Anti-spam system 5 letters. What methods exist to combat spam. Anti-spam protection - how it works

The following technologies are used to protect mail servers:

There are two main methods of protecting spam: protecting against the arrival of spam when the mail is received by the server, and separating spam from the rest of the mail after receipt.

Blacklists. IP addresses from which spam is sent are blacklisted.

Gray lists or greylisting. The principle of operation of gray lists is based on spamming tactics. As a rule, spam is sent in a very short time in large quantities from some server. The work of a gray list is to deliberately delay the receipt of letters for some time. In this case, the address and time of forwarding are entered into the gray list database. If remote computer is real mail server, then he must keep the letter in the queue and repeat the sending within five days. Spambots, as a rule, do not save letters in the queue, so after a short time they stop trying to forward the letter. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is added to the local white list for a sufficiently long period.

DNSBL (DNS blacklist)– lists of hosts stored using the DNS system. The mail server contacts the DNSBL and checks it for the IP address from which it is receiving the message. If the address is in this list, then it is not accepted by the server, and a corresponding message is sent to the sender

Message limit. Setting a limit on the number of messages.

Program SpamAssasin(SA) allows you to analyze the contents of an already delivered letter. SpamAssassin comes with a large set of rules that determine which emails are spam and which are not. Most rules are based on regular expressions, which are matched to the message body or header, but SpamAssassin also uses other techniques. In the SpamAssassin documentation these rules are called "tests".

Each test has some "cost". If the message passes the test, this "cost" is added to the overall score. The value can be positive or negative, positive values ​​are called "spam", negative values ​​are called "ham". The message goes through all the tests and a total score is calculated. The higher the score, the more likely the message is spam.

SpamAssassin has a configurable threshold, above which a letter will be classified as spam. Typically the threshold is such that the letter must meet several criteria; triggering only one test is not enough to exceed the threshold.

The following technologies are used to protect websites from spam:

1. Captcha picture. Those. the user is shown arbitrary text that the user must enter to perform some action.

2. Text captchas– the subscriber must enter the answer to the proposed question to confirm his actions.

3. Interactive captcha– a less common, but very useful type of protection. For example, to confirm actions, the user will be asked to solve an easy puzzle - for example, assemble a picture from three or four parts.

Dear friends and users of our site, I am with you again, SpaceWolf, and today we will talk about the pressing problem of “SPAM”. The solution to this problem will allow you to get rid of spam on the form feedback , spam comments or spam for orders in the online store.

I would like to immediately note the pros and cons of this method:

1. Works well against bots.
2. Quick installation in the message sending form
3. Minimum code (3 lines)
   
4. Does not require special knowledge, except for the location of the main files.
5. Users who do not have java will not be able to pass the verification and therefore send a message.

Basically everything. Let's start the installation:

1) Add an additional hidden field to your form (this is a comment form, feedback form, product order form) with the name name=”check” meaning value=”” leave it blank. Example:

2) In the same form but only in the button (“send”, “write”, “Leave a review” or whatever you call it) add the following code:

If ($_POST["check"] != "stopSpam") exit("Spam decected");

Anti-spam protection - how it works

The principle is as simple as the code itself. It is designed to ensure that spam bots do not know how to run programs on JavaScript. During the time when regular user will click on the “order” button in our hidden field, the word “stopSpam” will be entered, and in the case of a robot, this field will remain empty. Let me explain this moment, why will it remain empty?. The robot fills in all fields except our hidden ID field id=”check” and variable "check" will remain blank, therefore the mail will not be sent. And when the user clicks on the button, our JavaScript, which we added to the button.

I advise you to use this method together with captcha, the effect will be better.

Well, that's all. If the article helped you, write comments, repost and don’t forget to say “Thank you” in the comments.

If anyone has other problems or questions, leave them in the comments, we will be happy to find a solution together. We are waiting for your messages!

Hello, dear readers of the blog site. You've probably already encountered spam, even if you didn't know exactly what this outrage is called. And for this it is not even necessary. Spam also pours into your regular mailbox with enviable regularity - these are the same countless advertising booklets that are slipped to you in the hope that you will order or buy something.

So, spam is that is precisely the annoying one, creeping in from all sides advertising(but not only advertising - there are worse things). You didn’t order it, you don’t need it, but he rushes and rushes from every corner. The information you need can easily get lost in this heap and you have to spend a lot of time sifting through it.

In our computer age, the main source of spam. And besides advertising spam mailings can also be dangerous both for your wallet (phishing, social engineering, scams) and for your computer (viruses, worms, Trojans).

What does the word Spam mean, what does it look like and how can you fight it, you will learn by looking at this short article. I hope it will be interesting (well, certainly useful - I promise you that).

Spam - what is it?

What does the word SPAM mean?

Self word Spam comes from the name of canned meat, which was vigorously advertised after the end of the Second World War (obviously, it was necessary to urgently sell out the soldiers' meat rations).

The advertising was so aggressive, comprehensive and ubiquitous that this word (and the “sediment” associated with it) was remembered, but only because of the intrusive advertising that appeared along with it in conferences (then still on the Fidonet, if anyone remembers).

The word stuck, especially since intrusive advertising did not become less, but rather the opposite. When email gained popularity, unauthorized mass advertising and malicious mailings became commonplace. Such mailings were profitable for spammers, because without any special costs necessary information reached a large number of people.

But It's not limited to email. They spam in private messages on social networks, on forums, in instant messengers, on message boards, in comments to blogs, open for editing and adding text by anyone. They will also spam your phone, for example by calling you advertising or sending advertising SMS messages.

Where can you find him on the Internet?

1. Email- it's just a Klondike for spammers. With the help of mass mailings you can sell anything, you can deceive and rob, you can infect computers and send worms. Databases for mass mailings are collected independently (with the help of programs), or purchased from those who do this professionally.
2. Forums, comments blogs, wiki sites and message boards - here, essentially, everyone is allowed to leave messages and spammers find it difficult to resist spamming. This is not always advertising - often this is how webmasters try to get a free link to their site so that it ranks higher in the rankings. search results Yandex or Google for various requests. This brings them traffic and money.
3. Social media and dating sites - spam is very common among incoming personal messages. It is also available in the comments to messages.
4. Messengers (like ) are also susceptible to this scourge.
5. SMS-messages from unknown people of an advertising nature. Probably everyone is familiar with it.
6. Search spam- a rather specific thing, but familiar to everyone. Have you ever had a situation where you enter a query into Yandex (Google), and the responses are entirely sites with some kind of bullshit that have nothing to do with the matter. These are so-called doorways (sites with automatically generated useless texts). They spam search engine results, but they make money from visitors visiting them (in different ways).

Those. all letters in your mailbox (or forum messages, blog comments, personal messages) of an advertising or other nature from a sender unknown to you - this is spam. True, the newsletters you have subscribed to can also be intrusive, but you can still unsubscribe from them (refuse to receive them further).

Spam itself is annoying and annoying, because it litters where it appears. Most often, this is your inbox, and it can be quite difficult to separate the wheat from the chaff when there are too many unwanted messages. But spam can also pose a real danger to both you and your computer. Let's figure this out.

Understanding the types of spam (harmless and dangerous)

From now on I will mainly talk about spam messages arriving by email, because it is this channel that is considered especially susceptible to this phenomenon. Everything else is not as neglected and is not so actively used by spammers, and this does not apply to all network users. But the problem of protecting them from unwanted messages is acute.

Types of harmless spam

1. Advertising of legal goods and services- in this case, the business owner simply chose spam mailings as one of the channels for attracting clients and customers, because it is not expensive, fast and brings results. Naturally, he doesn’t think much about the moral (or rather immoral) side of this matter.
2. Prohibited advertising— there are goods and services that are prohibited by law from advertising, and for them spam mailings can be the main channel for attracting customers. By the way, spammers also advertise their services through mass mailings, since this activity is prohibited by law. This also includes advertising that discredits competitors, since this is also prohibited by law (praise yourself, but don’t scold others).
3. Impact on public opinion- very often spam becomes a good choice for those who are trying to manipulate public opinion in the desired direction. It could be politics, but it could also be. Letters in general can be sent supposedly from some person in order to compromise him, change his opinion about him, or use his authority for profit. But this does not pose a danger to you personally.
4. Letters that ask to be forwarded to others- these can be varieties of so-called “letters of happiness” (send it to 10 friends and you will be happy), or asking to send information to friends for some other reason. Often such letters are used by spammers to collect or replenish an existing email database for subsequent mass mailings.

High-risk spam - what it can be

If ordinary (harmless) spam can only slightly affect your peace of mind and mental health, then the examples below can be very dangerous for your wallet or computer. And this is no joke.

I myself (the one who teaches and trains everyone) a couple of years ago “bought” a similar type of letter (phishing) and parted with several thousand rubles (read “”). I just got busy and did everything “automatically” just to get behind, well, when I realized it, it was too late.

1. - Very effective method deceiving not only gullible people, but also simply busy or inattentive people (there is a hook for everyone). They send you a letter supposedly from your bank or service electronic money or from somewhere else. In this letter, you will definitely be taken aback by something (unsettled) and asked to log in to the site to solve the problem. You log in, but the site will be fake (although it looks exactly like the real one) and the data you provided will be immediately used to steal all your money.
2. Nigerian letters- you find out that you can get a large amount of money (various pretexts - from an unexpected inheritance to helping a prince in exile). You don’t believe it for a long time, but they convince you. When you believe it, you will be asked to transfer some money for “related expenses.” You translate and no one will bother you anymore.
3. Viruses, worms, Trojans— the letter may contain an attached file with a malicious program (or a link leading to a site with a virus). She can immediately cause problems with the operation of the computer, or she will sit quietly in a corner and carefully write down all the passwords, logins and other useful household things you enter. Worms, among other things, can also send themselves to your friends using the email addresses found in your contacts (as they will call you later...).

Spam protection

Where do spammers get databases with email addresses?

1. Spammers (those who send mass mailings) collect email addresses from all available sources. These could be forums, guest books, chats, social media and other sites where postal addresses may be publicly available.
2. Hackers manage to get to some databases of addresses stored on websites.
3. Collecting Emails is carried out in most cases programmatically (with the help of search bots - harvesters) and this does not require much effort (only time, and even then not very much). Moreover, similar spam email databases You don’t have to collect them, but buy them from those who specialize in this matter ().
4. There are billions of email addresses registered all over the world, and therefore you can simply try to generate Emails using special programs using appropriate dictionaries. With a high degree of probability, many of them will actually exist. Read below about how spammers check the reality of addresses.
5. There are special worms (viruses) that can send themselves to a database of addresses found on the victim’s computer. The database collected in this way will already be cleared of non-working mailboxes.

How do spammers clean databases of inactive email addresses?

Those who collect a database of addresses essentially don’t care who owns this or that address - they send letters to everyone, because there will still be someone who will respond to them (as they say - they hit the squares).

But still, in order to optimize costs and increase the return on mailings, it is beneficial for them to clear the databases of non-existent addresses. How do they do it? Let's get a look.

1. The simplest thing is to place a picture in the letter (maybe not even visible - one pixel in size), which will be loaded from the site owned by the spammer when the user opens the letter. If the picture is loaded, it means the letter was opened and the email is valid.
2. Many email clients (programs for working with email) automatically send a message that the letter has been read, which again plays into the hands of spammers.
3. The letter may contain a link urging you to go somewhere, promising mountains of gold. We've moved on - consider that your Email will now be marked as valid. The most unpleasant thing is that such a link can be disguised as an unsubscribe button, which will actually lead to the opposite effect.

How to reduce the likelihood of your email getting into the spam database?

In general, as soon as your mailbox is “verified,” spammers won’t just leave you. It is important to understand that no one is immune from spam. But it is possible significantly reduce the likelihood of getting into such a spam database if you take the following precautions:

1. You can, of course, not publish your Email anywhere at all and not tell it to anyone. But in most cases this is difficult to do, so I advise except the main drawer have one or two minor ones that you will use to register on forums, etc. Often they can also come in handy, which can be obtained without registration at all.
2. Don't click on links in spam emails (even if there is an "Unsubscribe" button - it's a trap) and if possible, disable automatic downloading of images in the email client you use. There is a chance that your Email will be counted as inactive and mass mailings will not arrive at hundreds per day.
3. If you have not yet registered a mailbox or are planning to create a new one (for example, because the old one is completely clogged with spam), then do not proceed from the convenience and ease of remembering it, but on the contrary, make it longer and more complex. To your friends, you will still send it to in electronic format, but spam search programs are unlikely to guess it.

What to do if spam no longer lets you breathe?

These were all preventive measures to combat spam (or rather, reduce its quantity). But there is the possibility of an effective fight even in an already completely neglected situation. In this case, it becomes extremely important.

The fact is that in such large services as or, there are powerful antispam filters.

They place all suspicious emails in a separate Spam folder, thereby freeing the Inbox from junk. Yes, there is no perfect spam cutter, and whenever possible, before cleaning, it would be better to view the contents of the Spam folder diagonally to see if it contains legitimate correspondence. But it’s still much easier than digging through all this garbage all the time.

If you have a mailbox on another service, where the spam cutting is poor (for example, as in), then you shouldn’t despair. Get yourself an Email on Gmail or Yandex, and then set up mail forwarding to it from your old mailbox. Moreover, these settings can be made as in the old mailbox (i.e. set up forwarding - shown in the screenshot):

Also, in the new mailbox, you can configure the collection of mail from your existing Emails (the screenshot shows the settings for collecting mail in Gmail):

The same can be said about email client programs. Most of them also have a built-in spam cutter.

But in this case we should not forget that the mail service will have its own spam folder. this can be corrected in the settings of the service or client program).

Good luck to you! See you soon on the pages of the blog site

You might be interested

Account - what is it, how to create or delete it
How to create an email - what is it, how and where to register and which email to choose (mailbox)
What is Email (E-mail) and why is it called email
How to restore a page in Contact (if access is lost, deleted or blocked)
CAPTCHA - what is it and what is it used for Moon Bitcoin (Litecoin, Dash, Dogecoin, Bitcoin Cash) - earnings on cryptocurrency faucets Is it worth buying image links?
Dog symbol - why the @ dog icon is called that, the history of the appearance of this sign in the email address and on the keyboard

According to statistics, more than 80 percent malware penetrate into local network precisely through email. The mail server itself is also a tasty morsel for hackers - by gaining access to its resources, the attacker gets full access to the archives emails and lists email addresses, which allows you to get a lot of information about the life of the company, the projects and work carried out in it. After all, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by launching attacks on those addresses or composing fake emails.

At first glance, spam is a much lesser threat than viruses. But:

• A large flow of spam distracts employees from performing their tasks and leads to an increase in non-production costs. According to some data, after reading one letter, an employee needs up to 15 minutes to get into a working rhythm. If more than a hundred unwanted messages arrive per day, then their need to view them significantly disrupts current work plans;
• spam facilitates the penetration of malware into the organization, disguised as archives or exploiting vulnerabilities of email clients;
• a large flow of letters passing through the mail server not only degrades its performance, but also leads to a decrease in the available part of the Internet channel and an increase in the cost of paying for this traffic.

Spam can also be used to carry out some types of attacks using social engineering methods, in particular phishing attacks, when the user receives letters disguised as messages from completely legal individuals or organizations, asking them to perform some action - for example, enter a password for their account. bank card.

In connection with all of the above, the email service requires protection without fail and first of all.

Description of the solution

The proposed solution for protecting an enterprise's email system provides:

• protection from computer viruses and other malicious software, distributed via email;
• protection against spam received by the company via e-mail, and distributed over the local network.

Modules can be installed as additional modules of the protection system;

• protection against network attacks on the mail server;
• anti-virus protection of the mail server itself.

Solution Components

The mail service protection system can be implemented in several ways. The choice of the appropriate option is based on:

• accepted company policy information security;
• operating systems, management tools, security systems used in the company;
• budget restrictions.

The right choice allows you not only to build a reliable protection scheme, but also to save a significant amount of money.

As examples, we give the options “Economy” and “Standard”

The “Economy” option is built on the basis operating system Linux and making the most of free products. Composition of the variant:

• anti-virus and anti-spam subsystem based on products from Kaspersky Lab, Dr.Web, Symantec. If your company uses a demilitarized zone, it is recommended to move the mail traffic protection system into it. It should be noted that products designed to work in the demilitarized zone have greater functionality and greater capabilities for detecting spam and attacks than standard ones, which improves network security;
• firewall subsystem based on iptables2 firewall and management tools standard for the Linux operating system;
• attack detection subsystem based on Snort.

Mail server security analysis can be done using Nessus

The solution based on the “Standard” option includes the following subsystems:

• subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
• firewall and attack detection subsystem based on Kerio Firewall or Microsoft ISA.

Mail server security analysis can be done using XSpider

Both options above do not include instant messaging and webmail security modules by default
Both the “Economic” option and the “Standard” option can be implemented on the basis of software products certified by the FSB and FSTEC, which allows them to be supplied in government agencies and companies with an increased level of security requirements.

Advantages of the proposed solution

• the solution provides reliable protection against the penetration of malware and spam;
• Optimal selection of products allows you to implement a protection scheme that takes into account the needs of a specific client.

It should be noted that a full-fledged security system can only function if the company has an information security policy and a number of other documents. In this regard, Azone IT offers services not only for the implementation of software products, but also for the development of regulatory documents and auditing.

You can obtain more detailed information about the services provided by contacting the specialists of our company.

What methods are there to combat spam?

There are two main methods of protecting a mail server from spam: protecting against spam when it is received by the mail server, and separating spam from the rest of the mail after it is received by the mail server.

Among the first method, the most popular methods are the use of DNS Black List (DNSBL), Greylisting and various delays when sending mail; use of various technical means, such as checking the existence of a user on the sending side (callback), checking the “correctness” of the sending server using such methods as the presence of a record in the reverse DNS zone, the legality of the name when setting up an SMTP session (helo), checking the SPF record (for this to work in DNS records about the host, the corresponding entry about the legitimate sender servers is used).

Among the methods of analyzing the content of a letter, the most popular methods are checking using various algorithms, such as searching for special keywords advertising nature or based on Bayes' theorem. The algorithm based on Bayes' theorem contains elements of probability theory, is initially trained by the user on messages that, in his opinion, are spam, and subsequently separates messages that contain spam based on characteristic features.

So, let's take a closer look at these email filtering methods.

Black lists or DNSBL (DNS Black Lists)

Blacklists include addresses from which spam is sent. Widely used lists are “open relays” and “open proxies”, and various lists of dynamic addresses that are allocated by providers to end users. Due to their ease of implementation, the use of these blacklists is done through the DNS service.

Gray lists or greylisting

The operating principle of greylisting is based on spamming tactics. As a rule, spam is sent in a very short time in large quantities from some server. The work of a gray list is to deliberately delay the receipt of letters for some time. In this case, the address and time of forwarding are entered into the gray list database. If the remote computer is a real mail server, then it must store the letter in a queue and resend it within five days. Spambots, as a rule, do not save letters in the queue, so after a short time they stop trying to forward the letter. It has been experimentally established that on average the time it takes to send spam is just over an hour. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is added to the local white list for a sufficiently long period.

Performance Analysis

The first two methods allow you to filter out about 90% of spam at the stage of delivery to the mailbox. Already delivered mail can be marked by means of analyzing the contents of the letter, for example, using the SpamAssassin program. This product allows, based on special algorithms, to add corresponding lines to the headers of letters, and the user, based on mail filters, mail client, can filter mail into the desired mail program folders.

Conclusion

Of course, there are other ways to protect against spam; the most effective, unfortunately, at the moment are preventive measures, such as not leaving your real email account on websites, forums and message boards, using temporary addresses for such needs, which are subsequently can be deleted if necessary mailbox use text instead of text on the website graphic image and similar measures.

You can connect and configure GreyListing through the ISPmanager panel in the "Features" section

You can find out more about setting up anti-spam methods through the control panel here DNSBL and here Greylisting.