How are spams created ?
In general, the generation of spam messages in the network's messaging environments takes place in the following ways:
1. Abuse of electronic messaging systems (hijackers):
1-1 Through independent emails provided by a valid server:
In this case, the sender sends spam to these groups using the identity of the contact groups in the spam email service (in most cases by abusing the names of women). The number of sending these emails and the time period for detecting these spammers is related to the valid server security restrictions.
1-2 Via spam sender servers that have been launched for this purpose:
In this case, servers that are launched for this purpose are used by professional people and send numerous spam messages to different audiences.
1-3 Through abuse of existing security problems:
1-3-1 Failure to enforce illegal computers that do not comply with security standards, such as the use of valid and up-to-date antivirus and firewall, and are exploited without the knowledge of the owner as spam or malware sender stations. These computers are called botnets.
1-3-2 Abuse of e-mail sender servers that have an open source relay authentication vulnerability. This means that these servers easily perform all email-sending operations themselves for various purposes without any identifying mechanism.
How is our email address listed on spam recipients?
Maybe it's a question to you how your email address has been sent to spammers? Are your email servers, Yahoo, Gmail, Hotmail, etc have an illegal and behind-the-scenes collaborate with spam senders?
The answer to this question is negative. In general, your email address may be placed in the following spamming database in the following ways:
- The list of email addresses collected by companies or non-committed admins over time is bought and sold illegally. Filling out online registration forms for specific information or advice, participating in online surveys, receiving daily newsletters, registering on social networks, etc. may place your address on the list without your consent.
- The robots that are cached on sites are sensitive to the terms like "@" or [name] at [domain] are collecting and put in their address lists. These bots, after receiving a list of reference addresses or using a specific keyword search in search engines, crawl into the websites and, based on artificial intelligence and weighting algorithms for words, content in the pages are detected and saved. In this case, if you have entered your email address in websites, forms, your address may be detected by these robots and placed on the spammer's list.
- Due to security issues on your computer. For example, malware published on the Internet that has infected your computer or your friend's computer, this malware software get access to email addresses stored in applications that send and receive emails. Also, unauthorized access to the database of users of the site with a security problem that you have already registered it.
- Using the random production of email addresses based on the dictionary and social engineering. In this way, different phrases that may be part of an email address are guessed and a database will be created out of them.
Detect and deal with spam:
Due to the large volume of spam and its harmful effects, today, various techniques are used to recognize and fight against them. These techniques can be divided into two main parts:
a) Activities that are conducted on a global level on the internet
b) Methods that will be implemented at the level of end-user users and using the results of Section a
a) The Global Consensus on Spam:
The macro level of efforts on the Internet can be seen in the activities of companies that fight against spammers globally. These companies are using Internet sensors distributed across the Internet to identify and compile databases containing major spam submissions. The most famous of these companies is spamhaus.org and spamcop.net. These companies manage the various types of spam senders by creating different databases. Then they will give these databases free of charge for use in anti-spam systems.
For example, spamhaus has the following important databases:
SBL (Spamhaus blacklist): An IP database of computers controlled by well-known spammers.
XBL (Exploits Block List): An IP database of computers infected by malware that send spam.
PBL (Spamhaus Policy Block List): An IP database of computers that provide a service for sending email without the use of an open source relay system.
DBL (Spamhaus Domain Block List): A database of domain names that target of spammers and spammers use them frequently. These domains are used by spammers for illegal trades.
In deciding whether the detected email is a spam or not, earlier mentioned databases are used extensively as a reliable source. If the IP address of the sender of the email is compatible with one of the databases (SBLs, XBLs, PBLs) or the domain addresses of the sender compatible with the DBL database, the received email is detected as spam. Of course, apart from the above databases, there are also other databases that for not displaying route address in emails or firewalls count as spam, which can be found on Spamhaus.org website. Also, these companies have an Internet address to identify the wrongly identified items and remove them from their databases.
Methods of coping with spam on the Postchi mail system
- Check the sender's addresses with global databases such as SPAMHAUS
- Using open source modules to detect Spam
- Can be linked to commercial anti-spam
- Use the special Kayer algorithm to prevent mass mailing
- Blacklist to remove emails from the server or specific person
- Whitelist to prevent the server or specific person from spamming
- SPF examination
- DKIM review
- Verify validation and call-to-call between two mail servers