 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 2: Communication Security (Domain 2.0; 20%) 9 2.2 Email 9 2.2.3 Vulnerabilities |
|
2.2.3.1 Spam
(Page 2 of 2)
Dealing With Spam
There are several ways to approach UCE.
- 1. Filter and delete179:
- 1.1. Create a set of rules in an email server
or client.
- 1.2. Purchase a commercial180 program to filter and delete.
- 1.3. Use a service such as Spam Cop 181
- 1.1. Create a set of rules in an email server
or client.
- 2. Generally speaking DO NOT respond with a message
telling them to remove you. This only confirms an email address
- 3. Add Sender Policy Framework (SPF182) or Caller-ID183 to your domain. .
Various options are available for “filter and delete”. Most take advantage of the fact that much spam content LOOKS similar. Spam mail tends to use bright colors, capital letters, include phrases like “your account”, “deal of a lifetime”, etc. Spam filters look for these characteristics and isolate incoming email that matches them into a “spam jail” (where you can inspect the messages at your leisure) or deletes them outright. The issue with “blacklists” created by services such as Spam Cop is it is easy to have someone (say a competitor) put *you* in the blacklist. Keeping up valid backlists is a lot of work184.
An effective-sounding, different technique is offered by SpamRipper185. It keeps track of valid senders, and isolates any email not from a valid sender into a holding area. In the meantime, it sends a reply to the new sender, containing a verification code. If that sender replies with the verification code, then from that point forward, all messages from that sender are considered valid. (Of course, you can also manually add and remove users from the “valid senders” list yourself.) Also Robert Jensen of Mailboxfilter.com has a pretty good looking offering. The company has a 30 day trialware version186.
If you are not going to follow our advice of #2, be prepared for the time and expense of using whatever state/providence law available to take the fight to the ISP level of the firm that bought in to UCE to have your domain blocked. This is the most costly route in terms of time/money/energy, and (for me, Tcat) it has sometimes been worth it. For starters, DO NOT believe the “From: “address, as it can be spoofed. The best hints as to the email message’s origin are found in the “Received” header which almost always indicates the IP address or domain name of the mail server which was used to send the mail. This brief look at spam reveals it consumes computer & network resources as well as productivity time.
|
Spam__________________
179. http://www.mailwasher.net/
180. http://www.giantcompany.com/products.aspx
181. http://www.spamcop.net/
182. http://spf.pobox.com/
183. http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx
184. http://searchdomino.techtarget.com/originalContent/0,289142,sid4_gci958751,00.html?track=NL-358&ad=480517
185. http://www.spamripper.com
186. http://www.mailboxfilter.com/download.html
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.