- €55-250 million annually. 60%
global mail traffic.
50-75%
from all Russian mail traffic. Modern anti-spam tools filter 85-98% of spam. The global sales market for antispam filters and services in 2004 was approximately $500 million (according to IDC estimates).
Most antivirus vendors have included antispam components in their products. During the year, there were several acquisitions of anti-spam software manufacturers by anti-virus companies (in particular, the purchase of BrightMail by Symantec for $340 million). In Russia, antispam filters were installed by the majority of holders of public postal services and most providers, which made it possible to alleviate the problem of spam for their clients. The undoubted leader in Russia in terms of sales volume and number of protected mailboxes is Spamtest technology.
1. PREVENTION#1 way to fight spam is to protect your address. If spammers don't know your address, there will be no spam. If your address appears on the Internet, you will have to throw it away and create a new one, it will only be a matter of time. And, as a result, you have to inform all your friends and partners again of the new address, and you may lose a number of contacts. To prevent this from happening Create two email addresses. One address for long-term contacts (don’t post it online).
Another address for making contacts, using the network (chat rooms, bulletin boards, etc.).
Then there should be no spam at the first address, because it is not known on the network.
When spam arrives at the second address, just throw it away and create a new one.
2. SELECTING A NAME People strive to get the most concise address. Let's say sergey@mail.ru is cool and what a pity that all the simple addresses are already taken. Rest assured that [email protected] spam is pouring in non-stop. It’s cool to have a laconic site name, but the email address will still have to be communicated to everyone personally, even if it is from numbers or original, not a hackneyed word. By the way, for this purpose, the leading mail gmail.com registers names of at least 6 characters. All short names have long been included in spam lists.
3. HTML SPECIAL CHARACTERS The simplest and most commonly used method of protecting against spiders is encoding an email address using special HTML characters. Instead of a dog - @
. But today this method is hopelessly outdated.
Robots easily find such addresses.
4. JAVASCRIPT On the anti-spam code generator page you can generate your own script. Since these scripts for hiding addresses are created at home, they are very diverse and there are no programs that can extract email from JavaScript. Today this is the most reliable address protection on the network.
5. ANTI-SPAMMERS But what if you are exposed, or you are so famous that it is impossible for you not to be exposed, you cannot do without an antispammer. There are many anti-spammer programs, you can download them online.
What I don’t recommend doing.
I came to the conclusion that all these antispams are small and weak, and a person cannot handle a sensible antispam; only a reputable company, say, such as Gmail.com, can do this. Their spam remains on the server, you can always go in and correct it. So my strong advice: get yourself an email account on Google.
I have never seen a better spam filter; all spam remains on the server, which can always be viewed and corrected if desired. Antispammers do not completely solve the problem, but make life easier with the problem.
6. POCKET PC AND WAP Spam has reached this level, but today there are fairly reliable means of protection. Therefore, the development of this issue is not relevant.
What methods are there to combat spam?
There are two main methods of protecting a mail server from spam: protecting against spam when it is received by the mail server, and separating spam from the rest of the mail after it is received by the mail server.
Among the first method, the most popular methods are the use of DNS Black List (DNSBL), Greylisting and various delays when sending mail; use of various technical means, such as checking the existence of a user on the sending side (callback), checking the “correctness” of the sending server using such methods as the presence of a record in the reverse DNS zone, the legality of the name when setting up an SMTP session (helo), checking the SPF record (for this to work in DNS records about the host, the corresponding entry about the legitimate sender servers is used).
Among the methods of analyzing the content of a letter, the most popular methods are checking using various algorithms, such as searching for special keywords advertising nature or based on Bayes' theorem. The algorithm based on Bayes' theorem contains elements of probability theory, is initially trained by the user on messages that, in his opinion, are spam, and subsequently separates messages that contain spam based on characteristic features.
So, let's take a closer look at these email filtering methods.
Black lists or DNSBL (DNS Black Lists)
Blacklists include addresses from which spam is sent. Widely used lists are “open relays” and “open proxies”, and various lists of dynamic addresses that are allocated by providers to end users. Due to their ease of implementation, the use of these blacklists is done through the DNS service.
Gray lists or greylisting
The operating principle of greylisting is based on spamming tactics. As a rule, spam is sent in a very short time in large quantities from some server. The work of a gray list is to deliberately delay the receipt of letters for some time. In this case, the address and time of forwarding are entered into the gray list database. If remote computer is a real mail server, it must store the letter in a queue and resend it within five days. Spambots, as a rule, do not save letters in the queue, so after a short time they stop trying to forward the letter. It has been experimentally established that on average the time it takes to send spam is just over an hour. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is entered into the local White list for a sufficiently long period of time.
Performance Analysis
The first two methods allow you to filter out about 90% of spam at the stage of delivery to the mailbox. Already delivered mail can be marked by means of analyzing the contents of the letter, for example, using the SpamAssassin program. This product allows, based on special algorithms, to add corresponding lines to the headers of letters, and the user, based on mail filters in the mail client, can filter mail in required folders mail program.
Conclusion
Of course, there are other methods of protecting against spam, the most effective, unfortunately, on this moment are preventive measures, such as not leaving your real email mailbox on websites, forums and message boards, using temporary addresses for such needs, which can later be deleted, if it is necessary to publish the mailbox on the site, use text instead graphic image and similar measures.
You can connect and configure GreyListing through the ISPmanager panel in the "Features" section
You can find out more about setting up anti-spam methods through the control panel here DNSBL and here Greylisting.
This is a new Kaspersky Lab product designed for comprehensive protection home computer. This program provides simultaneous reliable protection against viruses, hackers and spam. The Kaspersky Anti-Spam module is one of the elements of this home computer protection system. First of all, it should be noted that Kaspersky Anti-Spam is not an independent product and does not work separately from Kaspersky Personal Security Suite. To some extent, this can be called a disadvantage, since users cannot use Kaspersky Anti-Spam separately, but comprehensive protection also has its undoubted advantages.
Anti-virus protection and firewall have been discussed more than once on the pages of our publication. Therefore, in this article we will look exclusively at the operation of the antispam module.
The basis of Kaspersky Anti-Spam is the intelligent SpamTest technology, which provides: fuzzy (that is, triggered even if there is an incomplete match) comparison of the letter being checked with samples - letters previously identified as spam; identification of phrases characteristic of spam in the text of the letter; detection of images previously used in spam emails. In addition to the criteria listed above, formal parameters are also used to identify spam, including:
- "black" and "white" lists that the user can maintain;
- various header features mail message, characteristic of spam, - for example, signs of falsification of the sender's address;
- techniques used by spammers to deceive mail filters - random sequences, replacement and doubling of letters, white-on-white text, and others;
- checking not only the text of the letter itself, but also attached files in plain text, HTML, MS Word, RTF and other formats.
Installation of the antispam module
The module is installed during installation of Kaspersky Personal Security Suite. When selecting installation options, a user using email programs other than Microsoft email clients, may not install the module for Microsoft Outlook.
It should be noted that Kaspersky Anti-Spam scans any correspondence received via the SMTP mail protocol. Thanks to this, it can filter out spam in any email program, but more on that below.
Integration into Microsoft Outlook Express
The program does not have its own interface as such. In Microsoft Outlook Express, the Kaspersky Anti-Spam module is integrated as a menu and as an additional panel. 
One may note some inconvenience when using this panel, although it has nothing to do with the antispam module itself. Due to the principles of operation of the mechanism Microsoft programs Outlook Express Kaspersky Anti-Spam panel cannot be docked in a convenient place for the user. Each time you start the program, the panel will appear third. You will have to constantly transfer it to comfortable spot or come to terms with this state of affairs.
Program operation
When receiving mail, Kaspersky Anti-Spam analyzes incoming correspondence. If spam is detected, the letter is marked with a special label [!! SPAM] in the Subject field and placed in the Deleted Items folder. Messages identified as non-spam are not marked with anything and are processed by the mail program in accordance with established rules. If the program is not sure that the letter is spam, then the [?? Probable Spam] and the letter is placed in the Inbox for the user to make a final decision. In addition, the program uses two more types of labels: - for letters with obscene content and - for automatically generated letters, for example letters from email robots. 
Thanks to such labels, you can organize the work of Kaspersky Anti-Spam with any other email program. It is enough to create rules in your email client to sort emails by these tags. In Microsoft Outlook itself, such folders are created with one click of a button in the antispam module settings window.
Training program
The program can be trained in two ways: by classifying messages received by the user as spam - not spam, and by downloading updates from the Laboratory server. The first method allows you to train the program for the user’s personal email, the second allows you to quickly respond to massive spam events on the Internet.
When you launch it for the first time, Kaspersky Anti-Spam will extract from address book Microsoft Outlook all addresses to add them to the "Friends List". All letters from these recipients will be perceived by the antispam module as not spam and will be passed through without checking. Subsequently, the user can edit this list by adding or removing recipients to it. In addition to the "Friends List" there is also a "Enemies List". Any correspondence received from recipients on the Enemy List will be clearly classified as spam.
Adding recipients to your friends or enemies lists is done by simply clicking a special button on the Kaspersky Anti-Spam panel. Training is also carried out there. If you miss a spam email, you just need to click the “This is spam” button. A window will appear in which the user must tell the program what to do with this message. 
The “Send as an example of spam” command generates a letter to Kaspersky Lab with a message about spam for further training. This command can be ignored. You can neglect adding the author to the enemies, but you should definitely add the letter to the spam samples. This is how the program is trained for personal correspondence. 
Since Kaspersky Anti-Spam does not integrate into other email clients, its training in these programs is only possible through updates received from the Laboratory server. Unfortunately, this training option does not make it possible to train the program for the specifics of personal mail.
Settings
In the program settings you can: specify the location of the module databases, if the user wants them to be stored in a non-standard location; disable or enable filtering; set update parameters and view statistics. 
The Kaspersky Anti-Spam module provides sufficient full protection user email from spam. Like any other program, it requires training. And while this learning is taking place, correct emails may be mistakenly recognized as spam and vice versa. A relative disadvantage is that the module does not allow you to delete messages on the server that are obvious spam. The user still has to spend his traffic on these unnecessary letters. On the other hand, with this approach to spam filtering, not a single valuable message will be lost. In all other respects, Kaspersky Anti-Spam deserves the most serious attention, especially considering the integration of the module with other programs that ensure the security of the user’s computer.
According to statistics, more than 80 percent of malware penetrate into local network precisely through email. The mail server itself is also a tasty morsel for hackers - by gaining access to its resources, the attacker gets full access to the archives emails and lists email addresses, which allows you to get a lot of information about the life of the company, the projects and work carried out in it. After all, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by launching attacks on those addresses or composing fake emails.
At first glance, spam is a much lesser threat than viruses. But:
- A large flow of spam distracts employees from performing their tasks and leads to an increase in non-production costs. According to some data, after reading one letter, an employee needs up to 15 minutes to get into a working rhythm. If more than a hundred unwanted messages arrive per day, then their need to view them significantly disrupts current work plans;
- spam facilitates the penetration of malware into the organization, disguised as archives or exploiting vulnerabilities of email clients;
- a large flow of letters passing through the mail server not only degrades its performance, but also leads to a decrease in the available part of the Internet channel and an increase in the cost of paying for this traffic.
Spam can also be used to carry out some types of attacks using social engineering methods, in particular phishing attacks, when the user receives letters disguised as messages from completely legal individuals or organizations, asking them to perform some action - for example, enter a password for their account. bank card.
In connection with all of the above, the email service requires protection without fail and first of all.
Description of the solution
The proposed solution for protecting an enterprise's email system provides:
- protection from computer viruses and other malicious software, distributed via email;
- protection against spam received by the company via e-mail, and distributed over the local network.
Modules can be installed as additional modules of the protection system;
- protection from network attacks to the mail server;
- anti-virus protection of the mail server itself.
Solution Components
The mail service protection system can be implemented in several ways. Choice suitable option is carried out based on:
- accepted company policy information security;
- operating systems, management tools, security systems used in the company;
- budget restrictions.
The right choice allows you not only to build a reliable protection scheme, but also to save a significant amount of money.
As examples, we give the options “Economy” and “Standard”
The “Economy” option is built on the basis operating system Linux and maximum use free products. Composition of the variant:
- anti-virus and anti-spam subsystem based on products from Kaspersky Lab, Dr.Web, Symantec. If your company uses a demilitarized zone, it is recommended to move the mail traffic protection system into it. It should be noted that products designed to work in the demilitarized zone have greater functionality and greater capabilities for detecting spam and attacks than standard ones, which improves network security;
- firewall subsystem based on iptables2 firewall and management tools standard for the Linux operating system;
- attack detection subsystem based on Snort.
Mail server security analysis can be done using Nessus
The solution based on the “Standard” option includes the following subsystems:
- subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
- firewall and attack detection subsystem based on Kerio Firewall or Microsoft ISA.
Mail server security analysis can be done using XSpider
Both of the above options do not include security modules by default instant messages and webmail
Both the “Economic” option and the “Standard” option can be implemented on the basis of certified FSB and FSTEC software products, which allows them to be supplied to government agencies and companies with an increased level of security requirements.
Advantages of the proposed solution
- solution provides reliable protection from the penetration of malware and spam;
- Optimal selection of products allows you to implement a protection scheme that takes into account the needs of a specific client.
It should be noted that a full-fledged security system can only function if the company has an information security policy and a number of other documents. In this regard, Azone IT offers services not only for the implementation of software products, but also for the development of regulatory documents and auditing.
More detailed information You can learn about the services provided by contacting the specialists of our company.
Introduction to the problem
We all know what spam is because we have either encountered it or read about it. We all know how spammers collect email addresses. It is also no secret that spam cannot be completely defeated. The problem is how to maximally protect users who leave their contact details on your website with minimal effort.
Previously tested methods of protection
The biggest threat mailboxes represent programs that download websites and take postal addresses from the text of pages. They either download only your site, or wander around like search engines, throughout the network. If your site is small, the following text auto-replacement protection is quite sufficient:
]+href=)([""]?)mailto:(+)()@".
"()(+.(2,4))2([ >])~i", "1"mailto: [email protected]"
onMouseover="this.href="mai" + "lto:3" + "4" + "%40" + "5" + "6";"7", $text); ?>
Unfortunately, it won't work if you have a large site. Let's say spectator.ru, whose author was one of the first to use this method. If I were a spammer, I would go into personal settings, check the “do not show ears” checkbox, 1000 reviews on the page, and catch cookies with Proxomitron. Then, using a rocker or a PHP script, I would download pages with comments (substituting cookies with settings) and using regular expression I caught the addresses. I would get a small base for advertising mailings.
There were a couple more protection methods in which the mailto: link was automatically replaced with some other one, but the effect remained the same - when you clicked on it, the system client would create a letter to the desired address. Both of them did not stand up to criticism.
Meet the hedgehogs
Obviously, it is difficult to come up with another method of protection other than what has already been tested - providing a form on the site for sending a message. Let's start designing it. The advantages of this method are obvious: no one will be able to get addresses for their spam database from your website. It will not be possible to send messages by hiding your address, as spammers do - the web server will record its IP address. Lists of public anonymous proxy servers are updated regularly and it is easy to block access from them.
Form sender
Let's start with this, because this is the most difficult part.
When installing a form sender on a site, it is important to protect it from hooligan attacks, which can be no easier than spam. Therefore, we will have to make great efforts in this direction.
First, let's protect ourselves from stupid double clicks and sending many identical requests. The idea is this: the message will not be sent if the user has not previously opened the page with the form, and by opening the page with the form, the message can be sent only once. This can be done using sessions built into PHP. When opening a page with a form, we will launch a session in which we will save a variable, say $flag. We will display the session ID as a hidden element at the very end of the form. The user enters a message and submits the form. Upon receiving the form, the script starts a session and checks the presence and value of the $flag variable. If the variable does not exist, then this is a repeated click, the letter is not sent and an error message is displayed. If the variable exists, and the form data suits us (the required fields are filled in), the script sends a letter and deletes the session.
Secondly, let’s protect ourselves from smart hooligans by recording message logs. If the user submits a correctly filled out form, the script will look at the logs and check what is there. Yes, it should be banned
* send messages to the same address more often than a certain period
* send the same text to different addresses
* and simply use the form sender too often - say, no more than 10 messages per day per user
We display the session ID at the very end of the form, so that the hacker would need to download the entire form and parse it, which is more complicated than simply sending HTTP requests. Naturally, the form sender will issue messages about errors in writing the message, a requirement to indicate a return address, etc.
The resulting form sender code turned out to be too large to include in the text. It has been archived on the website. It seems that the script is working and sending messages.
Replacing addresses in text
Now the form sender is ready, and you need to replace all emails with links to it. Of course, you shouldn't do this manually. For myself, I wrote a script that automatically replaces addresses with links to the form sender.
...Disadvantages: more time for arranging links (compensated by the directory of links), the user, when hovering the cursor over a link, does not see what address he will go to. (Dmitry Smirnov, “Ideal author’s project, hypertextuality”)
All the mentioned disadvantages can be easily eliminated if you use code similar to the one I will now describe and show.
There is nothing complicated here; if these are links, then “more time for arrangement” is not required. On my site I use an engine script that is called by all pages, so it’s not a problem to add code to it or call it from it that replaces addresses. Mailing addresses were and are written directly in the text of the pages, but before being displayed to the user they are replaced with the required text. Compiling a database of links or email addresses is not a problem.
So what does an address replacer do? It searches for “mailto:” links in the text, selects addresses from them, sends a query to the database to count (count(*)) how many addresses from those on the page are in a special table. If there are new addresses on the page, then their number will be greater than the query result. In this case, a query is made in which address values are selected, and those already existing in the table are excluded from the list. The remaining list is sent to the table using an INSERT query.
As for ID addresses, in my opinion it is better to use something that a site visitor could not find. Can you imagine the link /email.php?id=10 leading to the form sender? What a temptation to put 11, 12, etc. there. and try sending them all a message. Therefore, I decided to use the md5 hash of the addresses as identifiers. It’s unlikely that anyone will undertake to select the hash. In the case of a directory of links, you can get by with ID, but then you have to select all the values from the database, and replacing addresses with their hashes is much simpler.
A command of the form is executed
]+href=)". "([""]?)mailto:(+@+". ".(2,4))2(.*?>)~ie", ""12"/email.php ?email=". urlencode(md5("3")). ""4"", $text); ?>
...which replaces addresses with their hashes. I did not dare replace the remaining addresses in the text with links, but made a simple replacement with addresses like vasya_at_pupkin_dot_ru. The autoreplacement code is also in the archive.
Bottom line
Hiding email addresses from visitors is quite easy. The autocorrect mechanism does not require additional effort, and you can continue writing site pages as if nothing had happened. Difficulties arise when protecting the form sender from web hooligans. This protection requires a lot of effort and complex code, so I have not yet used written code on the site. You can download an archive with an address substitute and a form sender, but I ask you very much: do not put it on your site in the form in which you downloaded it, I myself don’t know how reliably it works.
Loading...
