BRAVO TECHNOLOGY CENTER

SPAM Concepts and Strategies by Sam C. Chan
First published: January 15, 2008   Last Updated: May 21, 2010

 

  1. Philosophical Points
    1. all Brute-force methods will fail by definition
    2. Asymmetrical war: zero-cost and infinite leverage
    3. Prevention vs Filtration
    4. most points are subtle and often counter-intuitive!
    5. vendors can only potentially supply tools, but never solutions
  2. SPAM Filtering
    1. Server-side vs. Client-side
      1. control & jurisdiction
      2. flexibility
      3. ease-of-use
      4. wasted traffic
    2. Filtering Methods (5 types)
      1. conservative DNSBL (against only top known spammers)
      2. aggressive DNSBL (against all likely spammers)
      3. banning servers from ISP consumer list (avoid all "zombies")
      4. content keyword triggers
      5. content keyword Bayesian pattern weighing
      6. content type ban policies (scripts, forms, etc.)
      7. Challenge-Response white-list human test
    3. Trade-off: false Negative rate vs. false Positive rate (FNR/FPR)
      1. damage of 1 piece of lost mail equates that of 100 pieces of slip-thru
      2. different classes of email addresses have varying degree of tolerance & need
    4. Cascaded Filtration
      1. resultant FNR is subtractive
      2. resultant FPR is additive!
  3. SPAM Prevention
    1. Sources of Leaks & Circulation
    2. Defensive actions
      1. use multi-tier address scheme
      2. expire and rotate all but primary address
      3. hide domain registrar contact email
      4. observe BCC and other rules regarding group mailing
      5. use script/image for publishing email on web, or use form mail for public
      6. establish tracking mechanism (catch-all, source-coding)
      7. use "no-reply" address (1-way email)
      8. blackhole policy
  4. Best Practice
    1. establish formal, comprehensive anti-SPAM initiative
    2. employ sensible combination of methods
      1. primarily rely on SPAM prevention, supplemented by
      2. lax filtration at server side, using cascaded schemes, plus optionally
      3. mildly aggressive filtration at client side, frequently adjust to personal taste
      4. note: Safe Sender list is effective & acceptable, while Blocked sender list is not!
    3. do it right, from start
    4. maintain discipline
Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us