Home | Fedora Core 4 Tutorial | Linux Tutorials | Linux Games | Linux Java | Linux Kernal | Linux Firewall | Linux Database | Linux Distributions | Linux Firewall GUI | Linux Distributions | Linux Firewall

 

 

Search Host

Monthly Fee($)
Disk Space (MB)
Register With us for Newsletter!
Visit Forum! Post Questions!
Jobs At RoseIndia.net!

Have tutorials?
Add your tutorial to our Java Resource and get tons of hits.

We offer free hosting for your tutorials. and exposure for thousands of readers. drop a mail
roseindia_net@yahoo.com 
   

Tutorials

Java Server Pages

JAXB

Java Beans

JDBC

MySQL

Java Servlets

Struts

Bioinformatics

Java Code Examples

Interview Questions
 
Join For Newsletter

Powered by groups.yahoo.com
Visit Group! Post Questions!

Web Promotion

Web Submission

Submit Sites

Manual Submission?

Web Promotion Guide

Hosting Companies

Web Hosting Guide

Web Hosting

Linux

Beginner Guide to Linux Server

Linux Distribution

Major Linux Distribution

Linux FTP Software

Frameworks

Persistence Framework

Web Frameworks

Free EAI Tools

Web Servers

Aspect Oriented Programming

Free Proxy Servers

Softwares

Adware & Spyware Remover

Open Source Softwares
Spam Filtering for Mail Exchangers:
PrevNext

Chapter 4. Questions & Answers

In this section I try to anticipate some of the questions that may come up, and to answer them. If you have questions that are not listed, and/or would like to provide extra input in this section, please provide feedback.

When Spammers Adapt

Q: What happens when spammers adapt and try to get around the techniques described in this document?

Q: What happens when spammers adapt and try to get around the techniques described in this document?

A: Well, that depends. :-)

Some of the checks described (such as SMTP checks and Greylisting) specifically target ratware behavior. It is certainly possible to imagine that this behavior will change if enough sites incorporate these checks. Hatmut Danisch notes: Ratware contains buggy SMTP protocols because they didn't need to do any better. It worked this way, so why should they have spent more time? Meanwhile "ratware" has a higher quality, and even the quality of spam messages has significantly improved. Once enough people reject spam by detecting bad SMTP protocols, spam software authors will simply improve their software.

That said, there are challenges remaining for such ratware:

  • To get around SMTP transaction delays, they need to wait for each response from the receiving SMTP server. At that point, we have collectively accomplished a significant reduction in the rate of mail that a given spamming host is able to deliver per unit of time. Since spammers are racing against time to deliver as many mails as possible before DNS blocklists and collaborative content filters catch up, we are improving the effectiveness of these tools.

    The effect is similar to the goal of Micropayment Schemes, wherein the sender spends a few seconds working on a computational challenge for each recipient of the mail, and adds a resulting signature to the e-mail header for the recipient to validate. The main difference, aside from the complexity of these schemes, is that they require the participation of virtually everyone in the world before they can effectively be used to weed out spam, whereas SMTP transaction delays start being effective with the first recipient machine that implements it.

  • To get around a HELO/EHLO check, they need to provide a proper greeting, i.e. identify themselves with a valid Fully Qualified Domain Name. This provides for increased traceability, especially with receiving Mail Transport Agents that do not automatically insert the results of a rDNS lookup into the Received: header of the message.

  • To get all of the Sender Address Checks, they need to provide their own valid sender address (or, at least, a valid sender address within their own domain). Nuff said.

  • To get around Greylisting, they need to retry deliveries to temporarily failed recipients addresses after one hour (but before four hours). (As far as implementation goes, in order to minimize machine resources, rather than keeping a copy of each temporarily failed mail, ratware may keep only a list of temporarily failed recipients, and perform a second sweep through those addresses after an hour or two).

    Even so, greylisting will remain fairly effective in conjunction with DNS Blacklists that are fed from Spam Traps. That is because the mandatory one-hour retry delay will give these lists a chance to list the sending host.

Software tools, such as Spam Scanners and Virus Scanners, are in constant evolution. As spammers evolve, so do these (and vice versa). As long as you use recent versions of these tools, they will remain quite effective.

Finally, this document is itself subject to change. As the nature of junk mail changes, people will come up with new, creative ways to block it.

PrevHomeNext
User Settings and Data Exim Implementation
Search Tutorials

Linux Distributions

Fedora
Slackware
SuSe
Mandrake
Knoppix
Mepis
Debian
All Distors....
 

 

 

Send your comments, Suggestions or Queries regarding this site at roseindia_net@yahoo.com.

Copyright © 2004. All rights reserved.