Skip to main content

Random Talk: How to Fight SPAM

Who would thought that the world's largest communication (Internet) today would filled up with so many screw information known as spam? Back in the early days, we are all just sending mail to talk each other directly with plain mailx or biff command. All are trusted even some may play pranks on others, but it can be handle with social manner. Well, thanks to the mob of ignorant people that using the unsecure OSes, many finds sending these bulks are a great deal which making the old days over.

Btw, there are four terms that describe different kind of messages delivered:
  1. HAM. Ham means a valid (legitimate) email message and pass the scan.
  2. SPAM. Spam is the bulk we want to throw to the waste.
  3. False Positive. False Positive is a valid (legitimate) message that being marked as spam.
  4. False Negative. False negative is a spam that get away and went thought our email successfully.
There are ways to fight SPAM:
  1. Bayesian. This is the oldest method, to see relevancy between messages and compare them using statistical bayesian method. We must feed the application with valid data and spam data to let it be able to differentiate spams and hams. This type of application is resource intensive.
  2. DNSRBL (DNSBL/Tarpit?). Many of the spam is from domains that built spesifically for that, DNSRBL is a method that using 3rd party service that provide a user inputted IPs that should be blacklisted. To be simple, DNSRBL checking the sender IP.
  3. URIBL. This is another DNSBL method but this method compares URI (URL is one example of URI) in the reside. In other words, this method check if the message contain links to a site which referred by spams.
  4. Greylisting. This method is to delay communication to the sender when a new client send an email. The idea is many of the spam sender is not using RFC-compliant mail server to send back answer after timeout. So, when the email is delayed and no attempt to send again most likely is a spam.
  5. DKIM. DKIM is a method to signature the mail server. The idea is every domain (like google.com) have their own RSA key (public/private key encryption), a https-like in sending email, we ensure that the sender is a valid sender.
  6. SPF. SPF is like to enlist who has the right to use domain. Because of the SMTP protocol, everybody can be anybody which sometimes used by the spammer to send spam disguising public domain/secure domain such as nbc.com and else. These fake mails then sent to the victim. Using SPF however, eliminate that thing by defining which server is the rightful sender from the domain. Some may confused with Sender ID, but according to the SPF site, both are differ. Dunno....
For the sake of pop readers, I avoid using too technical here. But, there are things that you need to know these basic as a person to fight spam.

Make sure your mail server is not an open relay. Yes, there are people whom prefer that way for the sake of openness in Internet. But, we cannot afford to loose an IP, blacklisted because spammers using it to send spam. Use secure mechanism to have your email server:
  • Use TLS to have secure channel
  • Use user authentication to have valid clients.
  • Reject incoming mail that specified not to your domain and reject outgoing mail that not from your domain.
Well, a non-aware client also be a problem. You may have a Great Wall but if your peasant don't know how to behave, it will be false security. Usually, the spammer using some baits to do the social ninja kind of type. Just warn your client about the important to not share a password to anyone but oneself. Fail to do so, we will have a legitimate user login sending spams.

They need an awareness that we, administrator don't need to know their password!

That's it. Well, alright, I'll stop this light talk here. Have a nice day.
Labels:

Comments

Post a Comment

Popular posts from this blog

STAN vs. UI

Ugh, kasihan banget adek gue. Saking kepinteran dia jadi dapet Akuntansi UI dan STAN. Jadi bingung mau masuk yang mana. Beberapa orang (termasuk orang tua gue), menyarankan masuk STAN. Gue malah memperburuk suasana dengan membela memasuki Akuntansi UI, maklum bela almamater. Duh, gue jadi merasa bersalah bikin dia ragu-ragu. Kira-kira enakan masuk mana, yah? Gue juga gak tahu keuntungan masing-masing. Hasil debat sementara: ~ Untuk jangka panjang masuk UI, untuk jangka pendek STAN. ~~Tapi, dia itu kan cewek, ntar pas menikah kemungkinan besar karir terhambat. Eits, ntar, dulu, sekarang kan jamannya emansipasi, bisa aja cowoknya yang jadi BRT. ~ STAN sarang korupsi, kalo masuk STAN jadi pegawai negeri. Kalo mau kaya harus korupsi. Tapi kalo masuk UI, lulus masuk jadi akuntan publik. Sekarang ini, orang membayar akuntan publik untuk memanipulasi nilai pajak dan aset. *SIGH*. Jadi gak ada yang beres ~ dll. Yah, udah gue jadi bingung, apa lagi dia nanya saran gue. Buah, gue gak pengalaman ...
62 comments
Read more

I Hate Marvel Civil War Storyline In Comic

See this snippets from The Amazing Spiderman: [1] http://scans-daily.dreamwidth.org/4625006.html The snippets on [1] made it clear: Stan Lee made Spidey have a strong believe in Privacy. The comic strips show how Spidey even have to face charges because of his anonymity. The accuser even made many accusation to other entities for political attacks. A fan-art/art I've found in the 90's illustrated Spiderman standing in front of Peter Parker tomb. I don't know if that was originally from comic book or fan-made, 90's are a long time ago. That art mesmerized me and introduced me to the importance of privacy. In late nineties, I was joined to a program hold by an NGO. So, at that time I know how crucial a privacy was (and still is) to humanity. I'm not exaggerating! Humanity would fall to big financial organizations if people could not voice their fears in anonymity. Whistleblowers around the world would not dare to come up. We would not see any suppression ge...
Post a Comment
Read more