Three lists contain spam

spam became a problem more graves.Pour win the war against spam, we spend 18 weapons, including a black list, white list and gray list should be taken into account in this war, the most fundamental tools spam, this article details how companies doiventl’utilisation effective of them.

shipping costs are increasing, the increasing complexity of e-mail is a trend inévitable.Avant the deluge of emails, the Internet is very quiet, Simple Mail Transfer Protocol-based messaging system (SMTP) connected to work properly, the mail filter is a special service providers who will e-mail utiliser.Mais now filter e-mail has almost become a necessity for many departments.

that elections, this kind of filter do? If the volume of your business huge emails received every day in most cases use the blacklist and whitelist spam filtering effects are not very good, they often do not meet their needs urgents.Abonnez you similar services as Postini e-mail received from the point of view to solve this problem, but it is only done half of the war against spam.

Free domain name server blacklist (blacklist) – such as Spamhaus.org, sites Spamcop.net others have this service, providing a service interactif.Sur the basis of service, through a simple query DNS, mail server receiving mail server can send the IP address and a list of known spam servers are comparés.Si the IP address in the list, the message will be rejected.

Many organizations also depend on the white list (white list), it is acceptable for them to send a mail domain, IP address and the IP address of SMTP transmission of a single liste.Dans the most networks, there is a close relationship with partners in the field of business and additional IP address or spam filter will be captured and made a list of domain must be valid.

Another method of protection based on the list is the gray (greylist). between Gray black and white lists between the two lists, it is interpreted with the process of background and status labels SMTP to dynamically create blacklists and whitelists.

three methods in the war against spam modern business has its own position, but must be carefully planned, in particular the use of the blacklist, be sure to avoid hurting innocent people.

Well first

blacklist

Although the DNS blacklist many people use, but also for their use remains controversée.Si blacklist too, the mail server will simply no way to work, and the right is not yet the case, and the DNS blacklist of mail servers are listed also rare to find “errors of judgment” of the situation.

normal mail server is likely to be included in the blacklist, which has a lot of reasons for this: the spammers directly to the IP address Not only can IP Daozhi even entièresegment if the IP address is included in the blacklist DNS.Hébergement shared customers who are likely to be victims, because using the same IP address, so if a violation of the user will result in the IP address of the这个 use all sites are affected, another type of conditions can be legitimate end users mailing list FAIMessages labeled as spam, rather than cancel their abonnement.Ce server which could have been blacklisted or ISPs will at least blacklisted.

Various service providers a list of all their focus and scope varient.sorbs.net larger spamhaus.org and spamcop.net these three sites using a common guide to determine the status of mails.Le RFC server-ignore-rant.org go further, it is the violation of RFC 821 and 2821 blacklisted mail servers (RFC 821 and 2821 is the main communication standard SMTP) . Unfortunately, there are many legitimate mail servers because of the design or bad execution does not correct a violation of these normes.Toute use of these users mail server can be RFC-ignorant.org blacklist, even if they are not spammeurs.Bien that these sites meet the specifications of the server should be used, but they are included in the DNS blacklist can block communication with another entity.

Nevertheless, it is undeniable that in recent years, DNS blackhole lists the most popular have been greatly enhanced to provide more accurate than the results antérieurs.En fact spamhaus.org and blacklist sorbs.net of these men free not only lists the mail server where the unwanted common network segment, but also lists the broadband home spammers Dynamic IP Addresset control by hackers to send spam, botnets and zombies.

black in the end how do they do? According to the work of Steve Linford in spamhaus.org estimates, the network Spamhaus per second from 80,000 to 100,000 requests recherche.Cela does not include those who do not use public servers for large organizations, members of the unit, plan on a regular basis, in accordance with these large organizations access to the server public DNS blacklists, but put their own networks using food for members lower to significantly reduce the number of customer publicle requests on the server.

Blacklist false positives

But how

kind of false positives? If a user is very representative, he said: “Until last night, for fear of miscarriage of justice that we have been using the DNS blacklist. However, in recent months, we have received more spam bientôt.dernier resort, I decided to blacklist njabl.org our mail filter inside. over the past 15 hours, we have already prevented more than 3100 connections. “

If the DNS blacklist popular denial of justice there will never be objective, but because of the advantages of the use of the blacklist is much greater than the disadvantages, these concerns about the growing problem of spam is not what it is.

When a server is blacklisted, site managers often do not know until a large number of mail thrown back for utilisateurs.Dans most cases, the returned information, including e- email why he was prevented, by whom, and to stop other informations.Lettre warning typically includes a URL, to guide managers on how to implement your own mail server delisted noire.On estimated that 500 000 day spamhaus.org server is blacklisted.

Each DNS blacklist in the collection and maintenance of the database has its own façon.Beaucoup use technology honeynet (Honeynet) automatically from the classification of botnet attacks, botnets, if found, they will add the source IP address of the database server-side SMTP données.Air (Dead-end SMTP) technology is also often used, they are not real mailboxes, but will be charged to those who are sent to nonexistent users to identify spam messages and systems.

Although today’s Internet, open-forwarding (relay open) was much less than the threat has gone, but it exists encore.Plusieurs organizations provide a DNS blacklist of active research for a term open if detected, the blacklist.

not long ago in many commercial sales SMTP server, open forward or settings défaut.Mais today, more use. however, Sun employees of the company first, the founder of EFF programs Cygnus and Usenet newsgroups alt Father John Gilmore also insist on keeping open the transmission limitée.Pour him, it is a matter of freedom of expression. But for us, it is not a good practice, e-mail address is essentially null and void.

gray list became popular

gray list can block most spam tact.Sa main feature is based on the SMTP error code (error code), the meaning of this code is to send a new side to send a e-mail sent a few minutes ago.

Usually, this code is received in applications receiving mail server processing too much, too late to be publié.Greylisting based on the fact that the majority of mail servers and botnets to send messages once, but they will ignore a certain time interval to send the request to nouveau.Parce for them, re-issued each message would significantly reduce their total business volume.

was initially rejected by the mail server, and asked, “later reissued the” all mail will filter the list grise.Si in 10 minutes, the remote server sends this message once more, will not be obstacles to pass, but after the first line with the message will be transmitted.

greylist increasingly popular in recent temps.Cette method can significantly reduce the amount of spam, but again because they require the server to send mail also delayed post reçu.Toutefois, this period is to distinguish whether the spam is necessary.

However, the gray list with one or more of the DNS blacklist and filter spam and viruses could provide a relatively clean energy and messaging system, and today they have become the SMTP server, Spam and virus control methods will pasmoins standard.Malgré loss of message the opportunity was there, but not a fatal problem.

The ultimate solution

spam

really solve the problems of our emails, but also advanced technology vraiment.Une possible response to the technology is really spam SPF (Sender Policy Framework). SPF is essentially opposite each message received confirmation.

each Internet mail server requires a DNS MX record for incoming mail, SPF requires that each server must have an MX record for envoyer.Autrement said, DNS records in a field in a record can be used to confirm a server responsible for sending a message.Si you use SPF found that a mail server to send mail to a domain’s DNS server does not, it sends the message will be returned, and will be marked as spam suspect.Par example, the server receives a message claiming to be from aol.com, but the SPF AOL

. Com is not such messages on the server, if this message is probably wrong.

This solution has advantages and inconvénients.Par example, the MTA (Mail Transfer Agent, Message Transfer Agent) to transfer the message fails, use the SPF filter that would require the server to send the message, rather than re-transmis.Pour that the technology related to solving these technologies are still in the development process.

Another option is to use X.509 certificates to protect SMTP.Cette approach requires Internet each have a valid SMTP server, an identity certificate correspondant.Seul a valid server authorized to send mail to serveur.Cette another solution requires a majority of all running the mail server certificate, otherwise not allowed to send or be included in the ranks of unknown origin.

Although SPF has recently become more popular, but the real solution is unlikely bientôt.Sauf few main open source and commercial products provider in the MTA to begin cooperation on common standards, if not receiving mail system based on the blacklist will be another important way. (Translated from the United States “magazine Inforworld”)

Links: Battle of Wits Magic Way

Although the primary DNS blacklist site free for most users to provide their services, but the cost of these services are nécessaires.Comme increasingly popular DNS blacklists, the more effective than large-scale spammers and interests of their clients, and menaces.Par Therefore, the DNS blacklist providers are involved in the battle with the fight against spammers, but not how to deal with spam.

Sorb.net a staff member said: “This is really a war, but also being modernized. We are actively trying to find and stop spammers, and they also tried their best to destroy us. “He cited” For example, malware, we generate the term open (open relay) analysis, a number of programmers malware information not returned to confuse our scanner, which scans the repeats. This reduces lel’efficacité analysis, we had to make changes to the scanner in order to avoid this problem. “

War is also no shortage of spies and agent history double.Le Sorb.net staff also recalled an incident, someone sent an anonymous letter to Sorb.net, sent a letter saying that if a 24-byte data on TCP port, this ordinateurquelques some of the Windows Malicious Software automatically désinstaller.Reçu news, Sorb.net scanner was modified to add on this sequence, and later it was found that there are tens of thousands of computers infected the virus has been cleared.

Although the DNS blacklist a variety of methods used to establish their database, but the “spammers can still be identified and managed to escape. example, spammers are specially designed to prevent malware DNS blacklist known connections to not be numérisés.D Other techniques include DNS blacklist of “anti-black list”, which is, manufacturers Sort DNS spam blacklist service providers used to scan the list of server addresses, so they can be targeted to prevent.

DNS blacklists and spam, in addition to the game of cat and mouse, as spammers DDoS attack for some of the biggest black list DNS.Il not long ago spamhaus.org to suffer, and finally forced take to maintain anti-DDoS service.

Now the situation is to avoid and attack, escape and winding road, the other party to do everything possible to battre.Si Windows XP SP2 and Vista the next safest, and perhaps Spammers towers are not so easy to obtain, in the end, but it was not “if.” Now it seems that both sides of the struggle will continue.

Leave a Comment