Antispam and Blackholes



Index

Dot  Startpage

Dot  General

Dot  Filter Techniques

Dot  Enduser

Dot  Links

Dot  RBL

Dot  Statistics

Filter Techniques

The filter techniques can be put in two groups. The content filtering which is mostly used by the received and the IP filtering which is mostly used by the mail server administrators.

Content Filtering

The content filtering is scanning the e-mails for key words or text phrases. If a key word or text phrases is found, the e-mail is deleted or moved to a separate folder. Most mail clients have such filter functionality build in.

The disadvantage of this technique is, that there exist the possibility that also legitimated e-mail could be indicated as Spam. To do the filtering the e-mail has to be transmitted to the recipients machine before the filtering can be done.

IP Filtering

The IP filtering is based on a list of IP addresses from which the mail server doesn't accept e-mails. This method is very effective and reduces the usage of bandwidth and processor load because the e-mails doesn't have to be transmitted and there content scanned.

The reliability of this technique deepens very much on the IP list which is used. There can local lists of IPs which you manage yourself or Realtime Blackhole Lists which are offered in the Internet be used. If you want to use a Realtime Blackhole List, you should only use lists which you trust on. As soon as such a list is configured at the mail server, each IP address of a sender is checked against this list and if found the connection is closed with a message before the e-mail is transmitted. If there are wrong IPs on this list, legitimated e-mails send from this address will be rejected too.

Realtime Blackhole Lists

The Realtime Blackhole Lists (also called as RBL) are located in the DNS and partly free accessible. They are used mainly on mail server and are often grouped in three lists.

  • Blackhole Lists: This lists contains IP addresses of Spam Servers.
  • Relay Lists: This lists contains IP addresses of mail server with open relays.
  • Dialup Lists: This lists contains IP addresses which are used for dynamic addressing of dialup and DSL/Cable connections.

Sender Policy Framework

This is a technique which is not widely used yet, but the community will grow in the next years rapidly. Beside of SPF (Sender Policy Framework) there exists also the Sender ID which is nearly the same. SPF provides a list of IP addresses in the DNS which is allowed to send e-mails for the domain in question. All owner of a domain should take care that a SPF record for there own domain exist. Otherwise the chance exist that in the future there e-mails might be rejected. More information to SPF can be found at http://spf.pobox.com.

Valid HTML 4.01!