反垃圾邮件的技术

经常有人问这个，刚好看到这个文档不错，记录一下。

Greylisting

Typically, a server that utilizes Greylisting will record the following three pieces of information (referred to as triplet) for all incoming e-mail.

• The IP address of the connecting host
• The envelope sender address
• The envelope recipient address

T he client is checked against the mail server's internal whitelists (if any) first. Then, if the triplet has never been seen before, it is greylisted for a period of time (how much time is dependent on the server configuration). The e-mail is rejected with a temporary error. The assumption is that since temporary failures are built into the RFC specifications for e-mail delivery, a legitimate server will attempt to connect again later on to deliver the e-mail.

 

Greylisting is effective because many mass e-mail tools utilized by spammers are not set up to handle temporary failures (or any failures for that matter) so the Spam is never received.

 

This feature can reduce e-mail traffic up to 50%. Greylisted e-mails never reach your mail server and your mail server will stop sending useless "Non Delivery Reports" to spammers.

Sender Policy Framework (SPF)

Domains use public records (DNS) to direct requests for different services (web, e-mail, etc.) to the machines that perform those services. All domains already publish e-mail (MX) records to tell the world what machines receive e-mail for the domain. SPF works by domains publishing "reverse MX" records to tell the world what machines send e-mail for the domain. When receiving a message from a domain, the recipient can check those records to make sure e-mail is coming from where it should be coming from.

Bayesian Filter

The Bayesian filter is a statistical filter which relies on the fact that particular words have different likelihoods of occurring across different categories. For instance, most e-mail users will seldom see the word "Viagra" in legitimate e-mail, but will encounter it frequently in spam e-mail.

Blacklist

Blacklist is an access control mechanism that stands for allow everybody to send an e-mail to the Proxmox Mail Gateway, except members of the blacklist.

Whitelist

Whitelist is an access control mechanism that stands for allow to send an e-mail to the Proxmox Mail Gateway without doing any Spamfiltering.

DNS-based Blackhole List

A DNS-based Blackhole List, or DNSBL, is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the Internet. As the name suggests, the technology is built on top of the Internet DNS or Domain Name System. DNSBLs are chiefly used to publish lists of addresses linked to spamming.

Distributed Checksum Clearinghouse (DCC)

The idea of the DCC is that if e-mail recipients could compare the e-mail they receive, they could recognize unsolicited bulk e-mail. A DCC server totals reports of checksums of messages from clients and answers queries about the total counts for checksums of e-mail messages. A DCC client reports the checksums for a e-mail message to a server and is told the total number of recipients of e-mail with each checksum. If one of the totals is high enough the message is unsolicited, the DCC client can log, discard, or reject the message.

Advanced Header Analysis and Text Searching Rules

E-mail headers are usually hidden, but they are required to deliver an e-mail to its destination. The system can detect inconsistent headers that are a feature of many spam e-mails.  Around 600 text searching rules are used to detect phrases and other features common in spam e-mails.

Spam URI Realtime Blocklists (SURBL)

SURBLs differ from most other RBLs in that they're used to detect spam based on message body URIs (usually web sites). Unlike most other RBLs, SURBLs are not used to block spam senders. Instead they allow you to block messages that have spam hosts which are mentioned in message bodies .

Autolearning

The system gathers statistical information about spam e-mails. This information is used by an autolearning algorithm, so the system becomes smarter over time.

Hashcash

Hashcash is a denial-of-service counter measure tool. Its main current use is to help hashcash users avoid losing email due to content based and blacklist based anti-spam systems. A hashcash stamp constitutes a proof-of-work which takes a parameterizable amount of work to compute for the sender. The recipient can verify received hashcash stamps efficiently.