Jump to content
PC Security Forum

Recommended Posts

A Guide to Anti-Spam Software

Anti-spam software dates back to the mid-1990s, when two software engineers started compiling a list of IP addresses from which they had received unsolicited and unwanted emails. The list was distributed as a Border Gateway Protocol to subscribers of the “Mail Abuse Prevention System” (“MAPS” or “SPAM” spelled backwards), which later developed into the Domain Name Server Blackhole List.

More than twenty years later, the Domain Name Server Blackhole List (often called the Real-time Blackhole List or “RBL”) is still the primary mechanism used by anti-spam software to detect unsolicited and unwanted emails. Unfortunately, due to the increasing sophistication of spammers, RBL filters alone are not adequate defenses against email-borne threats such as malware, ransomware and phishing.

What Do Modern Anti-Spam Solutions Consist Of?

Modern anti-spam solutions use a multi-layered approach to detect spam. The mechanisms included in the multi-layered approach vary according to each email service and software provider, but generally consist of a Real-time Blackhole List, Recipient Verification Protocol, Sender Policy Framework and a content analysis tool. The functions of each mechanism are described below:

Real-time Blackhole Lists    
As mentioned above, a Real-time Blackhole List is a list of IP addresses from which spam is known to have originated. If a match is found between an inbound email and an IP address on the list, the email may be rejected depending on its “IP Reputation” (please see note below with regard to IP Reputation).

Recipient Verification Protocol    
The Recipient Verification Protocol checks recipient addresses to ensure they are valid. If the business does not have a (for example) info@xyz.com recipient address, the email is rejected, placed into a quarantine folder or flagged, depending on how the business´s spam filter has been configured.

Sender Policy Framework    
The Sender Policy Framework mechanism checks that inbound mail from a domain (i.e. info@xyz.com) comes from a host authorized by that domain’s administrators. It is an effective means of eliminating “spoofed emails”, in which the sender´s email address is disguised to look as if it is legitimate.

Content Analysis Tool    
Most anti-spam solutions have a content analysis tool that inspects the heading and content of each email and rates it accordingly. These mechanisms “learn” the probability of an email being legitimate or spam from user actions – usually through a technique known as “Bayesian Analysis”.

One significant development from the mid-1990s is that Real-time Blackhole Lists are now more refined than they were. This is due to RBL agencies assigning an “IP Reputation Score” to IP addresses based on factors such as email open rates, click-through rates, spam complaints and hard bounces (emails returned to their senders because the domain name does not exist or the recipient is unknown).

Modern anti-spam solutions consider IP reputation scores along with the ratings calculated by Content Analysis Tools in order to assign a “spam score”. System administrators can set a “Spam Acceptance Threshold” and, if the spam score exceeds the threshold, the email is rejected, quarantined or flagged, depending on how the business´s spam filter has been configured.

Link to post
Share on other sites
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...