What are the methods of combating spam. Spam protection Anti-spam system

Blacklists

Blacklists include IP addresses from which spam is sent.

To configure, go to the section Spam Protection-> Blacklists and click the "Create" button. In field Sender enter the IP address mail server(or the first digits from this address), mail domain, or a separate e-mail address for which mail forwarding will be prohibited (depending on the installed mail client, the recording formats will differ).

Greylisting

The principle of operation of gray lists is based on the tactics of sending spam. As a rule, spam is sent in a very short time in in large numbers from any server. The job of the greylist is to deliberately delay the receipt of emails for some time. The address and forwarding time are entered into the greylist database. If a remote computer is a real mail server, then it must keep the letter in the queue and repeat the forwarding within five days. Spam bots, as a rule, do not keep messages in the queue, so after a short time they stop trying to forward the letter. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is added to the local white list for enough long term. One of the disadvantages of the method is the possibility of mail delivery delays of 15 minutes or more, depending on the settings of the sender's server.

Greylisting is configured in the Greylisting module, where you must specify the required parameters. Greylisting in the ISPmanager panel works through two applications - Milter-greylisting and Postgrey, which must first be activated in the Features section.

dnslb blocking

DNSBL (DNS blacklist) - lists of hosts stored using the DNS system. The mail server accesses the DNSBL and checks it for the presence of the IP address from which it receives the message. If the address is in this list, then it is not accepted by the server, and the corresponding message is sent to the sender

In chapter Spam Protection select Blocking dnsbl , click the "Create" button and add a new dnsbl blocking list. In field Block List indicate Domain name block list. Information about the presence of a particular mail server in the black list will be requested from this server.

You can find the most common block lists here: http://www.dnsbl.info/dnsbl-list.php

Message limit

Another way to fight spam is to set a limit on the number of messages.

This functionality is available if you have Exim installed.

Spamassassin

The SpamAssasin (SA) program allows you to analyze the contents of an already delivered message. You can add the appropriate lines to the message headers, and the user, based on mail filters in mail client, can filter mail in desired folders mail program.

To be able to use SA in the ISPmanager panel, activate it in the Capabilities module. By default, after activation, the automatic self-learning function will be enabled, but, in addition, the effectiveness of spam retention can be significantly increased using "manual" filter learning.

Setting up a mailbox and mail domain

To completely disable the Greylisting check for any recipient address or domain (for example, if you do not want mail to be subjected to this check), go to the module

Dear friends and users of our site, I am with you again, SpaceWolf, and today we will talk about the urgent problem of “SPAM”. The way to solve this problem will get rid of spam on the form feedback , spam comments or spam on online orders.

I would like to immediately note the pros and cons of this method:

Works well against bots.
Quick installation in the form of sending messages
Minimum code (3 lines)
It does not require special knowledge, except for the location of the main files.
Users who do not have java will not be able to pass the verification and therefore send a message.

Basically everything. Let's proceed with the installation:

1) Add an additional hidden field to your form (this is a comment form, a feedback form, a product order form) with the name name=”check” meaning value="" leave empty. Example:

2) In the same form, but only in the button (“send”, “write”, “Leave feedback” or whatever you call it), add the following code:

If ($_POST["check"] != "stopSpam") exit("Spam decected");

Spam protection - how it works

The principle is as simple as the code itself. It is designed to prevent spam bots from running programs on JavaScript. At the time when a regular user clicks on the “order” button in our hidden field, the word “stopSpam” will fit in, and in the case of a robot, this field will remain empty. I will explain this moment Why will it remain empty?. The robot fills in all fields except for our hidden field with an identifier id=”check” and variable check will remain blank, hence the mail will not be sent. And when the user clicks on the button, our JavaScript, which we added to the button.

I advise you to use this method together with captcha, the effect will be better.

Well, that's all. If the article helped you, write comments, repost and do not forget to say "Thank you" in the comments.

If someone has other problems or questions, leave them in the comments, we will be happy to find a solution together. We are waiting for your messages!

The following technologies are used to protect mail servers:

There are two main methods of spam protection: protection against spam when the mail is received by the server, and separating spam from the rest of the mail after it is received.

Blacklists. Blacklists include IP addresses from which spam is sent.

Greylisting or greylisting. The principle of operation of gray lists is based on the tactics of sending spam. As a rule, spam is sent in a very short time in large quantities from any server. The job of the greylist is to deliberately delay the receipt of emails for some time. The address and forwarding time are entered into the greylist database. If the remote computer is a real mail server, then it must keep the letter in the queue and repeat the forwarding within five days. Spam bots, as a rule, do not keep messages in the queue, so after a short time they stop trying to forward the letter. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is added to the local whitelist for a sufficiently long period.

DNSBL (DNS blacklist)– lists of hosts stored using the DNS system. The mail server accesses the DNSBL and checks it for the presence of the IP address from which it receives the message. If the address is in this list, then it is not accepted by the server, and the corresponding message is sent to the sender

Message limit. Set a limit on the number of messages.

Program Spamassassin(SA) allows you to analyze the content of an already delivered message. SpamAssassin comes with a large set of rules that determine which emails are spam and which are not. Most of the rules are based on regular expressions that match the message body or header, but SpamAssassin uses other techniques as well. The SpamAssassin documentation refers to these rules as "tests".

Each test has some "cost". If the message passes the test, this "cost" is added to the total score. The cost can be positive or negative, positive values are called spam, negative values are called ham. The message goes through all the tests, the total score is calculated. The higher the score, the more likely the message is spam.

SpamAssassin has a configurable threshold above which an email will be classified as spam. Usually the threshold is such that the email must meet several criteria; just one test failing is not enough to exceed the threshold.

The following technologies are used to protect websites from spam:

1. Image captcha. Those. the user is shown arbitrary text that the user must enter in order to perform any action.

2. Text captchas– the subscriber must enter the answer to the proposed question to confirm his actions.

3. Interactive captcha- a little common, but very useful form of protection. For example, to confirm actions, the user will be asked to solve an easy jigsaw puzzle - for example, to assemble a picture from three or four parts.

According to statistics, more than 80 percent of malicious programs penetrate into local network just through email. The mail server itself is also a tasty morsel for hackers - having gained access to its resources, the attacker gets full access to the archives emails and lists email addresses, which allows you to get a lot of information about the life of the company, ongoing projects and work in it. After all, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by attacking those addresses or writing fake emails.

Spam is, at first glance, a much lesser threat than viruses. But:

a large flow of spam distracts employees from their tasks and leads to an increase in non-productive costs. According to some reports, after reading one letter, an employee needs up to 15 minutes to enter the working rhythm. If more than a hundred unsolicited messages come in a day, then their need to view them significantly violates the current work plans;
spam facilitates the penetration into the organization of malicious programs disguised as archives or exploiting vulnerabilities in email clients;
a large flow of letters passing through the mail server not only worsens its performance, but also leads to a decrease in the available part of the Internet channel, an increase in the cost of paying for this traffic.

With the help of spam, some types of attacks using social engineering methods can also be carried out, in particular phishing attacks, when a user receives letters disguised as messages from completely legal persons or organizations, asking them to perform some action - for example, enter a password to their bank card.

In connection with all of the above, the e-mail service requires protection without fail and in the first place.

Solution Description

The proposed solution for protecting the enterprise mail system provides:

protection from computer viruses and other malicious software distributed via e-mail;
protection against spam, as coming to the company by e-mail, and distributed over the local network.

Modules can be installed as additional modules of the protection system;

protection against network attacks on the mail server;
anti-virus protection of the mail server itself.

Solution Components

Protection system mail services can be implemented in several ways. The choice of the appropriate option is based on:

policy adopted by the company information security;
operating systems used in the company, management tools, security systems;
budget restrictions.

The right choice allows not only to build a reliable protection scheme, but also save a significant amount of money.

As examples, we will give the options “Economic” and “Standard”

The “Economical” option is based on operating system Linux and maximum use of free products. Composition of the variant:

virus and spam protection subsystem based on products of Kaspersky Lab, Dr.Web, Symantec. If a company uses a demilitarized zone, it is recommended to move the mail traffic protection system to it. It should be noted that products designed to work in the demilitarized zone have more functionality and greater capabilities for detecting spam and attacks than standard ones, which improves network security;
firewall subsystem based on the iptables2 firewall standard for the Linux operating system and management tools;
attack detection subsystem based on Snort.

Mail server security analysis can be done with Nessus

The solution based on the “Standard” option includes the following subsystems:

subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
firewall and intrusion detection subsystem based on Kerio Firewall or Microsoft ISA.

Mail server security analysis can be done with XSpider

Both of these options do not include security modules by default. instant messaging and webmail
Both the “Economic” option and the “Standard” option can be implemented on the basis of certified FSB and FSTEK software products, which allows them to be delivered to government agencies and companies with a high level of security requirements.

Benefits of the proposed solution

the solution provides reliable protection against the penetration of malicious programs and spam;
optimal selection of products allows you to implement a protection scheme that takes into account the needs of a particular client.

It should be noted that a full-fledged protection system can only function if the company has an information security policy and a number of other documents. In this regard, Azone IT offers services not only for the implementation of software products, but also for the development of regulatory documents and auditing.

You can get more detailed information about the services provided by contacting the specialists of our company.

A modern spam mailing list is distributed in hundreds of thousands of copies in just a few tens of minutes. Most often, spam goes through infected malware user computers - zombie networks. What can be done to counter this pressure? The modern IT security industry offers many solutions, and there are various technologies in the arsenal of anti-spammers. However, none of the existing technologies is a magical "silver bullet" against spam. There is simply no universal solution. Majority modern products use several technologies, otherwise the effectiveness of the product will not be high.

The most known and widespread technologies are listed below.

Blacklists

They are DNSBL (DNS-based Blackhole Lists). This is one of the oldest anti-spam technologies. Block mail coming from the IP servers listed.

Pros: Blacklist 100% cuts off mail from a suspicious source.
Minuses: Give high level false positives, so use with caution.

Mass control (DCC, Razor, Pyzor)

The technology involves the detection of mass messages in the mail flow, which are absolutely identical or differ slightly. To build a workable "mass" analyzer, huge mail flows are required, so this technology is offered by major manufacturers, which have significant volumes of mail they can analyze.

Pros: If the technology worked, then it was guaranteed to determine the mass mailing.
Minuses: Firstly, a “large” mailing may not be spam, but quite legitimate mail (for example, Ozon.ru, Subscribe.ru send thousands of almost identical messages, but this is not spam). Secondly, spammers are able to “break through” such protection using intellectual technologies. They use software that generates different content - text, graphics, etc. - in every spam email. As a result, mass control does not work.

Checking internet message headers

Spammers write special programs to generate spam messages and distribute them instantly. At the same time, they make errors in the design of headers, as a result, spam does not always comply with the requirements of the RFC mail standard, which describes the format of headers. These errors can be used to detect a spam message.

Pros: The process of spam recognition and filtering is transparent, regulated by standards and quite reliable.
Minuses: Spammers are learning fast, and there are fewer and fewer errors in spam headers. Using only this technology will allow you to delay no more than a third of all spam.

Content filtering

Also one of the old, proven technologies. The spam message is checked for the presence of spam-specific words, text fragments, pictures, and other typical spam features. Content filtering began with the analysis of the message subject and those parts of it that contained text (plain text, HTML), but now spam filters check all parts, including graphic attachments.

As a result of the analysis, a text signature can be built or the “spam weight” of the message can be calculated.

Pros: Flexibility, the ability to quickly "fine" settings. Systems based on this technology easily adapt to new types of spam and rarely make mistakes in distinguishing between spam and normal mail.
Minuses: Updates are usually required. The filter is configured by specially trained people, sometimes by entire anti-spam laboratories. Such support is expensive, which affects the cost of the spam filter. Spammers invent special tricks to circumvent this technology: they introduce random “noise” into spam, which makes it difficult to find spam characteristics of the message and evaluate them. For example, they use non-alphabetic characters in words (for example, the word viagra may look like this when using this technique: vi_a_gra or [email protected]@) generate variable colored backgrounds in images, and so on.

Content filtering: bayes

Statistical Bayesian algorithms are also designed for content analysis. Bayesian filters do not need constant tuning. All they need is pre-training. After that, the filter adjusts to the topics of letters that are typical for this particular user. Thus, if a user works in the education system and conducts trainings, then personally messages on this subject will not be recognized as spam. For those who do not need offers to attend the training, the statistical filter will classify such messages as spam.

Pros: Individual setting.
Minuses: Works best on individual mail flow. Setting up Bayes on a corporate server with heterogeneous mail is a difficult and thankless task. The main thing is that the end result will be much worse than for individual boxes. If the user is lazy and does not train the filter, then the technology will not be effective. Spammers specifically work to bypass Bayesian filters, and they succeed.

Greylisting

Temporary refusal to receive a message. The failure comes with an error code that all mail systems understand. After some time, they resend the message. And programs that send spam, in this case, do not resend the letter.