Random Talk: How to Fight SPAM

Who would thought that the world's largest communication (Internet) today would filled up with so many screw information known as spam? Back in the early days, we are all just sending mail to talk each other directly with plain mailx or biff command. All are trusted even some may play pranks on others, but it can be handle with social manner. Well, thanks to the mob of ignorant people that using the unsecure OSes, many finds sending these bulks are a great deal which making the old days over.

Btw, there are four terms that describe different kind of messages delivered:
  1. HAM. Ham means a valid (legitimate) email message and pass the scan.
  2. SPAM. Spam is the bulk we want to throw to the waste.
  3. False Positive. False Positive is a valid (legitimate) message that being marked as spam.
  4. False Negative. False negative is a spam that get away and went thought our email successfully.
There are ways to fight SPAM:
  1. Bayesian. This is the oldest method, to see relevancy between messages and compare them using statistical bayesian method. We must feed the application with valid data and spam data to let it be able to differentiate spams and hams. This type of application is resource intensive.
  2. DNSRBL (DNSBL/Tarpit?). Many of the spam is from domains that built spesifically for that, DNSRBL is a method that using 3rd party service that provide a user inputted IPs that should be blacklisted. To be simple, DNSRBL checking the sender IP.
  3. URIBL. This is another DNSBL method but this method compares URI (URL is one example of URI) in the reside. In other words, this method check if the message contain links to a site which referred by spams.
  4. Greylisting. This method is to delay communication to the sender when a new client send an email. The idea is many of the spam sender is not using RFC-compliant mail server to send back answer after timeout. So, when the email is delayed and no attempt to send again most likely is a spam.
  5. DKIM. DKIM is a method to signature the mail server. The idea is every domain (like google.com) have their own RSA key (public/private key encryption), a https-like in sending email, we ensure that the sender is a valid sender.
  6. SPF. SPF is like to enlist who has the right to use domain. Because of the SMTP protocol, everybody can be anybody which sometimes used by the spammer to send spam disguising public domain/secure domain such as nbc.com and else. These fake mails then sent to the victim. Using SPF however, eliminate that thing by defining which server is the rightful sender from the domain. Some may confused with Sender ID, but according to the SPF site, both are differ. Dunno....
For the sake of pop readers, I avoid using too technical here. But, there are things that you need to know these basic as a person to fight spam.

Make sure your mail server is not an open relay. Yes, there are people whom prefer that way for the sake of openness in Internet. But, we cannot afford to loose an IP, blacklisted because spammers using it to send spam. Use secure mechanism to have your email server:
  • Use TLS to have secure channel
  • Use user authentication to have valid clients.
  • Reject incoming mail that specified not to your domain and reject outgoing mail that not from your domain.
Well, a non-aware client also be a problem. You may have a Great Wall but if your peasant don't know how to behave, it will be false security. Usually, the spammer using some baits to do the social ninja kind of type. Just warn your client about the important to not share a password to anyone but oneself. Fail to do so, we will have a legitimate user login sending spams.

They need an awareness that we, administrator don't need to know their password!

That's it. Well, alright, I'll stop this light talk here. Have a nice day.


Popular Posts