An article that discusses various spam filtering techniques was recently posted on AllSpammedUp, and I wanted to share it with you because it contains some valuable information on fighting spam.
There isn’t a single, “one size fits all” way to catch all spam. Spam filters use various techniques, such as backlists and whitelists, Bayesian analysis, trend analysis, heuristic analysis, word lists, and much more. These days, spammers are aware of many of the anti-spam techniques that are used, and they are constantly trying to find ways around these techniques by altering the spelling of keywords, forging headers and addresses, sprinkling words from literature throughout the message, and other techniques.
The article talks about using trend analysis, content filtering, word lists, blacklists, Sender Policy Framework (SPF), and Challenge-Response.
You can read the original article here:
MDaemon includes many tools for fighting spam, including SPF & SenderID, heuristic analysis, Bayesian Learning, IP Shielding, spam filter blacklists, reverse lookups, and much more.
SPF & SenderID provide a way for a receiving server to determine if an incoming message came from a location that was authorized to send mail from the sender’s domain. You can learn more about SPF here:
And here is a short video on how SPF works, and how to enable it in MDaemon:
DomainKeys Identified Mail (DKIM) is an anti-spoofing technique that uses an encrypted public key, published in DNS, and each message is signed with a private key. The private & public keys are compared for a match. This video will demonstrate how DKIM works:
Tarpitting and greylisting are other spam fighting techniques. Tarpitting will slow the connection down once a specified number of RCPT commands have been given. This is to discourage spammers from sending bulk mail through your server. You can learn how to set up tarpitting in this video:
Greylisting is a technique that exploits the fact that SMTP servers retry delivery of a message that receives a temporary “Try again later” error. Using this technique, when a message arrives from a non-white listed or otherwise previously unknown sender, its sender, recipient, and sending server’s IP address will be logged and then the message will be refused by Greylisting during the SMTP session with a temporary error code. Then, for a designated period of time (say, 15 minutes) any future delivery attempts will also be temporarily refused. Because spammers do not typically make further delivery attempts when a message is refused, greylisting can significantly help to reduce the amount of spam your users receive. But, even if the spammers should attempt to retry delivery at a later time, it is possible that by that time the spammers will have been identified and other spam-fighting options (such as DNS blacklists) will successfully block them. This video explains how greylisting works & how to set it up in MDaemon:
Be sure to feed your Bayesian Learning filters with examples of spam and non-spam messages. Here’s more information on training the Bayesian Learning process:
These are just a few of the many spam fighting tools in MDaemon. One single spam-fighting technique may not be good enough to thwart the spammers, but when all anti-spam tools are used together, your spam filter can be surprisingly effective.