods described above.

As you can see, the tools do exists and are available, but most importantly, they work. A small effort now goes a long way. If the major ISPs would all use SpamAssassin, for instance, spam would quickly go back to being insignificant.


[Translated by Kurisu]
1 / 1
Menu
News
Forum
Blog
Speedtest
News
Articles
Blog
All Keywords
From
To
Full View
Daily View
List View
Next
Previous
Printer Friendly
Tip a friend
Share this page
© MacBidouille / HardMac 2001 - 2012. All rights reserved. Contact us. Designed by Innovagency.ch.
top of page