Make A List on Spam Risk

Filed in Uncategorized by on December 24, 2013

Black lists Ownership, use, efficiency These include: lists of IP-addresses of computers that are known to them being spam. (widely used) lists of computers that can be used for distribution – «relei open» and «open proxy», and also – lists «dial» – client addresses to which there can be no mail servers (possible use), a local list or the list maintained by someone else. (widely distributed through the simplicity of implementation), black lists, a request that is carried out via DNS. They are called DNSBL (DNS B lack L ist).

Currently this method is not very efficient. Spammers find new computers to their goals faster than they manage to enter in the black lists. In addition, several computers, send spam, can compromise the entire email, domain, or subnet, and thousands of law-abiding users for an indefinite period will be denied the opportunity to send e-mail servers, using a black list. (found) lists rather preach radical theory (eg, equating to a viral malicious spam messages, etc.). Misuse Often, the irresponsible and improper use of black lists of administrators of resources, leading to blockage of the large number of innocent users. Example: the use of lists with accurate representations of what the address and how it incorporated the use of email black lists for web-resources, etc.

The irresponsible use of Example: the failure of a user (or administrator) blocked addresses on the list (because they are there a great many), or rukovodstvovanie in their actions the principle of presumption of guilt. Example: (the most striking example of the irresponsible attitude last time), the blocking of domain registrar GoDaddy thousands of domain names registered by the hosting company Majordomo [17], based on single and unverified complaints from a group Spamhaus [18] [19]. Racket on the part of administrators blacklists Recently, the network appears more and more complaints against administrators blacklists which blackmailed Internet providers and hosting providers failure to remove IP addresses from which spam was once perhaps was sent (the addresses are in the black lists of anonymous complaints that are often impossible to verify) . In addition, many require “donations” from the owners of IP addresses for the removal of records from the blacklists.

Authorization Server Have been proposed various methods to confirm that the computer that sends the message, actually has the right to do so (Sender ID, SPF, Caller ID, Yahoo DomainKeys, MessageLevel [1]), but they are not yet widely available. In addition, these technologies limit the functionality of some common types of mail servers: becomes impossible to automatically redirect your mail from one mailbox to another server (SMTP Forwarding). Among the providers of extended policy, under which customers are allowed to install SMTP-connection with server. In this case, becomes impossible to use some of the mechanisms of authentication.

Gray lists The method of gray lists based on the fact that «behavior» software designed to send spam, different from that of an ordinary e-mail servers, namely, spam programs are not trying to re-send the letter in the event of a temporary error, as required by the protocol SMTP. More precisely, an attempt to circumvent the protection, in subsequent attempts, they use a different relay, another return address, etc., so it looks for the host as part of attempts to send different messages.

The simplest version of the gray lists works as follows. All previously unknown SMTP-servers rely in a «gray» list. Mail from such servers is not accepted, nor rejected entirely – he returns a temporary error code ( «come later»). If the server-sender repeats its attempt to at least some time tg (this time called the delay), the server is entered in the whitelist, and the mail was adopted. Therefore, standard mail (not spam) are not lost, just delayed delivery (they remain in the queue at the sender’s server and delivered after one or more unsuccessful attempts). Program-spammers, or do not know how to re-send messages or use their servers will actually delay time to get on blacklists DNSBL. This method currently allows the filter to 90% of spam with virtually no risk of losing important messages. However, it also was not perfect. May mistakenly filter out messages from servers who do not meet the recommendations of the protocol SMTP, for example, the distribution of news sites. Servers with this behavior, if possible, be recorded in the whitelists.

Delay in delivery of the letter can be as high as half (or even more), which may be unacceptable in the case of urgent correspondence. This disadvantage is offset by the fact that the delay is introduced only when making the first letter from a previously unknown sender. Also, many of the implementation of gray lists automatically after a period of «friendship», making a SMTP-server in the whitelist. There are ways of sharing such mezhservernogo white lists. As a result, after an initial period «remember», in fact, been delayed less than 20% of the letters.

Major postal services using multiple servers with different IP-addresses, moreover, possible that a few servers in turn are trying to send the same message. This can lead to great delays in the delivery of letters. Pools of servers such behavior is also possible to put in the white lists. Spam programs can be improved. Support for re-sending the message is implemented fairly easily and in large part нивелирует this kind of protection. A key figure in this struggle is the ratio of the characteristic time getting to the spammer blacklists tb and a typical time-delay «gray» lists tg. When the gray list of potentially futile, with formidable gray lists for spammers.