ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security management Toolkit

Fighting back against spam

Becky Roberts Tech Republic

Published: 13 Nov 2003 11:10 GMT

Heuristic filtering
(Example products/services: SpamAssassin, SpamKiller and ScanMail eManager)

Heuristic filtering takes content filtering to the next level by scanning message subject and contents for patterns. Most products utilising heuristic scanning apply rules to each message to determine its degree of compliance with known spam words/phrases and scores are applied accordingly. A message is then classified according to its total score. Some applications allow the strength of the heuristics applied to be selected by the user --the stronger the heuristics the more spam will be blocked -- but this also increases the risk of blocking more legitimate messages. In general, heuristic filtering is more sensitive and effective than content filtering, but it cannot protect against all forms of spam.

Tarpitting
(Example products/services: VisNetic MailScan, Merak Email Server, Alligate)

Tarpitting is an entirely different approach designed to thwart spammers. Instead of inspecting the contents of a message, tarpitting looks at such factors as the number of recipients or the number of unsuccessful delivery attempts. If a message has more than a specified number of recipients, for example, a delay is inserted between the delivery times of the message to each recipient. This delay has the effect of "tarpitting" the spammer, causing them to assume that the connection has stalled and cease sending. This use of tarpitting is particularly effective against spammers attempting to use your email server as an open relay. Another example of tarpitting counts unsuccessful attempts to deliver a message. When this count exceeds a specified amount, the sender’s IP is blocked for the remainder of the session.

Blocking
(Example products/services: ESafe, SpamCop, MailProtector)

Similar to content filtering, spam blocking simply prevents messages from being delivered to the intended recipient if it was sent from a specified email address, domain, server, IP address, or range of addresses. Some products offering this feature have a predefined list of known spammers that can be updated by download. This is another simple solution that requires almost daily maintenance because regardless of how many senders are added to the blocked list, new spammers are constantly spawned and old ones learn to disguise their identity. As with content filtering, blocking is useful only as an adjunct to other forms of spamicide.

1 2 3 4 5

Did you find this article useful?
292 out of 522 people found this useful

More In Security management

Company/Topic Alerts

Create a new alert from the list below:

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.