Click Here
for more articles |
|
|
How Spammers Fool Whitelists - And How to Stop Them |
by:
Paul Judge, CTO, CipherTrust, Inc. |
Effectively stopping spam overlong-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled withincreasing number of spammers inwild has createdhyper-evolution invariety and volume of spam. The old ways of blockingbad guys just don’t work anymore.
Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail asefficient, effective communication tool it was intended to be.
One method used to combat spam is whitelisting. Whitelists are databases of trusted email sources. The list may contain specific email addresses, IP addresses or trusted domains. Emails received fromwhitelisted source are allowed to pass throughsystem touser’s email box. The list is built when users and email administrators manually add trusted sources towhitelist. Once built,catch-rate for spam can be close to onezerozero%, however, whitelists produceinordinate number of false positives.
It is virtually impossible to produceexhaustive list of all possible legitimate email senders because legitimate email can come from any number of sources. To get around this difficulty, some organizations have institutedchallenge-response methodology. Whenunknown sender sendsemail touser’s account,system automatically sendschallenge back tosender. Some challenge-response systems requiresender to read and decipherimage containing letters and numbers. The image is designed to be unreadable bymachine, but easily recognizable byhuman. Spammers would not spendtime required to go throughlarge number of challenge-response emails, so they dropaddress and move on to those users who don’t use suchsystem.
Whitelists are only partially successful and impractical for many users. For example, problems can arise when users register for online newsletters, order products online or register for online services. Ifuser does not remember to addnew email source to their whitelist, or ifdomain or IP address is entered incorrectly,communication will fail. Additionally, whitelists impose barriers to legitimate email communication and are viewed by some as just plain rude.
Whitelists are not widely used by email users and administrators asprimary tool to fight spam because ofhigh number of false positives, anddifficulties in creatingcomprehensive list of email sources. Because whitelists are not widely used, spammers typically do not develop countermeasures. As with other spam fighting techniques, whitelists are most effective when used in conjunction with other anti-spam tools.
The Solution
When used individually, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to ridworld of spam, such as chargingpenny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would requirelarge percentage ofpopulation to adoptsame anti-spam method in order to be effective. You can learn more aboutfight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.
Aboutauthor:
Dr. Paul Judge isnoted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust,industry's largest provider of enterprise email security. The company’s flagship product, IronMail providesbest of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting www.ciphertrust.com/products/spam_and_fraud_protection today.
Circulated by Article Emporium
|
|
