Spam, or junk e-mail can be defined as :
“Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups”
For most most of my customers Spam eventually becomes a problem. One customer had an employee working 2 hours a day just sifting through the email deleting the rubbish. It had to be done carefully in case any important messages also get zapped by accident.
The amount of spam e-mail now exceeds the amount of legitimate e-mail. The e-mail infrastructure is likely to grind to a halt entirely within a couple of years if significant action is not taken soon.
The ultimate solution must be to stop spam at source, however a high percentage of the world’s spam comes from countries in Asia with relatively less-developed anti-spam laws such as China, Korea and Taiwan. Weak security, such as mail servers with relays left open for exploitation by spammers, has also been blamed for the flood of junk mail from the region
Detecting and deleing spam after it has downloaded to the recipients computer is the least desirabe solution, as most of the damage in terms of slowing down mail servers has already been done. Tools which detect and delete spam on the server prior to downloading are obviously a better solution. One in particular has shown itself to be very effective. It is described in the article below by P. Tucker Withington.
Canning Spam
P. Tucker Withington
Reprinted from http://pt.withy.org/ptalk/archives/2003/09/
I’ve been around the net a while, so unfortunately my email address has found it’s way onto many a spammer’s mailing list and I probably get more than the usual amount of spam, which has driven me to find some tools to deal with spam.
One of the biggest misunderstandings with spam is how email works: Email is a lot like postal mail, in that it consists of both an envelope and a message. The envelope tells where to deliver the message. The message includes an inside address, which purports to be the source of the message, but is easily forged. (Just imagine writing a letter to your Aunt Jo, but you accidentally put it in an envelope to pay your electric bill.
The electric company will get your letter, even though the inside address is for your Aunt Jo. Spammers do the same thing, intentionally. They write a nice letter that appears to be from your Aunt Jo, telling you how to enlarge your bank account, then make a zillion copies and stick it in a zillion different envelopes and send it to zillions of people.)
Unfortunately, most email clients, in an attempt to be helpful, open all your mail, discard the envelopes, and just show you the message. As a result, you don’t notice that the message from your Aunt Jo came in a bulk mail envelope – the one’s you would normally drop right into the trash if they came in your postal mail.
After a bunch of research, I decided to try a service called SpamCop.NET (not spamcop.COM – a cheap imitation, and not spamcop.ORG – who are actually spammers). Here’s how SpamCop works: it encourages people to report spam and analyzes the full spam message, looking at the internal postmarks (these are the Received: lines in the envelope of an email message that you can see if you ask your mail client to show the internet headers, or full headers of the message). By analyzing these postmarks1, SpamCop can trace the actual origin of the message. By accumulating spam reports, SpamCop develops a database of known spam sources. It then uses this database to analyze new messages, and marks those coming from known spam sources as likely to also be spam.
The technique that SpamCop uses is known as DNS blacklisting2, which some find controversial because they feel it could block legitimate mail that happens to originate at the same computer the spammer is using. SpamCop gets around that issue by only holding mail from suspected spammers – it leaves it up to you to choose to accept or reject the suspected spam, and if you like, to mark a particular address as being okay to always pass through (by putting it on your whitelist.
So, how do you use SpamCop.NET? After you sign up for an account, you can either arrange to have your old email address forward to your new SpamCop address, or you can configure SpamCop to pick up your mail from your old address. You have a choice of reading your mail using SpamCop’s web-based mail reader, or you can forward all unblocked mail to a new, private, email address (it can’t be your old address, or the mail will just go round and round in a loop). Keep this new address completely private – only SpamCop should know about it and only SpamCop should ever deliver mail there. You’ll need an email client that can be configured to pick up mail at your private address, but send mail using your public address to make this work best. (Unfortunately, AOL is not that flexible.)
Yes, it’s a bit contorted, but that is only if you want to keep your old public address around. If you are just as happy to discard your old public address, you can just use your SpamCop address as your public address. If you have a number of public addresses, like a free one from your alma mater, or a professional society, you can forward those to your SpamCop account too, and pick up all your mail in one place.
Recently, SpamCop has added two new features, virus scanning and a filter that analyzes email for spam-like content (the particular filter SpamCop is using is called SpamAssassin (again not to be confused with spamassassin.com or spamassassin.net, two commercial sites trying to capitalize on spamassassin.org‘s success). The virus filter simply discards messages with viruses in them. They never reach your inbox. SpamAssassin uses a number of heuristics including Vipul’s Razor to score messages, and messages with a high spam-like score will be held for your approval before being sent to your inbox.
1. Postmarks can be forged too, but SpamCop.NET is careful to trace the postmarks backwards from known trustworthy sources and to discard any that could be forged. If you want the gory details – the postmark is applied by the computer that receives the message (hence the Received: moniker), and records the IP address of the sending computer. This address cannot be forged, since the two computers have to carry on a two-way conversation to deliver the message.
2. Blacklists and whitelists use the traditional definition of good and evil. Addresses on a blacklist are considered evil, those on the whitelist are considered good.
↑ Back to top ↑
