Skip to main content

Random Talk: How to Fight SPAM

Who would thought that the world's largest communication (Internet) today would filled up with so many screw information known as spam? Back in the early days, we are all just sending mail to talk each other directly with plain mailx or biff command. All are trusted even some may play pranks on others, but it can be handle with social manner. Well, thanks to the mob of ignorant people that using the unsecure OSes, many finds sending these bulks are a great deal which making the old days over.

Btw, there are four terms that describe different kind of messages delivered:
  1. HAM. Ham means a valid (legitimate) email message and pass the scan.
  2. SPAM. Spam is the bulk we want to throw to the waste.
  3. False Positive. False Positive is a valid (legitimate) message that being marked as spam.
  4. False Negative. False negative is a spam that get away and went thought our email successfully.
There are ways to fight SPAM:
  1. Bayesian. This is the oldest method, to see relevancy between messages and compare them using statistical bayesian method. We must feed the application with valid data and spam data to let it be able to differentiate spams and hams. This type of application is resource intensive.
  2. DNSRBL (DNSBL/Tarpit?). Many of the spam is from domains that built spesifically for that, DNSRBL is a method that using 3rd party service that provide a user inputted IPs that should be blacklisted. To be simple, DNSRBL checking the sender IP.
  3. URIBL. This is another DNSBL method but this method compares URI (URL is one example of URI) in the reside. In other words, this method check if the message contain links to a site which referred by spams.
  4. Greylisting. This method is to delay communication to the sender when a new client send an email. The idea is many of the spam sender is not using RFC-compliant mail server to send back answer after timeout. So, when the email is delayed and no attempt to send again most likely is a spam.
  5. DKIM. DKIM is a method to signature the mail server. The idea is every domain (like google.com) have their own RSA key (public/private key encryption), a https-like in sending email, we ensure that the sender is a valid sender.
  6. SPF. SPF is like to enlist who has the right to use domain. Because of the SMTP protocol, everybody can be anybody which sometimes used by the spammer to send spam disguising public domain/secure domain such as nbc.com and else. These fake mails then sent to the victim. Using SPF however, eliminate that thing by defining which server is the rightful sender from the domain. Some may confused with Sender ID, but according to the SPF site, both are differ. Dunno....
For the sake of pop readers, I avoid using too technical here. But, there are things that you need to know these basic as a person to fight spam.

Make sure your mail server is not an open relay. Yes, there are people whom prefer that way for the sake of openness in Internet. But, we cannot afford to loose an IP, blacklisted because spammers using it to send spam. Use secure mechanism to have your email server:
  • Use TLS to have secure channel
  • Use user authentication to have valid clients.
  • Reject incoming mail that specified not to your domain and reject outgoing mail that not from your domain.
Well, a non-aware client also be a problem. You may have a Great Wall but if your peasant don't know how to behave, it will be false security. Usually, the spammer using some baits to do the social ninja kind of type. Just warn your client about the important to not share a password to anyone but oneself. Fail to do so, we will have a legitimate user login sending spams.

They need an awareness that we, administrator don't need to know their password!

That's it. Well, alright, I'll stop this light talk here. Have a nice day.
Labels:

Comments

Post a Comment

Popular posts from this blog

STAN vs. UI

Ugh, kasihan banget adek gue. Saking kepinteran dia jadi dapet Akuntansi UI dan STAN. Jadi bingung mau masuk yang mana. Beberapa orang (termasuk orang tua gue), menyarankan masuk STAN. Gue malah memperburuk suasana dengan membela memasuki Akuntansi UI, maklum bela almamater. Duh, gue jadi merasa bersalah bikin dia ragu-ragu. Kira-kira enakan masuk mana, yah? Gue juga gak tahu keuntungan masing-masing. Hasil debat sementara: ~ Untuk jangka panjang masuk UI, untuk jangka pendek STAN. ~~Tapi, dia itu kan cewek, ntar pas menikah kemungkinan besar karir terhambat. Eits, ntar, dulu, sekarang kan jamannya emansipasi, bisa aja cowoknya yang jadi BRT. ~ STAN sarang korupsi, kalo masuk STAN jadi pegawai negeri. Kalo mau kaya harus korupsi. Tapi kalo masuk UI, lulus masuk jadi akuntan publik. Sekarang ini, orang membayar akuntan publik untuk memanipulasi nilai pajak dan aset. *SIGH*. Jadi gak ada yang beres ~ dll. Yah, udah gue jadi bingung, apa lagi dia nanya saran gue. Buah, gue gak pengalaman ...
62 comments
Read more

Installing Goodix Fingerprint Reader Driver on Fedora

I currently have a Lenovo Thinkpad L14 laptop equipped with fingerprint. I was `belok` from KDE Neon to use Fedora 40 because of someone. Now I am tempted to enable my fingerprint: lsusb | grep -i fingerprint Bus 001 Device 004: ID 27c6:55b4 Shenzhen Goodix Technology Co.,Ltd. Fingerprint Reader Dump the firmware Assuming this is a fresh install, lets do some magic by getting some dependencies: sudo dnf install gcc git python-pip python-devel openssl Let's get the source code: git clone --recurse-submodules https://github.com/goodix-fp-linux-dev/goodix-fp-dump.git cd goodix-fp-dump Create an isolated Python environment: python -m venv .v source .v/bin/activate Do the magic: sudo su pip install -r requirements.txt python run_55b4.py exit There are some python scripts available. I run run_55b4.py because my device ID is 27c6: 55b4 . It will spell some nonsense, which is a good thing. That nonsense actually the firmware captured by our device. Also, I typed exit becaus...
1 comment
Read more

Chivalry vs Feminism

Throughout these years I constantly making experiment about how our society perceive about the societal changes. The overhaul of sexist strata and the privilege reformations follow. Note that every change could be perceived as progress or detrimental to the society. The foremost subject that I run is about the opposite of manliness perceived by the oldies vs modern women. The modern era allow women go out from the kitchen into the office. They can have career and enjoy the privilege that men were exclusively had in years. And, can men also do the reverse? Can men also enjoy the privilege of what women do in the past? Can men move from office into the kitchen? And the answer on this era is: NO. While women could reverse their role, men are not allowed to do the same in this society. Society will punish you when a man tries to do that. They will put a healthy man who chose to be at home dad as an irresponsible not-a-man person. If a woman's worth could be rewritten, why not...
2 comments
Read more