Menu
Is free
registration
home  /  Installation and configuration/ Basic methods of protection against spam. Protecting the mail system from spam and viruses How to protect information from spam

The main ways to protect against spam. Protecting the mail system from spam and viruses How to protect information from spam

This is a new Kaspersky Lab product designed for comprehensive protection home computer... This program provides reliable protection against viruses, hackers and spam at the same time. The Kaspersky Anti-Spam module is one of the elements of this home computer protection system. First of all, it should be noted that Kaspersky Anti-Spam is not a standalone product and does not work separately from Kaspersky Personal Security Suite. To some extent, this can be called a disadvantage, since users cannot use Kaspersky Anti-Spam separately, but comprehensive protection also has its undoubted advantages.

Antivirus protection and firewall from more than once considered on the pages of our publication. Therefore, in this article we will focus exclusively on the operation of the anti-spam module.

The basis of Kaspersky Anti-Spam is the intelligent SpamTest technology, which provides: fuzzy (that is, triggered even in case of incomplete match) comparison of the scanned message with samples - messages previously identified as spam; identifying phrases typical for spam in the text of the letter; detection of pictures previously used in spam emails. In addition to the criteria listed above, formal parameters are also used to identify spam, including:

  • "black" and "white" lists that the user can maintain;
  • various features of mail message headers typical for spam, for example, signs of falsification of the sender's address;
  • tricks used by spammers to deceive mail filters - random sequences, replacement and duplication of letters, white-on-white text, and others;
  • checking not only the text of the letter itself, but also attached files in plain text, HTML, MS Word, RTF and others.

Installing the anti-spam module

The module is installed during the installation of Kaspersky Personal Security Suite. When choosing the installation options, a user using mail clients other than Microsoft mail programs may not install the plug-in for Microsoft Outlook.

It should be noted that Kaspersky Anti-Spam scans any correspondence received via the SMTP mail protocol. Thanks to this, it can filter out spam in any email program, but more on that below.

Integration into Microsoft Outlook Express

The program does not have its own interface as such. In Microsoft Outlook Express, the Kaspersky Anti-Spam module is integrated in the form of a menu and an additional panel.

It is possible to note some inconvenience when using this panel, although it has nothing to do with the antispam module itself. Due to the principles of the mechanism Microsoft programs Outlook Express Kaspersky Anti-Spam panel cannot be docked in a convenient location for the user. Each time you start the program, the panel will appear the third in a row. You will have to constantly move it to a convenient place or come to terms with this state of affairs.

Program operation

When receiving mail, Kaspersky Anti-Spam analyzes incoming mail. When spam is detected, the message is marked with a special label [!! SPAM] in the Subject field and placed in the Deleted Items folder. Messages recognized as not spam are not marked with anything and processed by mail program in accordance with the established rules. If the program is not sure that the message is spam, then the [?? Probable Spam] and the letter is placed in the Inbox for the user to make a final decision. In addition, the program uses two more types of labels: - for letters with obscene content and - for automatically generated letters, for example, letters from mail robots.

Thanks to such labels, you can organize Kaspersky Anti-Spam to work with any other mail program. It is enough to create rules in mail client to sort messages by these tags. In Microsoft Outlook itself, such folders are created with one click of a button in the antispam module settings window.

Training program

The program can be trained in two ways: by classifying the messages received by the user as spam - not spam, and by downloading updates from the Laboratory's server. The first method allows you to train the program for the user's personal mail, the second - to quickly respond to massive phenomena of spam on the Internet.

When you start it for the first time, Kaspersky Anti-Spam will extract all addresses from the Microsoft Outlook address book to add them to the "Friends list". All emails from these addressees will be treated by the anti-spam module as not spam and will be passed without checking. Subsequently, the user can edit this list by adding or removing addressees to it. In addition to the "Friends List" there is also the "Enemy List". Any correspondence received from addressees from the "Enemy List" will be unambiguously assessed as spam.

Adding recipients to the lists of friends or enemies is carried out by simply pressing a special button on the Kaspersky Anti-Spam panel. Training is also carried out there. If you skip a spam email, you just need to click the "This is spam" button. A window will appear in which the user must tell the program what to do with this message.

The "Send as an example of spam" command generates a letter to Kaspersky Lab with a message about spam for further training. This command can be neglected. You can also neglect adding the author to the enemies, but you should definitely add the letter to the spam samples. This is how the program is trained for personal correspondence.

Since Kaspersky Anti-Spam does not integrate into other mail clients, it can be trained in these programs only through updates received from the Laboratory's server. Unfortunately, this training option does not provide an opportunity to train the program for the specifics of personal mail.

Settings

In the program settings, you can: specify the location of the module bases, if the user wants them to be stored in a non-standard place; disable or enable filtering; set update parameters and view statistics.

The Kaspersky Anti-Spam module provides fairly complete protection of user's mail from spam. Like any other program, it requires training. And while this training is going on, it is possible that correct emails are mistakenly recognized as spam and vice versa. A relative disadvantage is that the module does not allow deleting messages on the server that are clear spam. The user still has to spend his traffic on these unnecessary letters. On the other hand, with this approach to filtering spam, no valuable message is lost. In all other respects, Kaspersky Anti-Spam deserves the most serious attention, especially considering the module's integration with other programs that ensure the security of the user's computer.

Dear friends and users of our site, I am with you again, SpaceWolf, and today we will talk about the urgent problem of “SPAM”. The way to solve this problem will get rid of spam on the form feedback , spam comments or spam for orders in the online store.

I would like to immediately note the pros and cons of this method:

  1. Works well against bots.
  2. Quick installation in the form for sending messages
  3. Minimum code (3 lines)
  4. Doesn't require any special knowledge, except for the location of the main files.
  5. Users who do not have java will not be able to pass the check and therefore send a message.

Basically everything. Let's start installing:

1) Add an additional hidden field to your form (this is a comment form, a feedback form, a product order form) with the name name = ”check” meaning value = ”” leave blank. Example:

2) In the same form but only in the button (“send”, “write”, “Leave a review” or whatever you call it), add the following code:

If ($ _POST ["check"]! = "StopSpam") exit ("Spam decected");

Spam protection - how it works

The principle is as simple as impossible as the code itself. It is designed so that spambots cannot execute programs on JavaScript... During the time when regular user will click on the “order” button in our hidden field, the word “stopSpam” will be entered, and in the case of a robot, this field will remain empty. I will explain this moment why will it stay empty ?. The robot fills in all fields except our hidden field with an identifier id = "check" and variable "Check" will remain blank, therefore mail will not be sent. And when the user clicks on the button, our JavaScript that we added to the button.

I advise you to use this method together with captcha, the effect will be better.

Well, that's all. If the article helped you, write comments, repost and do not forget to say "Thank you" in the comments.

If someone has other problems or if you leave your questions in the comments, we will be happy to find a solution together. We are waiting for your messages!

According to statistics, more than 80 percent of malware penetrates local area network precisely through e-mail. The mail server itself is a tasty morsel for hackers - having gained access to its resources, the attacker gets full access to archives emails and lists email addresses, which allows you to get a lot of information about the life of the company, ongoing projects and work in it. In the end, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by attacking those addresses or writing fake emails.

At first glance, spam is much less of a threat than viruses. But:

  • a large flow of spam interrupts employees from their tasks and leads to an increase in non-production costs. According to some reports, after reading one letter, an employee needs up to 15 minutes to get into a working rhythm. If more than a hundred unsolicited messages arrive per day, then their need to view them significantly disrupts current work plans;
  • spam contributes to the penetration of malicious programs into the organization disguised as archives or exploiting vulnerabilities in email clients;
  • a large flow of letters passing through the mail server not only impairs its performance, but also leads to a decrease in the available part of the Internet channel, an increase in the cost of paying for this traffic.

With the help of spam, some types of attacks using social engineering methods can be carried out, in particular phishing attacks, when the user receives letters disguised as messages from completely legal persons or organizations, with a request to take any action - for example, enter a password to his bank card.

In connection with all of the above, the service Email requires protection without fail and in the first place.

Solution Description

The proposed solution for the protection of the enterprise mail system provides:

  • protection from computer viruses and other malicious software distributed by e-mail;
  • protection from spam, both entering the company by e-mail and spreading over the local network.

As additional modules protection systems modules can be installed;

  • protection against network attacks on the mail server;
  • anti-virus protection of the mail server itself.

Solution components

Protection system postal services can be implemented in several ways. The choice of a suitable option is based on:

  • company policy information security;
  • operating systems, controls, security systems used in the company;
  • budget constraints.

The right choice allows you not only to build a reliable protection scheme, but also to save a significant amount of money.

As examples, we give the options "Economical" and "Standard"

Option "Economical" is built on the basis of operating system Linux and making the most of free products. Option composition:

  • anti-virus and anti-spam subsystem based on products from Kaspersky Lab, Dr.Web, Symantec. If a company uses a demilitarized zone, it is recommended to move the mail traffic protection system into it. It should be noted that products designed to work in a demilitarized zone have greater functionality and greater capabilities to detect spam and attacks than standard ones, which improves network security;
  • a firewall subsystem based on the iptables2 firewall standard for the Linux operating system and management tools;
  • Snort-based attack detection subsystem.

Mail server security analysis can be done using Nessus

The solution based on the "Standard" option includes the following subsystems:

  • a subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
  • firewalling and attack detection subsystem based on Kerio Firewall or Microsoft ISA.

Mail server security analysis can be done using XSpider

Both of the above options do not include security modules by default instant messaging and webmail
Both the “Economical” option and the “Standard” option can be implemented on the basis of certified by the FSB and FSTEK software products, which allows them to be delivered to state institutions and companies with an increased level of security requirements.

Benefits of the proposed solution

  • the solution provides reliable protection against the penetration of malware and spam;
  • optimal selection of products allows you to implement a protection scheme that takes into account the needs of a particular client.

It should be noted that a full-fledged protection system can only function if the company has an information security policy and a number of other documents. In this regard, Azone IT offers services not only for the implementation of software products, but also for the development of regulatory documents and audit.

More detailed information You can get information about the services provided by contacting the specialists of our company.

What methods are there to combat spam?

There are two main methods of protecting a mail server from spam: protection against incoming spam at the receiving stage mail server and "separating spam" from the rest of the mail after it has been received by the mail server.

Among the first method, the most popular are such methods as using DNS Black List (DNSBL), Greylisting and various delays in sending mail; use of various technical means, such as checking the existence of a user on the sending side (callback), checking the "correctness" of the sending server by such methods as the presence of a record in the reverse DNS zone, the legality of the name when setting up an SMTP session (helo), checking the SPF record (for this to work in the DNS records for the host, the corresponding entry for the legitimate sender servers is used).

Among the methods for analyzing the content of a letter, the most popular methods are checking against various algorithms, such as searching for special keywords advertising nature or based on the Bayesian theorem. The algorithm based on the Bayesian theorem contains elements of the theory of probability, is initially trained by the user for letters that, in his opinion, are spam, and then separates messages containing spam according to their characteristic features.

So, let's take a closer look at these email filtering methods.

Blacklists or DNSBL (DNS Black Lists)

The black lists contain the addresses from which spam is sent. Lists such as "open relays" and "open proxies" are widely used, and various lists of dynamic addresses that are allocated by providers to end users. Due to the simplicity of implementation, the use of these blacklists is done through the DNS service.

Greylisting

Greylisting is based on spamming tactics. As a rule, spam is sent in a very short time in large quantities from any server. The job of the greylisting is to deliberately delay the receipt of emails for a while. In this case, the address and time of transfer is entered into the gray list database. If remote computer is a real mail server, then it must keep the message in the queue and repeat the forwarding within five days. Spambots, as a rule, do not save letters in the queue, therefore, after a short time, they stop trying to forward the letter. It has been experimentally established that the average time for sending spam is a little more than an hour. When re-sending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is entered into the local whitelist for a sufficiently long period.

Efficiency analysis

The first two methods filter out about 90% of spam even at the stage of delivery to the mailbox. Mail that has already been delivered can be marked by means of analyzing the contents of the message, for example, using the SpamAssassin program. This product allows, based on special algorithms, to add corresponding lines to the message headers, and the user, based on mail filters in the mail client, can filter mail in desired folders mail program.

Conclusion

Of course, there are other ways to protect against spam, the most effective, unfortunately, at the moment are preventive measures, such as not leaving your real email inbox on sites, forums and message boards, using temporary addresses for such needs, which later can be deleted, if you need to publish a mailbox on the site, instead of text, use graphic image and similar measures.

You can connect and configure GreyListing through the ISPmanager panel in the "Features" section

You can learn more about configuring anti-spam methods through the control panel here DNSBL and here Greylisting.

- € 55-250 million annually. 60% world mail traffic.
50-75% from all Russian mail traffic. Modern antispam tools filter 85-98% of spam. The global market for antispam filters and services in 2004 was approximately $ 500 million (IDC estimates).
Most antivirus vendors have included anti-spam components in their products. There were several purchases of anti-spam software vendors by anti-virus companies during the year (notably the $ 340 million purchase of BrightMail by Symantec). In Russia, antispam filters have been installed by most of the holders of public mail services and most of the providers, which made it possible to remove the urgency of the problem of spam for their clients. The undoubted leader in Russia in terms of sales and the number of protected mailboxes is the Spamtest technology.
1. PREVENTION The # 1 anti-spam tool is to protect your email address. No spammers will know your address - no spam. Highlight your address on the network, you will have to throw it away and start a new one, it will only be a matter of time. And, as a result, tell all your friends and partners a new address again, and you may lose a number of contacts. To prevent this from happening Get two email addresses. One address for long-term contacts (do not shine it on the network).
Another address for making contacts, using the network (chats, message boards, etc.).
Then there should be no spam on the first address, because it is not known on the network.
When spam goes to the second address, just throw it away and start a new one.
2. CHOOSING A NAME People tend to get the most concise address. Let's say sergey@ mail.ru is cool and what a pity that all simple addresses are already taken. Rest assured that on [email protected] spam is pouring in without stopping. It's cool to have a laconic name for the site, but you still have to tell the email address to everyone personally, let it be from numbers or an original, not a hackneyed word. By the way, for this purpose, the leading mail gmail.com registers names of at least 6 characters. All short names have long been included in spam lists.
3. HTML SPECIAL CHARACTERS The easiest and most commonly used method of protecting against spiders is to encode the email address using special HTML characters. Instead of a dog - @ ... But today this method is hopelessly outdated.
Robots can easily find such addresses.
4. JAVASCRIPT On the Anti-Spam Code Generator page, you can generate your own script. Since these scripts for hiding the address are crafted, they are very motley and there are no programs that would be able to fetch email from JavaScript. Today it is the most reliable protection network addresses.
5. ANTISPAMMERS But, what if you are lit up, or you are so famous that it is impossible for you not to get noticed, then you cannot do without an anti-spammer. There are many antispam programs that you can download online.
What I do not advise you to do.
I came to the conclusion that all these antispams are small and weak, and a sensible antispam cannot be handled by a person, only a reputable company, such as Gmail.com, can do that. Their spam remains on the server, you can always go in and correct it. So my strong advice: get yourself a mail on Google.
I have not seen a better spam filter, all spam remains on the server, which, if desired, can always be viewed and corrected. Antispammers do not completely solve the problem, but make life easier in the problem.
6. POCKET PC AND WAP Spam has reached this level, but today there are fairly reliable means of protection. Therefore, the development of this issue is not relevant.