Spam is information of an advertising nature that is distributed illegally by mass mailings and not received with the consent of the user

Modern spam mailings spread in hundreds of thousands of copies in just a few tens of minutes. Spam is most often sent via malware-infected user computers - zombie networks.

Methods to fight spam

There are two main methods to protect the mail server against spam: protection against spam at the stage of receipt by the mail server and "separation of spam" from the rest of the mail already after receipt by the mail server.

Among the first method, the most popular are DNS Black List (DNSBL), Greylisting and different delayed sending methods
Using different technical means such as checking if the user exists on the sending side (callback), checking if the sending server is "right" with methods such as DNS reverse zone record, name validity when setting up an SMTP session (helo), checking SPF record (to make this work the DNS host record uses the corresponding record about legitimate senders servers).

Among the most popular methods for analyzing the contents of an email are those based on various algorithms such as the search for specific keywords of an advertising nature or on the basis of Bayes' theorem. The Bayesian algorithm contains elements of probability theory, first trains the user on the letters which in his opinion are spam and later separates messages which contain spam according to characteristic features.

Black Lists or DNSBL (DNS Black Lists)

DNSBL (DNS Black Lists) are lists from which spam emails are sent. Widely used lists such as "open relays" and "open proxies" and various lists of dynamic addresses which are allocated to end users by service providers. Due to their simple implementation, the use of these blacklists is done via the DNS service.

Gray Lists or Greylisting

Greylisting is based on a spamming tactic. As a rule spam is sent in a very short time and in large quantities from some server. The way a greylisting works is that it deliberately delays the reception of the mail for some time. At the same time the address and the time of forwarding are entered into the gray list database. If the remote computer is a real mail server, it should keep the mail in the queue and repeat forwarding for five days. Spam bots do not usually keep emails in the queue, so they stop trying to send emails after a short period of time. It has been established through experiments that the average time to send a spam mail is just over an hour. When forwarding a letter from the same address again, if the required amount of time has passed since the first attempt, the letter is accepted and the address is entered into the local white list for a long enough period of time.

Analysis of effectiveness

The first two methods allow you to reject about 90% of the spam already at the delivery stage. Already delivered mail can be marked by means of content analysis tools such as SpamAssassin. This product allows based on special algorithms to add appropriate lines to the headers of the letter and the user, based on the mail filters in the mail client, can filter the mail into the correct folders of the mail program.

Updated Aug. 17, 2018