Spam countermeasures and blocking mechanisms

Submited by daniel.toma, on 2007-12-03, in Antispam

Filtering checks

I will now list some of the major and widely used gross filtering checks:

1. Blacklisting

This is one of the earliest methods of connection control and consists of a list of denied remote hosts that will always be rejected when a connection is attempted. As stated before, this type of gross filtering can be made using a firewall program if the mail server does not have this feature.

2. White-listing

This is a more restrictive type of list and requires that you know all the IP addresses of the remote hosts that you want to receive messages from. If a white-list is implemented, all connections will be rejected, except for the hosts found in the white-list. This type of filtering can also be managed by the firewall or some other mail server external tool.

3. Grey-listing

This type of filtering can be accomplished only by the mail server or a tool that intermediates and monitors the SMTP connection, and it is able to distinguish the connection state and given commands. This type of listing is based on the principle that spammers need to send a large quantity of messages and that they do not afford to have a queue of messages to temporary store a failed connection message. This method is based on a temporary list of IP addresses that is used to allow connections; when a remote host first connects to your mail server, it will be temporary rejected no matter what they want to do; also, it will be entered in the grey-list. As a result, all legitimate mail servers will retry the message later and, when the connection is retried, your mail server will allow it or temporary reject it based on the grey-list.

4. DNS checks

This type of filtering does checks to see if the connecting host can be verified using the DNS system against spoofing their IP address. In this category we can also include SPF (Sender Policy Framework).

I will make a summary of the common DNS checks performed:
- reverse DNS record that needs to match the supplied hostname for the connecting host
- MX DNS record check to see if the domain sender has a MX or not. If the sender's domain does not have a MX record, then we are certain it is a forged sender.
- SPF checks require a non-standard DNS configuration in which all hosts of a domain that are allowed to send mail are specified in a DNS TXT record so that remote mail servers can distinguish valid hosts from the fake ones.

5. Real time blacklists

This type of check can be performed in the gross checking phase, and in the fine checking phase also. It is based on a blacklist maintained by someone who intercepts new treats before they may reach your server, thus relieving you of the task of configuring and, most important, of maintaining the list.
There is a side effect though, the list may block remote hosts that you want to receive messages from.

Tags: check, checks, connection, filtering, list, mail, mail server, message, messages, server, spam. anti-spam

comments (0)

email this

printable version

Rating:

« Previous page

Page 2 of 3

You are in: Articles / Security / Antispam / Spam countermeasures and blocking mechanisms
Articles & tutorials Backup & Archiving Email Clients Mobility Operating Systems Reporting Tools Security Antispam Antivirus Reports Server Administration Smart Setups Clustering Virtualization Studies & Benchmarks Support Services Web Integration Messaging news Axigen Presents Itself as a Fully Grown Messaging and Collaboration Platform with Version 8 Bucharest, Romania – March 31, 2011 – Axigen... Axigen Enters Indonesia through MTI Bucharest, Romania - February 17, 2011 - Axigen... Experience the Axigen Ajax WebMail with Calendars, Tasks and Notes The Axigen Team (http://www.axigen.com) has added calendars, to do... Upcoming events Switching from Free Open... AXIGEN (www.axigen.com), the professional messaging solution...	Spam countermeasures and blocking mechanisms Submited by daniel.toma, on 2007-12-03, in Antispam Filtering checks I will now list some of the major and widely used gross filtering checks: 1. Blacklisting This is one of the earliest methods of connection control and consists of a list of denied remote hosts that will always be rejected when a connection is attempted. As stated before, this type of gross filtering can be made using a firewall program if the mail server does not have this feature. 2. White-listing This is a more restrictive type of list and requires that you know all the IP addresses of the remote hosts that you want to receive messages from. If a white-list is implemented, all connections will be rejected, except for the hosts found in the white-list. This type of filtering can also be managed by the firewall or some other mail server external tool. 3. Grey-listing This type of filtering can be accomplished only by the mail server or a tool that intermediates and monitors the SMTP connection, and it is able to distinguish the connection state and given commands. This type of listing is based on the principle that spammers need to send a large quantity of messages and that they do not afford to have a queue of messages to temporary store a failed connection message. This method is based on a temporary list of IP addresses that is used to allow connections; when a remote host first connects to your mail server, it will be temporary rejected no matter what they want to do; also, it will be entered in the grey-list. As a result, all legitimate mail servers will retry the message later and, when the connection is retried, your mail server will allow it or temporary reject it based on the grey-list. 4. DNS checks This type of filtering does checks to see if the connecting host can be verified using the DNS system against spoofing their IP address. In this category we can also include SPF (Sender Policy Framework). I will make a summary of the common DNS checks performed: - reverse DNS record that needs to match the supplied hostname for the connecting host - MX DNS record check to see if the domain sender has a MX or not. If the sender's domain does not have a MX record, then we are certain it is a forged sender. - SPF checks require a non-standard DNS configuration in which all hosts of a domain that are allowed to send mail are specified in a DNS TXT record so that remote mail servers can distinguish valid hosts from the fake ones. 5. Real time blacklists This type of check can be performed in the gross checking phase, and in the fine checking phase also. It is based on a blacklist maintained by someone who intercepts new treats before they may reach your server, thus relieving you of the task of configuring and, most important, of maintaining the list. There is a side effect though, the list may block remote hosts that you want to receive messages from. Tags: check, checks, connection, filtering, list, mail, mail server, message, messages, server, spam. anti-spam comments (0) \| email this \| \| printable version Rating: « Previous page Page 2 of 3 Next page » Leave a comment Full Name * E-mail * URL: Note: all fields marked with (*) are required Comments (0) To: Subject: Body: Verification code:	Why Register? Already a member? Blacklist monitoring alerts Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted. Mail Server Operating System Poll .01 What OS do you use for your email server? Linux Windows Other .02 How many mailboxes do you currently manage? 1-50 51-300 300+ .03 Would you like to comment upon the choosing of this particular OS? DNS Tools Get IP status, owner and location, obtain its corresponding hostname or check specific ports. Ping Statistics Reverse DNS Lookup Whois Info (IP owner) GeoIP Information Check Port Open Relay Test Test if your mail server is an open relay for spammers. Blacklist Checker Check if your IP is listed in DNS based email blacklists (DNSBL)