Email Spam
E-mail spam is a type of spam that involves sending almost identical messages to numerous recipients by e-mail.
Most definitions of spam are based on the e-mail being Unsolicited Bulk E-mail (UBE). That is, spam is e-mail that is both unsolicited by the recipients and there are many substantively similar e-mails being sent. Spam is usually unwanted, commercial and sent by automated means and some definitions include those aspects.
Spam has grown vastly over the last thirty years, as shown below.
E-mail spam is a type of spam that involves sending almost identical messages to numerous recipients by e-mail.
Most definitions of spam are based on the e-mail being Unsolicited Bulk E-mail (UBE). That is, spam is e-mail that is both unsolicited by the recipients and there are many substantively similar e-mails being sent. Spam is usually unwanted, commercial and sent by automated means and some definitions include those aspects.
Spam has grown vastly over the last thirty years, as shown below.
1978 - An e-mail spam is sent to 600 addresses.
1994 - First large-scale spam sent to 6000 newsgroups, reaching millions of people.
2005 - (June) 30 billion per day.
2006 - (June) 55 billion per day.
2006 - (December) 85 billion per day.
2007 - (February) 90 billion per day.
There many ways of tackling spam. These are some:
Blocking and filtering, but blocking machine learning techniques, does more to alleviate the bandwidth cost of spam, since spam can be rejected before the message is sent. Filtering tends to be more thorough, since it examines the details of a message, however many mail administrators prefer to use blocking to deny access to their systems from sites tolerant of spammers.
Many modern spam filtering systems take advantage of both reduce the amount of spam delivered to mailboxes, which improve their accuracy over manual methods.
Another way is HELO/EHLO checking, this consists of simply checking the email.
In many situations, simply requiring a valid FQDN in the SMTP EHLO statement is enough to block 25% of incoming spam by refusing connections from hosts that begin transmission before receiving the host's HELO banner. It is also done by refusing connections from hosts that give an invalid HELO.
An Example of invalid and valid HELOs.
Invalid HELO localhost
Invalid HELO 127.0.0.1
Invalid HELO domain.tld
Valid HELO [127.0.0.1]
Connections are also refused when:
Many modern spam filtering systems take advantage of both reduce the amount of spam delivered to mailboxes, which improve their accuracy over manual methods.
Another way is HELO/EHLO checking, this consists of simply checking the email.
In many situations, simply requiring a valid FQDN in the SMTP EHLO statement is enough to block 25% of incoming spam by refusing connections from hosts that begin transmission before receiving the host's HELO banner. It is also done by refusing connections from hosts that give an invalid HELO.
An Example of invalid and valid HELOs.
Invalid HELO localhost
Invalid HELO 127.0.0.1
Invalid HELO domain.tld
Valid HELO [127.0.0.1]
Connections are also refused when:
- hosts give an obviously fraudulent HELO - for example, issuing a HELO using the FQDN or an IP address that doesn't match the IP address of the connecting host.
- emails claiming to be from a hosted domain when the sending host has not authenticated.
No comments:
Post a Comment