Talk:Anti-spam techniques

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Internet (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 

Citing Sources[edit]

Some parts of this article cite sources quite dutifully. Could whomever is unhappy about the source-citing please add the "in-line" citation-needed tag to the statements they feel require clarification? Megacz 01:00, 14 August 2006 (UTC)

The following comment is so opinionated it is sad[edit]

[Original title was: "This is so sad" Minasbeede 21:51, 29 April 2006 (UTC)]

It's sad because still the emphasis is on combating spam at or after the destination server. Fine, do all those things. ISPs and others can also take very effective action at the pre-destination-server level, the "abuse" level. That's the level at which the spammers steal service in order to hide themselves and in order to keep their own costs down. That works because it is allowed to work.

There is more to do at the abuse level than to complain about how clueless many users are and about how that cluelessness is exploited by the spammers. The thing for the clueful to do is to fake cluelessness and to thereby cause the spammers as much difficulty and pain as can be mustered. Not only is that effective, it can be a source of very great satisfaction.

Why is it so hard to grap? If the spammers are allowed essentially full freedom to exploit unprotected systems they'll exploit unprotected systems and they'll do it in a way that, as much as possible for them, makes it possible for them to keep sending spam through the destination-server-level defenses. There's never going to be a time (at least not in the next 10 to 15 years) in which almost all systems are fully secure. Securing systems is good but it is not aggresive enough against spammers. Create secure systems that look insecure and you'll be in a position to perhaps be a source of great grief to spammers. If you're against spammers what is holding you back?

Minasbeede 03:20, 27 April 2006 (UTC)

  • The only way spam is ever going to be addressed is if someone successfully sues a government and/or governmental agency for lack of measures regarding the national electronic documentation policy. As of now, governments around the western world are squandering tax-payers money in ridiculous efforts to "combat network abuse", when the real issue is that most ministrys of communications already have the required tools at their disposal. To name but a few; ordering and implementing a new communications protocol that cannot allow abuse (the current network protocol is over 25 years old, a roomful of Pepsi-drinking hackers can whip up a new protocol in less than two weeks), imposing regulatory sanctions on ISP's operating in the country, et cetera, et cetera. These tools are already at the governments disposal, and could be used tomorrow. The only way to get governments and/or their assigned agents to start implementing these measures, and thus stop wasting tax-payers money, is by successfully suing these echelons for all that they're worth. All the efforts of all the various anti-spam software companies when combined amounts to less than a fart. My €0.02. 128.214.133.2 07:39, 25 September 2007 (UTC)

Request to move C/R to own page[edit]

I'd like to move the Challenge/Response discussion to its own page. I understand that this is a contentious topic, but there is a wealth of NPOV reasoning from both sides that could be added. -- Megacz 04:23, 10 April 2006 (UTC)'

After no objections, I went ahead and did this. -- Megacz 04:13, 18 April 2006 (UTC)

Title change[edit]

Email spam is just one kind of spam. I created links to Spam Solutions from Spam_(electronic), but such a page would massively overlap with this one. Spam wars already exists too. What to do? If you support/object to renaming this article to cover all spam, not just email spam, please state so, and why. (As for the actual name, is 'Stopping online abuse' is too broad? - e.g. security attacks are abuse; there's lots of solution overlap.) Spam Solutions and Stopping Spam are other options. Any of these is OK with me.) I'll go with the latter if I don't hear back in a few days to a week. Elvey 20:32, 4 November 2005 (UTC)

no comments: There are close to 50 pages that link here.

Some add'l topics to cover[edit]

    • Early/obsolete techniques (keyword filters, manual complaints)
    • Spam blocking techniques (blacklists, DNSBLs)
    • Accreditation and Reputation based techniques (Email authentication, whitelists)
    • Spam filtering techniques (content filtering, Razor, DCC, naive-Bayesian filtering)
    • Hybrid techniques (SpamAssassin)
    • Legal techniques (Small Claims, ISP, Class action,Government efforts)
  • The question of whether spam filtering is effective (see [1] for one discussion of its limitations)

C/R sucks discussion[edit]

A point of clarification:

Indeed, some argue that using a C/R system means sending unsolicited, bulk email (that is, spam) to all those people whose addresses are forged in spam.

The parenthesized "(that is, spam)" had been "(challenges to forged spam)". However, the point of the criticism described is that the challenges can themselves be unsolicited bulk email, and hence spam. This position is particularly elucidated by Vernon Schryver in news.admin.net-abuse.email -- Google Groups for his name and "challenge-response" should be enlightening.

Excuse me, but Vernon's discussion in 2006 is not the original discussion of this aspect of C/R. The original discussion was in Usenet group comp.mail.misc in 2003-4 (e.g. [Message-ID: <Pine.LNX.4.58.0403010720220.1116@kd6lvw.ampr.org>] et. al.). 71.106.211.51 (talk) 23:34, 11 August 2011 (UTC)

In brief, however, the position is that a C/R system which sends challenges to forged spam is akin to an open relay or an open FormMail script: it can be caused (by the spammer) to send unsolicited email to a third party (the person whose address is forged in the spam).

There are a number of online sources elucidating this and other problems with C/R:

http://kmself.home.netcom.com/Rants/challenge-response.html http://email.about.com/cs/spamgeneral/a/challenge_resp_2.htm http://www.politechbot.com/p-04746.html

Another issue is more theoretical: The problem of spam is basically that the burden of carrying the messages is foisted off on people who do not want them or benefit from them. (A "spammer" who only sends messages to people who want them isn't a spammer at all, but a legitimate mailing-list operator.) So any "solution to spam" which works by increasing the burden to people who do not benefit is no solution at all -- rather, it is a compounding of the problem of spam.

And this is precisely what C/R does. If you use C/R, then people who send you legitimate mail are indeed quickly whitelisted and never see another challenge. However, when someone sends you spam, your C/R system fires a challenge into the air, which falls to earth you know not where. But, since spammers forge addresses, you can be pretty sure that it is not the spammer who will receive your challenge. (If it were, then he could respond and send you more spam -- and C/R would not work.)

Who receives the challenge sent out in response to a forged spam? It is either nobody (in which case, no harm, no foul) or an uninvolved third party. In the latter case, you have laid a burden (a small one, yes) on that third party, which he has done nothing to solicit and from which he benefits not at all. If that person's email address has been forged in ten million spams, of which one million go to C/R users, then each have participated in a piecemeal mailbombing of that otherwise uninvolved forgery-victim. --FOo 00:08, 29 Apr 2004 (UTC)

moving "Spam tips for users"[edit]

My justification for moving "Spam tips for users" to the top of the article is simply this: a casual browser of Wikipedia (and this article in particular) would be a person interested in finding advice on how to protect his or her own personal PC from spam; therefore, he would be most interested in tips on personal spam protection. Detailed explanations of anti-spam protocols for sysadmins would take less priority, therefore they are now delegated to the latter portion of the article. --Modemac 11:43, 30 Sep 2004 (UTC)

This is best for Wikibooks. WhisperToMe 01:12, 27 Dec 2004 (UTC)

Spam tool I heard about[edit]

I remember once hearing about a tool to counter dictionary attacks. It worked by allowing you to send a false "address doesn't exist" email, or something to that effect, back to the spammer to make the spammer think your address didn't exist. Unfortunately, I can't remember the name. Does anyone know where to get such a program?

This doesn't sound like a very good idea.
First off, most spam does not have a valid return address -- so a falsified bounce message would not go to the spammer.
Second, a good deal of spam has a forged return address -- i.e., the spammer puts someone else's address on the header, so your bounce message would go to an innocent victim. (You would thus be spamming that person, and you could get kicked off your ISP or your mail server put on some DNSBLs.)
Third, there are better ways to detect a dictionary attack. For instance, any such attack will show up very obviously on the mail server as a lot of attempts to deliver mail to nonexistent addresses. The mail server could easily run software that parses the log files and blocks any IP address that makes a lot of such attempts.
Because any such software sends unsolicited bulk email (see the second point above) it would constitute spamware and would be illegal to distribute in several jurisdictions. Even if it were once posted for download on the Web it would be likely that people would try very hard to convince the author to take it down -- it's a bad and dangerous idea. --FOo 01:28, 21 Mar 2005 (UTC)
A follow-on thought: The spam problem leads a lot of people to try strange and ill-advised things like this in an effort to "do something" about the problem. Many ISPs for instance seem to want more to be seen as doing something about spam, rather than to actually be effective. Likewise a lot of people with some programming skill take it upon themselves to write bad and ineffective "anti-spam" software -- I can think of one example where a guy tried to write "automatic spam-reporting" software that instead managed to flood uninvolved ISP mailboxes and piss off a lot of people. --FOo 01:32, 21 Mar 2005 (UTC)
(However, if the dictionary attack is deflected by sending SMTP Error codes that refuse delivery of the attack, then these issues largely go away - this is about as good as an IP-level block (there are pluses and minuses for each).)
(Where is spamware illegal? I know it violates many ISP TOS, but that's all.) --User:67.123.76.191
That's correct -- if you reject a dictionary attack (or any other spam) by sending SMTP errors, then you aren't likely to spam uninvolved people. The problem with the original poster's proposal was precisely that it involved sending email "to the spammer" -- that is, to the poor schmuck whose email address was forged onto the spam.
Spamware is illegal in several states, including Virginia. Spamhaus used to have an article on this, but seems not to have it any longer -- possibly to avoid giving out unsolicited legal advice. See, however, this article which mentions that the only major ISP which allows spamware (MCI) is headquartered in a state where spamware is illegal; and this summary of state spam laws. --FOo 20:55, 18 May 2005 (UTC)

China and spam blocking[edit]

I've noticed some comments on China. I live in China, but I use a non-Chinese e-mail address. If I use an e-mail service from inside China, I can't e-mail a lot of people outside of China. (I've started to notice sites that seem to be blocking me too, not just the Great Firewall.) In any case, the spam problems are starting to get bad here. Part of the problem is very, very, simple. Many Chinese are not well-educated about computers, the 'net, and antivirus software. There are a lot of zombie computers in China. On the up side, even though the problem is getting worse, the Chinese are starting to notice and complain, and even if they don't make as much money per user here, there's a lot of users. A lot of complaints are starting to pile up. I think more Chinese ISPs will start sharpening up and throwing out the spammers. One can but hope. Kaerondaes

It's my understanding that some sites (chiefly hobbyists and local companies -- not large ISPs) who believe that they will never have a correspondent or customer in China simply block Chinese IP space entirely using a nation-based blocklist such as blackholes.us. Likewise for other nations that have had anomalously high levels of zombie and spam-haven activity, like South Korea.
One difficulty is that most anti-spam activists (the people most likely to file accurate reports of spam, and to operate public DNSBLs and other spam-blocking resources) are in the United States and Western Europe. Most do not do business with China directly, and they are (or feel) unable to get in touch with Chinese ISPs responsible for the spam-emitting netspace. The language barrier is one problem; another is the perception of China as a "black box" or monolithic bureaucracy -- whereas what few detailed reports I have seen indicate that some Chinese networks are substantially cleaner than others.
It's worth noting that Spamhaus (the most reputable Western anti-spam operation these days) has done some collaboration with Chinese ISPs in an effort to stem the tide of spam from China. See http://www.spamhaus.cn/ for more.
Another perception I've seen on news.admin.net-abuse.email, SPAM-L, and other anti-spam forums is that Chinese hosting services are believed not to care when their sites are used to host spamvertised Web sites. This leads to what I've seen described as one stereotypical pattern of international spam crime:
  1. An American (stereotypically, a Floridian for some reason!) decides to become a spammer.
  2. He hosts a Web site in China.
  3. He buys spamming software and a list of virus-infected systems from a Russian (or other Eastern European) black-hat programmer.
  4. He sends spam through these virus-infected systems, which may be located in South Korea, China, Mexico, Brazil, Western Europe, Israel, and, yes, back in America.
  5. The spam is chiefly targeted at American ISP users (and is written in English), but is also sent to people all over the world.
  6. The spam victims go to the Web site, and (if they are fools) buy herbal Viagra; their credit card orders are processed through Western Europe.
  7. The spammer packs sugar pills in bottles and mails them out from a warehouse in Florida.
Thus, the spam that Americans receive and blame on other countries is in fact perpetrated upon them by American spammers, who are simply doing business and crime through other countries. Likewise, I would expect that most spam Koreans get is from Korean spammers, and most spam Chinese people get is from Chinese spammers! --FOo 03:51, 28 Mar 2005 (UTC)
I've noticed that most spam i get doesn't seem to be very well targeted though, i get shitloads of spam in english that is obviously targeted at americans and a fair bit that is in languages/scripts i can't even read (chineese being the most common) but very little that is actually relavent to me as a brit. Plugwash 09:11, 26 November 2006 (UTC)

"Don't reply" a myth?[edit]

According to PCWorld, replying to spam asking to be removed actually works: http://pcworld.about.com/magazine/2208p107id116572.htm see also: http://www.zyra.org.uk/spam2a.htm

Well, it depends on the spammer. In the case of "mainsleaze" spam -- spam sent by major companies, or advertising agencies working for same -- replying may indeed get you (temporarily) removed from their list (until they harvest your address again).
Many spammers, however, send forged mail. Sometimes they make up a fake email address, in which case replying to the spam will get you nothing but a bounce message.
And in some cases, spammers have definitely used "unsubscribe" messages or links as a confirmation that an address is read. For instance, anti-spam activists will sometimes go to an "unsubscribe" Web page and submit a brand-new, just-created, never-used email address. If that address suddenly starts getting spam, that's a good indication that the spammer was using the "unsubscribe" link fraudulently.
In any event, most anti-spam folks advise not to "unsubscribe" from anything that you didn't willingly subscribe to -- instead, report it as spam to an anti-spam service like Spamcop, or to the ISP of the host that sent it. --FOo 22:17, 25 August 2005 (UTC)
The CDT did a formal study or two (in '03 or '04?) that showed that this is NOT a myth. IIRC, unsubscribing was shown to work with some sources, but more often resulted in more spam.

Alternative transport?[edit]

There are these guys: http://www.im2000.org/ Even if the project ends up going nowhere, the concept of adjusting or moving away from SMTP transport should be mentioned, no?

It's a fringe idea, and there are some serious problems with it. It can certainly be mentioned that some researchers have proposed abandoning SMTP mail, but it would be inappropriate to suggest that this is a solution or that any number of email users are actually reachable through non-SMTP transports. --FOo 06:02, 28 August 2005 (UTC)
Fair enough, although I find the line between "fringe" and "experimental" a bit fuzzy. Plus, due to the amount of spam I get, CR systems aren't reachable by me either :) im2000 and attention bonds, neither of which have lit the world on fire, probably belong in an "other approaches" section. Vonfraginoff 21:27, 28 August 2005 (UTC)
Any open communication network that allows someone to send you a message will be a target of spammers. I don't believe that a new protocol will solve the problem. What is required is more development of reputation systems and identity systems to allow receivers to select from whom they wish to receive unsolicited messages.

Too many links[edit]

Wikipedia isn't a link farm, but the end of this article is looking rather cramped, and is attracting link spam. Does there need to be this big list of products? -82.33.52.78 02:53, 4 September 2005 (UTC)

No, there doesn't. --FOo 04:52, 4 September 2005 (UTC)

Move to Wikibooks[edit]

This page would be much better at Wikibooks. It provides information and an overview of ways to stop e-mail abuse. Does anyone object if I nominate this article to be moved to Wikibooks? Templates can have external links in them, by the way. Miss Madeline | Talk to Madeline 19:51, 18 November 2005 (UTC)

I proposed (see the top of this page) to change this article title and content to cover all spam (i.e. unsolicitited bulk messages) shortly before you proposed this. I didn't make the change I proposed because just before doing so, I saw how many pages link to this one. So if you're going to move this to wikibooks, which seems like a good idea, will you title it to cover not just email? What happens to the ~50 pages that link here? An auto-redirect to wikibooks feature exists? Or will folks get here and manually click over to wikibooks, or are you prepared to take the time to edit the ~50 pages that link here to point to the new wikibooks article instead. I'll commit to doing half. -Elvey

"Do not email lists"[edit]

I've heard several people mention a "do not email list". Is there some reason it isn't mentioned in this article? (Is there some other article that discusses do-not-email lists?)

"Such a thing does not exist" is *not* a good reason for leaving it out -- if it's a hoax/myth, then it's even more important to mention it and then tell people that it is a hoax/myth.

The article Enabling the Complaint Department briefly mentions how Blue Security uses a one-way hash to distribute their "do not email list". That technique makes it impossible for spammers to extract email addresses from that list.

--DavidCary 00:50, 4 January 2006 (UTC)

You are right, "do not spam" lists should be mentioned. If I recall correctly, there actually are some of those lists out there, run by people other than governments. I seem to recall that the DMA even has one.

There are many problems with them:

  1. Hashing the email addresses does very little to protect the email addresses. Spammers will simply check their lists and see which email addresses are on it, thus creating a list of better email addresses to spam. Spammers currently do dictionary attacks via SMTP to try and determine which addresses are valid, doing a dictionary attack on a hashlist is vastly cheeper, so you can be certain they will try that. They have millions of zombied machines to do the work, so it wouldn't even cost them much.
  2. Many domains will want to be able to opt-out all of the email addresses. If this is allowed, then the vast majority of all email addresses will be opted-out immediately. If this is not allowed, then doamins will simply submit all of their valid email addresses, plus all email addresses that used to be valid (since they get spam), plus all possible email addresses that could be valid in the future in order to prevent address harvesting as mentioned above. This would create many terabytes of data per domain, but that isn't the domain's problem. Even if opting out the entire domain is allowed, some domains would probably submit the trillions of possibly valid email addresses anyway, in order to detect spammers who spam the do-not-spam list.
  3. Who pays for maintaining the list? If it is the spammers or the government, then you will encourage domains to submit the trillions of possibly valid email addresses. If it is the end-user, then such a list would be hugely unpopular.
  4. Different people want to exclude different types of spam, and they have different ideas of what "spam" is. Would you be able to opt-out of just porn, and if so, what is the defintion of porn? Would you be able to opt-out of political emails?
  5. Enforcing such an opt-out list would be very hard, making the whole effort pretty much useless.

A far better system, which would solve most of these problems, would be simply to have an opt-in list, instead of an opt-out list. People who *do* want spam can simply sign up to get it.

Wrs1864 11:00, 5 January 2006 (UTC)

Mail expire ?[edit]

Some can add mailexpire? http://www.mailexpire.com/

Addressing Article for Deletion issue: how-to manual[edit]

The recent AfD proposal complained that this article is too much of a "how-to manual". I tend to agree and I have tried to rewrite some of it to make it better, but I don't think I made much progress. I think the article title, "stopping e-mail abuse" is part of the problem, and I think changing it to something else would help. I think some of the problem is that many of the anti-spam techniques are things that individuals must do, and since most people don't want spam, these techniques end up sounding like how-to tips rather than neutral point-of-view descriptions of the ideas.

I encourage people to take another stab at this article. Be bold.

I think that creating a wikibook is certainly a valid thing to do. It can concentrate on the how-to stuff. However, I think there should still be an encyclopedic article covering of the various techniques. Wrs1864 21:32, 7 December 2006 (UTC)

I've beem making some changes here, and I see that Barrylb has also. I would be interested in knowing if we are actually making progress or not. As I mention above, I find it hard to keep my very strong anti-spam point of view from coming across and making it a how-to manual. Wrs1864 23:32, 12 December 2006 (UTC)

Renaming this article from "Stopping e-mail abuse"[edit]

I would like to rename this article to 'Anti-spam techniques'. The article sounds like a how-to manual or essay. -- Barrylb 01:54, 8 December 2006 (UTC)
Since there are no objections I will go ahead and rename the article to Anti-spam techniques. I've checked a lot of the links to this article and they seem to use the article in this context. -- Barrylb 02:50, 9 December 2006 (UTC)

Rename is OK, but how about calling it 'Anti-email-spam techniques,' since there is non email spam (e.g., in on-line forums) so specifying 'email' would make the title more accurate. Minasbeede 20:25, 10 December 2006 (UTC)

Good point, Minasbeede... I think 'E-mail anti-spam techniques' would be more consistent with other articles though. Wrs1864 20:44, 10 December 2006 (UTC)
How about 'Anti-spam techniques (e-mail)' ? I think this is the more common style of disambiguating an article topic. Barrylb 01:47, 12 December 2006 (UTC)

I tried going to the wikipedia IRC channels and asking questions about this, but didn't get any clear answers or guidance. I *think* the standard way of doing things is to name the article, say, "anti-spam techniques". If another article needs to be created for IM spam, or blog spam or whatever, then those would either be added to this article, or a new article would be created with, say "anti-spam techniques (messaging)" and a "also see" header would be added at the top. If the other articles become popular enough, then this article would be moved to "anti-spam techniques (e-mail)" and this would be come a disambiguous page. Basically, don't worry about the general problem until there is a general problem. Thoughts? Wrs1864 04:17, 12 December 2006 (UTC)

I guess the question is whether we want to have information about IM spam, blog spam, forum spam in the article. I'd rather just keep the article about email and specify that in the title to make it clear. If we include all the other types of spam then the article could become unwieldy. -- Barrylb 04:57, 12 December 2006 (UTC)
Well, I think the point is that since it is easy to rename articles and since there aren't currently articles on anti=spam techniques for IM/blog/VoIP, we don't need to worry about it right now. The important thing is to get the name changed to something that doesn't scream "This is a howto manual!". When I was on the #wikipedia IRC channel, I mentioned that I was trying to change the name from "stopping e-mail abuse" and two people (I think both admins) immediately said to delete it because howto manuals are not appropriate. 23:30, 12 December 2006 (UTC)
If we just call it "Anti-spam techniques" how will we word the opening paragraph? It would need to define anti-spam techniques in general terms and lead us to including all types of anti-spam techniques in the article (not just email). Barrylb 04:43, 13 December 2006 (UTC)

Based on the above discussion which first suggested naming the article "Anti-email-spam techniques" then "E-mail anti-spam techniques" I think I can conclude we like the idea of including 'email' in the article title. I suggested merely renaming that to "Anti-spam techniques (e-mail)". I am going to be bold and proceed with my idea so that something happens. Feel free to change it if there are objections. Barrylb 22:39, 14 December 2006 (UTC)

Well, I have gone through and fixed a bunch of the redirects. "E-mail anti-spam techniques" would have made a lot of the links read nicer with less editing, but this is still much better than the earlier name. I hope others will fix up a few links also. Wrs1864 03:02, 15 December 2006 (UTC)

mass revert[edit]

  • 59.94.144.185 is an open proxy according to the CBL. Two basic patterns don't warrant a paragraph each in an already big article IMHO.
    Rjwilmsi only corrected some typos in the above edit.
  • FairUCE is somewhat dead (and the article is big).
  • Pjbrockmann's edits are somewhat WP:COI, compare this edit to this edit. It is unlikely that one webpage gives information on both Anti-spam techniques and Mobile VoIP. However, I must admit, I mostly reverted it because challenge/response is often unsolicited bulk e-mail (WP:NPOV). Erik Warmelink 08:47, 28 May 2007 (UTC)


Hello,
i believe the edit made by this IP:59.94.144.185, on 08:56, 19 May, was an edit done by me, i do not have an account here, hence an annonymous edit.
i have a DSL connection from a Govt run ISP[BSNL, Main Internet Backbone Service provider], and i confirm it is not a proxy server. they give us dynamic IP's.
these are techniques developed by me, and after these i have No Spam coming from any of my sites contact pages! and i believe these should be reincluded into the page.
Regards
msolutions[dot]co[dot]in[aT]g mail[dot]com
I didn't revert it because it was spam. I reverted it because in my humble opinion the tests lack notability.
PS, please sign your posts on talk pages using four tildes (~~~~).
PPS, 59.94.136.32 is also listed on the CBL, see this link. That's probably not because your computer is an open proxy (the listing is more than 4 days old), but creating an account might be a good idea. Erik Warmelink 20:46, 28 May 2007 (UTC)
Thanx for the advice, i have been a wiki user, but just learning the ropes here where editing is concerened.
I respect your judgement, the reason why i listed them in Rule-based content filtering and not as a seperate heading. Where spam via contact/ comment pages is a big issue, and this is an easier and simpler way rather than (troublesome) captchas, and i believe should be looked into.
I here am just learning the ropes, but again, i would request you to explain why my techniques are not notable, so i have a better understanding of your views, and wikipedia content acceptability. M 59.94.136.29 17:04, 29 May 2007 (UTC)
It would be hard for me to proof your techniques are not notable (I would have to show that all Reliable sources don't mention your technique), yet it should be fairly easy for you to give a reference to such a source if it were notable. In this case, I think that your techniques are not notable, because I used them before you published them (and I just used ideas which others published).
PS: both 59.94.136.29 and 59.94.131.255 are listed by the CBL, but (again) those listings were created before you used those IP adresses, creating an account would help. Erik Warmelink 19:07, 30 May 2007 (UTC)
Ooops! so basically everybodies recreating the wheel, and feeling happy about it! same thing happened with Unix if u remember, a guy wrking on it, decided to post it on the UseNet, and the word got around only to know there were others wrking on the same thing, and it became a success!
If you could guide me as to where i should post it so it becomes notably from a reliable source, i see u r a UseNet person, perhaps you could help me out here. Any step towards a spam free world would be welcome by any! (i will make an account as soon as i get the chance to, i apologise for this) . M. 59.94.143.222 17:14, 1 June 2007 (UTC)
Yes, I remember (it was Linux, not Unix).
I can't tell you where you can post so it becomes notable. If it is notable, others will write about it. To make it notable, your solution should be better than other solutions. Talking about it, doesn't make it notable. 59.94.143.222 is CBL listed Erik Warmelink 13:38, 5 June 2007 (UTC)
I did a mass revert on edits by Pjbrockmann again, there were again false claims about Challenge-response spam filtering. When I tried to resolve the "red" links, the first were rather easily resolved
In fact, it was so easy that IMHO he could have found them himself. When I noticed Disposable e-mail address was in the original (and Address munging too), I decided that I have better ways to spend my time. Erik Warmelink 12:18, 5 June 2007 (UTC)

Ok, I understand the COI issue and appreciate the capitization sensitivities. Thanks for the education Erik. However, there are still credible edits to this article. Removing content outside the structure of a logical flow (How is Address Harvesting a user response to spam?) should still be contemplated. Recognizing the cost of many anti-spam techniques in terms of spam elimination AND false-positives ought to be part of the discussion here. Pjbrockmann 17:22, 7 June 2007 (UTC)

O yes, there are a lot of credible edits which should be done. Some of your edits do improve the article, but I couldn't let those edits stay because of other edits which (again, IMHO) only worsened the article without reverting them all. Perhaps I didn't try hard enough, if that's true I apologize.
If you could make those edits for which one needs to have a fluency in English, before making the edits which IMHO aren't neutral point of view, I would be extremely happy.
By the way, I have a conflict of interest too, the current amount of (I don't know which they are and I don't care) bounces, callback verifications and/or challenges often makes it hard (or even impossible) to edit wikipedia. I don't lack bandwith (my connection is 100 Mb/s), but I do have a somewhat slow computer (only 450 MIPS, the syslog daemon is taking more than 50% of the CPU-power during attacks, sendmail forks, but even all its children combined take less time than syslogd after I tell it which address is currently abused by spammers). Erik Warmelink 00:38, 8 June 2007 (UTC)


Reorganize and pruning[edit]

I'd like to reorganize this article and remove some content (for example, address harvesting isn't an anti-spam technique) to point out that some of these techniques are imbedded in anti-spam products (appliances, services and software) while others are used for researchers and law enforcement. Pjbrockmann 17:12, 17 July 2007 (UTC)

I've renamed that section to "Avoiding E-mail Address Harvesting". It is an important technique. You are welcome to do some reorganizing. -- Barrylb 18:10, 17 July 2007 (UTC)

Under "Techniques for researchers & law enforcement" the only method listed is Honeypots. Aren't these used by email administrators anyway? Surely not just limited to researchers and law enforcement? -- Barrylb 11:22, 20 July 2007 (UTC)

"Honeypots" might need disambiguation. Some use that term for email trap addresses (used to detect spam since they aren't "real" email addresses.) "Honeypot" for network security denotes a computer system that presents the appearance of having some vulnerability but in reality captures information about some form of network abuse. When the term "honeypot" became very current in the anti-spam community (primarily in the group news.admin.net-abuse.email) it was used at first to denote a computer system that looked like it provided an open relay email service but didn't. At that time spammers frequently and routinely would test large blocks of IP addresses to see which of the addresses, if any, in that block were assigned to a system that functioned as an open email relay. Email administrators may create and use email trap addresses in a routine fashion. Almost anyone could set up an open relay honeypot and there were software products created to allow ordinary users to operate an open relay honeypot, as mentioned in the article. Open relay honeypots are a tool against spam but they are used against a particular type of network abuse. There were also software products created that could be used to combat open proxy abuse used to send spam after that form of abuse to send spam became more prevalent. Open relay abuse and open proxy have declined substantially since those honeypot tools came into use. The same idea could be used to combat spam zombie networks: create fake zombies. There has been a distinction made between "research" honeypots and "production" honeypots. The honeypots used to combat spam were production honeypots.Minasbeede 14:00, 20 July 2007 (UTC)

Not sure if it is the right place, not only that, still not really sure how to add stuff to wiki, so please delete this discussion if i have made a mistake, but I have noticed that some systems also check that the domain of the sender matches the IP address. I noticed HELO checking and FCrDNS in the article but didn't notice this (domain of sender match to IP address) mentioned. source: microsoft article id 300171. regards byron / beroccaboy.

Fake MX[edit]

I suspect that fake MX may have some utility. In my experience (which is now old) there were spammers who sent spam to systems for which there was no active MX record pointing to that system. The spammers apparently had address lists that included the equivalent of a@x.y.z and attempted delivery directly to x.y.z even though the only MX record for x.y.z pointed to w.y.z. So these particular spammers, apparently, ignored MX records altogether.

Those interested in experimenting could research this. Create a fake email address (victim@mysystem.ISP.com) and run Jackpot on mysystem.ISP.com (assumed to be a Windows system not running any MTA.) In addition to trapping any relay tests aimed at mysystem.ISP.com Jackpot would also intercept any spam sent to the fake address. (Linux/Unix users could do something equivalent.) --Minasbeede 17:33, 29 August 2007 (UTC)

Cost-based systems[edit]

Is Boxbe ( https://www.boxbe.com/ ) notable enough to add to the "Cost-based systems" section? --70.130.47.149 20:33, 9 September 2007 (UTC)

Is Vanquish? Neither is, IMO.--Elvey (talk) 20:03, 12 February 2009 (UTC)

process mbox: separation of messages.[edit]

The key information is absent in the article. Assume, there are some messages (perhaps, with attachments) in the mailbox file called mbox. The antispam program needs to read this file, filter it and write back some part of the content. Before to analyse each message (spam or information), the program should separate messages.

How does the antispam program identify the end of one message and beginning of the next message?

This section should appear BEFORE sections describing criteria for authomatic removal of messages.

dima (talk) 10:56, 12 July 2008 (UTC)

HELO fqdn requirement[edit]

The "citation needed" marks are absolutely right. I do not know who brought in the 50 percent of denied spam mails but the RFC2821 does not rely on a FQDN. There should be read carefully SHOULD, and not MUST -sic! Thus, I suggest to change the article, -wofa07, 85.178.19.208 (talk) 00:06, 13 March 2009 (UTC)

HI! several comments. First, I'm the one who put the "citation needed" by the 50% on the HELO checking. (Actually, I put one by the 25% later in the article too.) I agree that there needs to be some citations dug up on this, but I actually strongly suspect that something in the 20+% range is accurate. There are lots of things that are good spam indicators and that work in practice, even if the RFCs say otherwise. So, yeah, RFC 5321 (which replaces RFC 2821) says that you aren't supposed to validate the HELO, that doesn't mean it doesn't work in practice. Wrs1864 (talk) 01:32, 13 March 2009 (UTC)
HELO wrs1864! Exactly this is my point. I do not even believe in the 10% range. From my experience, one has to check out the sender's ip, the sender's MAIL FROM:, the RC2822 From:, the relays, and finally the RCPT TO tags. This bundled stuff comes to a good estimation of spam or non-spam. How can I distuingish between the goods and the bads? If I deny acceptance too early, I have some risk of false positives, or? This was at least my reason to prefer the assessment method (simply mark it as spam and leave it to my customers with a little help). Meanwhile, I deleted this stuff in the article, and replaced it with some remarks concerning the rules of RFC2821 & RFC2822. I was not aware that there is a new replacement (RFC5321), thanks for it. I hope that I didn't changed things obsoleted by RFC5321... -wofa7,Wofa07 (talk) 02:18, 13 March 2009 (UTC)
The purpose of wikipedia articles is to describe the subject, we aren't supposed to pass judgment (see WP:NPOV), or to tell people how to do stuff (see WP:NOTHOWTO). This article was almost deleted once because it had way too much "how to" stuff in it, which I admit is very tempting to add. So, if you admit that the HELO checks can catch any spam, and that people are using it, then we should describe it. Your objection is the percentage, which I agree needs a citation to back up. This article is also supposed to be an overview/summary, and is way too long as is. I think it may be time to go through it and move stuff out to separate articles and bring the writing back up into compliance with wikipedia policies. *sigh*. Wrs1864 (talk) 10:15, 13 March 2009 (UTC)

Article is entirely about mailstream-filtering, which is only one aspect of the issue.[edit]

This article is supposed to be about anti-spam measures, but in fact is almost entirely about filtering of inbound mailstreams to remove spam.

This is a bit like saying that the only anti-smoking technique is chemotherapy.

The first, and most effective, antispam measure should be to educate webmasters about the insecurity of 'mailto' URLs and the harvesting risk that these pose. Add to this section the need to protect against other (albeit less significant) methods by which addresses may be robotically collected, such as domain-spraying.

Anything placed after that point in the delivery-chain is symptom-treatment, designed to control a problem which would have been better avoided in the first place.

Perhaps the article should mention this first, before filtering?

-After all you could chase the thief using a forged copy of your creditcard around town all day with a sawn-off shotgun trying to blow his head off, failing miserably, and maiming a few passersby in the process... and then EVEN if you finally manage to nail him, there's another to deal with. And another. Or, you could rethink you policy of flashing the card around so anyone can read the number. Which is easier? --Anteaus (talk) 13:36, 20 March 2011 (UTC)

SPF[edit]

Sender Policy Framework should be discussed.

The sending domain uses its DNS record to advertise which domains can legitimately send email "From:" that domain.

A site receiving an email purportedly "From:" a domain then checks against the published DNS record.

If all sites sending and receiving email were to implement this standard then email with forged "From:" addresses would be eliminated. — Preceding unsigned comment added by 94.30.52.142 (talk) 11:59, 1 July 2011 (UTC)


Splitting into server/client pages[edit]

Please post your thoughts on splitting this page by what methods are used by users or admins.

Also please let me know what needs to be done apart from the client/server split, renaming and relinking pages, wp:subarticle.

Here are some sandbox pages: [2] [3] --Tim (talk) 16:22, 22 February 2012 (UTC)

To be honest, I'm not convinced that the article really is too long, the readable prose tool says it's comfortably below 50k:
  Prose size (text only): 39 kB (6401 words) "readable prose size"
it looks like it's just got a lot of small sections that look very, very large in the contents section.- Sheer Incompetence (talk) Now with added dubiosity! 16:50, 22 February 2012 (UTC)
I understand this page is not over 50k but like you said that dose not make it readable. Additionally it's about 2 mostly separate things; from a users perspective the server side methods(software mostly) are not applicable and just confuse the issue. Just like from the sysadmin perspective the user methods(policy mostly) are out of his control and just make for a cluttered page as there are really only 4 options available on the server. --Tim (talk) 17:36, 22 February 2012 (UTC)
I removed the split tag because after reading the proposals above, I thought it would be even more confusing than it is at the moment. I think this page needs to discuss the various techniques available at a general level e.g. Blacklist, Message analysis etc, without discussing the location of the technique. It then ought to discuss where the techniques could be applied i.e. Rx client rx server etc. Thne a table could be given with the techniques down the side and locations accross the top indicating where the techniques could be applied. If the individual techniques are notable then they could be givent their own articles. In the mean time, how it is is better than nothing. Op47 (talk) 16:07, 5 May 2012 (UTC)

The 2012 merging proposal (server + users)[edit]

This page and Anti-spam techniques (users) show merge from/to templates dated October 2012. Curiously, there is no section relating to that discussion. Let's gather some opinions and then either do it or not, but removing those top boxes anyway. Please tag opinions with merge/keep.

merge: Many subsections overlap, albeit the points of view differ. Since the role of these pages is to provide a readable list of known techniques to both users and admins, they could be merged so as to ease understanding one another's point of view. Reasons and trends about some actions being carried out on servers or clients could be mentioned. JM2C. ale (talk) 11:23, 4 September 2014 (UTC)