Stop Web Form Spam, Appledew International House, 12 Constance St. London, E16 2DQ United Kingdom

UK: +44 (0) 844 995 1012
USA: +1 650 318 6296

Anti-spam techniques

Various Anti-Spam techniques used to prevent email spam unsolicited bulk email no technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email false positives as opposed to not rejecting all spam false negatives and the associated costs in time effort, and cost of wrongfully obstructing good mail.

Anti-Spam techniques

Anti-Spam techniques can be broken into four broad categories those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders, and those employed by researchers and law enforcement.

There are a number of techniques that individuals use to restrict the availability of their email addresses with the goal of reducing the chance of receiving spam.

Discretion sharing an email address

Only among a limited group of correspondence is one way to limit the chance that the address will be harvested and targeted by spam.

Similarly when forwarding messages to a number of recipients who don’t know one another recipient addresses can be put in their BCC field so that each recipient does not get a list of the other recipients email addresses.

Address munging email addresses

Address munging email addresses posted on webpages use the net or chat rooms are vulnerable to email addresses. Harvesting address munging is the practice of disguising an email address to prevent it from being automatically collected in this way. But still, allow a human reader to reconstruct the original email address.

Avoid responding to Spam

To avoid responding to spam a common piece of advice is not to reply to spam messages as spammers may simply regard responses as confirmation that an email address is valid.

Similarly, many spam messages contain web links or addresses which the user is directed to follow to be removed from the spammers mailing list, and these should be treated as dangerous in any case. Sender addresses are often forged in spam messages.

So that responding to spam may result in failed deliveries or may reach completely innocent third parties.

Contact forms businesses and individuals

Sometimes avoid publicizing an email address by asking for contact to come via the contact form on a webpage which then typically forwards the information via email such forms. However, are sometimes inconvenient to users as they are not able to use that preferred email.

Client risk entering a faulty reply address and are typically not notified about delivery problems further contact forms have the drawback that they require a website with the appropriate technology.

Disable HTML in email

Many modern mail programs incorporate web browser functionality such as the display of HTML URLs and images avoiding, or disabling this feature does not help avoid spam, it may however be useful to avoid some problems.

If a user opens a spam message offensive images being tracked by web bugs, being targeted by JavaScript, or attacks upon security vulnerabilities in the HTML renderer mail clients which do not automatically download, and display HTML images or attachments have fewer risks as des clients who have been configured to not display these by default.

disposable email addresses

An email user may sometimes need to give an address to a site without complete assurance that the site owner will not use it for sending spam. One way to mitigate the risk is to provide a disposable email address.

An address which the user can disable or abandon which forwards email to a real account. A number of services provide a disposable address. Forwarding addresses can be manually disabled, can expire after a given time interval, or can expire after a certain number of messages have been forwarded. Disposable email addresses can be used by users to track whether a site owner has disclosed an address or had a security breach.

ham passwords systems

Ham passwords ask unrecognized senders to include in their email a password that demonstrates that the email message is a ham, not a spam message. Typically the email address and ham password would be described on a webpage, and the ham password would be included in the subject line of an email message or appended to the username part of the email address.

Using the Plus addressing technique ham passwords are often combined with filtering systems that let through only those messages that have identified themselves as ham.

reporting spam tracking

Reporting spam tracking down a spammers ISP and reporting the offense can lead to the spammers service being terminated in criminal prosecution. Unfortunately, it can be difficult to track down the spammer, and while there are some online tools such as spam cop and network abuse.

Clearinghouse to assist they are not always accurate historically reporting spam. This way has not played a large part in abating spam. Since the spammers simply moved their operation to another URL, ISP, or network of IP addresses. In many countries, consumers may also forward unwanted and deceptive commercial emails to the authorities eg in the u.s. – the email address spam at uce gov maintained by the US Federal Trade Commission (FTC) or similar agencies in other countries.

automated techniques for email administrators

There are now a large number of applications appliances services and software systems that email administrators can use to reduce a load of spam on the systems and mailboxes. In general, these attempt to reject or block the majority of spam emails outright at the SMTP connection stage. If they do accept a message they will typically then analyze the content further and may decide to quarantine any categorized as spam.


A number of systems have been developed that allow domain name owners to identify email is authorized. Many of these systems use the DNS to list sites authorized to send an email on their behalf.

After many other proposals, SPF, DKIM, and DMA are Co all now widely supported with growing adoption while not directly attacking spam. These systems make it much harder to spoof addresses a common technique of spammers but also used in phishing and other types of fraud via email.

challenge-response systems

A method that may be used by Internet service providers by specialized services or enterprises to combat spam is to require unknown senders to pass various tests before their messages are delivered. These strategies are termed challenge-response systems.

check some based filtering

Check some based filter exploits the fact that the messages are sent in bulk that is that they will be identical with small variations checksum-based filters strip out everything that might vary between messages reduce.

What remains to a checksum and look that checksum up in a database such as the distributed checksum clearinghouse which collects the checksums of messages that email recipients consider to be spam. Some people have a button on their email client which they can click to nominate a message as being spam.

If the checksum is in the database, the message is likely to be spam to avoid being detected. In this way, spammers will sometimes insert unique invisible gibberish known as hash Busters into the middle of each of their messages to make each message have a unique checksum.

country-based filtering

Some email servers expect to never communicate with particular countries from which they receive a great deal of spam, therefore they use country-based filtering.

A technique that blocks email from certain countries, this technique is based on country of origin determined by the sender’s IP address rather than any trait of the sender.

DNS-based blacklists

There are a large number of free and commercial DNS-based blacklists or DNS BLS which allow a mail server to quickly lookup the IP of an incoming mail connection and reject it if it is listed. Their administrators can choose from scores of DNS BLS each of which reflects different policies. Some list sites are known to emit spam. Others list open mail relays or proxies. Others list ISPs known to support spam.

URL filtering

Most spam phishing messages contain an URL that they entice victims into clicking on thus a popular technique. Since the early 2000s consists of extracting URLs from messages and looking them up in databases such as spam domain blocklists, DBL, SURBL, and URIBL.

strict enforcement of RFC standards

Many spammers use poorly written software or are unable to comply with the standards because they do not have legitimate control of the computer. They’re using to send spam zombie computers by setting tighter limits on the deviation from RFC standards that the MTA will accept a mail.

The administrator can reduce spam significantly but this also runs the risk of rejecting mail from older or poorly written, or configured servers greeting delay a sending server is required to wait until it has received the SMTP greeting banner before it sends any data a deliberate pause can be introduced by receiving servers to allow them to detect and deny any spam-sending applications that do not wait to receive this banner.

Temporary rejection of the gray listing technique is built on the fact that the SMTP protocol allows for the temporary rejection of incoming messages. Gray listing temporarily rejects all messages from unknown senders or mail servers using the standard 4-xx error codes.

All compliant MTAs will proceed to retry delivery later but many spammers and spambots will not the downside are that all legitimate messages from first-time senders will experience a delay in delivery hello eh ello checking RFC 5321 says that an SMTP server may verify that the domain name argument in the eh ello command actually corresponds to the IP address of the client.

However, if the verification fails the server must not refuse to accept a message on that basis systems can however be configured to refuse connections from hosts that give an invalid hello. For example, a hello that is not an FQDN, or is an IP address not surrounded by square brackets refusing connections from hosts that give an obviously fraudulent hello refusing to accept email whose hello eh ello argument does not resolve in deans.

Invalid pipelining several SMTP commands are allowed to be placed in one network packet and pipeline. For example, if an email is sent with a CC header several SMTP or CPT commands might be placed in a single packet instead of one packet per or CPT to command the SMTP protocol.

However, requires that errors are checked and everything is synchronized at certain points. Many spammers will send everything in a single packet since they do not care about errors, and it is more efficient. Some MTAs will detect this invalid pipelining and reject emails sent this way no listing the email service for any given domain is specified in a prioritized list via the MX records.

The no listing technique is simply the adding of an MX record pointing to a non-existent server as their primary i.e. that with the lowest preference value which means that an initial mail contact will always fail many spam sources do not retry on failure. So the spammer will move on to the next victim legitimate email service should retry the next higher numbered MX and normal email will be delivered with only a brief delay quit detection.

An SMTP connection should always be closed with a quick command many spammers skip this step because the spam has already been sent and taking the time to properly close the connection takes time and bandwidth. Some MTAs are capable of detecting whether, or not the connection is closed correctly, and use this as a measure of how trustworthy the other system is.

honey pots

Another approach is simply an imitation MTA which gives the appearance of being an open mail relay or an imitation. TCP/IP proxy server which gives the appearance of being open proxy spammers who probe systems for open relays proxies will find such a host and attempt to send mail through it wasting the time and resources, and potentially revealing information about themselves.

In the origin of the spam, they are sending to the entity that operates the honeypot such a system may simply discard the spam attempts submit them to DNS.PIS or store them for analysis.

hybrid filtering

Some or all of the various tests for spam and assigns a numerical score to each test. Each message is scanned for these patterns and the applicable scores tallied up if the total is above a fixed value.

The message is rejected or flagged as spam by ensuring that no single spam test by itself can flag a message as spam. The false-positive rate can be greatly reduced.

outbound spam protection

Outbound spam protection involves scanning email traffic as it exits a network identifying spam messages and then taking an action such as blocking the message or shutting it off. The source of the traffic while the primary impact of spam is on spam recipients sending networks also experience financial costs such as wasted bandwidth and the risk of having their IP address is blocked by receiving networks.

Outbound spam protection not only stops spam but also lets system administrators track down spam sources on their network and remediate them. For example, clearing malware from machines that have become infected with a virus or participating in a botnet.

PTR reverse DNS

PTR reverse DNS checks the PTR DNS records in the reverse. DNS can be used for a number of things including most email mail transfer agents, mail servers use a forward confirmed reverse DNS, FCR DNS verification.

And if there is a valid domain name put it into the received trace header field. Some email mail transfer agents will perform FCR DNS verification on the domain name given in the SMTP hello in the hlo commands c hashtag a Chielo hlo checking to check the domain names in our DNS to see.

If they are likely from dial-up users dynamically assigned addresses or home-based broadband customers since the vast majority but by no means all of the email that originates from these computers is spam. Many mail servers also refuse email with missing or generic DNS names.

A forward confirmed reverse DNS verification can create a form of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address while reliant on the DNS infrastructure which has known vulnerabilities.

This authentication is strong enough that it can be used for whitelisting purposes because spammers and phishers cannot usually bypass this verification when they use zombie computers to forge the domains.

Rule-based filtering content

Rule-based filtering content filtering techniques rely on the specification of lists of words or regular expressions disallowed in mail messages. Thus, if a site received spam advertising herbal viagra the administrator might place this phrase in the filter configuration, the mail server would then reject any message containing the phrase header filtering looks at the header of the email which contains information about the origin-destination and content of the message.

Although spammers will often spoof fields in the header in order to hide their identity or to try to make the email look more legitimate than it is many of these spoofing methods can be detected and any violation of the RFC 5322 standard on how the header is to be formed can also serve as a basis for rejecting the message.

SMTP call back verification

Since a large percentage of spam has forged an invalid sender from addresses some spam can be detected by checking that this address is valid.

A mail server can try to verify the sender address by making an SMTP connection back to the mail exchanger for the address as if it was creating a bounce but stopping just before any email is sent.

Callback verification has various drawbacks one since nearly all spam has forged return addresses nearly, all callbacks are too innocent third-party mail servers that are unrelated to the spam when the spammer uses a trap address as his sender’s address.

If the receiving MTA tries to make the call back using the trap address in a mail from command, the receiving MTA’s IP address will be blacklisted 3 finally the standard VRFY and EXPN commands used to verify an address have been so exploited by spammers that few mail administrators enable them leaving the receiving SMTP server no effective way to validate the sender’s email address.

SMTP proxy

SMTP proxies allow combating spam in real-time combining the sender’s behavior controls providing legitimate uses immediate feedback eliminating a need for quarantine.

Spam trapping

Spam trapping is the seeding of an email address so that spammers can find it but normal users cannot if the email address is used then the sender must be a spammer, and they have blacklisted as an example if the email address spam trap at is placed in the source HTML of a website in a way that it isn’t displayed on the webpage human visitors to the website would not see it spammers.

On the other hand, use web page scrapers and BOTS to harvest email addresses from HTML source code so they would find this address when the spammer later sends it to the address. The spam trap knows this is highly likely to be a spammer and can take appropriate action.

statistical content filtering

Statistical or Bayesian filtering once setup requires no administrative maintenance push and instead users mark messages as spam or non-spam and the filtering software learns from these judgments.

Thus it is matched to the end-users needs and as long as users consistently mark tagged the emails can respond quickly to changes in spam content. Statistical filters typically also look at message headers considering not just the content but also peculiarities of the transport mechanism of the email. Software programs that implement statistical filtering include BOGO filter DSP a.m. Spam base an SSP CRM-114 the email programs Mozilla and Mozilla Thunderbird male washer and later revisions of spam assassin.

Tar Pits

A tar pit is any server software that intentionally responds extremely slowly to client commands by running a tar pit that treats acceptable mail normally in known spam slowly or which appears to be an open mail relay.

A site can slow down the rate at which spammers can inject messages into the mail facility. Many systems will simply disconnect if the server doesn’t respond quickly which will eliminate the spam. However, a few legitimate email systems will also not deal correctly with these delays.

Automated Techniques For Email Senders

There are a variety of techniques that email senders used to try to make sure that they do not send spam failure to control the amount of spam sent as judged by email receivers can often cause even legitimate email to be blocked, and for the sender to be put on DNS BLS.

Background checks on new users and customers

Since spammers accounts are frequently disabled due to violations of abuse policies. They are constantly trying to create new accounts due to the damage done to an ISP’s reputation.

when it is the source of spam many ISPs and web email providers use CAPTCHA on new accounts to verify that it is a real human registering the account and not an automated spamming system. They can also verify that credit cards are not stolen before accepting new customers check the spam house project ROKSO list and do other background checks.

Confirmed opt-in for mailing lists

A malicious person can easily attempt to subscribe another user to a mailing list to harass them or to make the company or organization appear to be spamming to prevent this all modern mailing list management programs such as new mailmen Majordomo and LISTSERV.

MLM support confirmed opt-in by default whenever an email address is presented for subscription to the list the software will send a confirmation message to that address. The confirmation message contains no advertising content so it is not construed to be spam itself and the address is not added to the live mail list. Unless the recipient responds to the confirmation message.

Egress Spam  Filtering

Email sent is typically now to the same type of Anti-Spam checks on email coming from their users and customers are for in with email coming from the rest of the internet. This protects their reputation which could otherwise be harmed in the case of infection by spam-sending malware

limit email backscatter

If a receiving server initially fully accepts an email and only later determines that the message is spam or to a non-existent recipient it will generate a bounce message back to the supposed sender. However if as is often the case with spam the sender information on the incoming email was forged to be that of an unrelated third-party then this bounced message is backscatter spam for this reason.

It is generally preferable for most rejection of incoming email to happen during the SMTP connection stage with a 5-xx error code while the sending server is still connected in this case then the sending server will report the problem to the real sender cleanly.

Port 25 Blocking firewalls and Reuters

Port 25 blocking firewalls and Reuters can be programmed to not allow SMTP traffic. TCP port 25 from machines on the network that is not supposed to run mail transfer agents or send email this practice is somewhat controversial when ISPs block home uses especially if the ISPs do not allow the blocking to be turned off upon request email can still be sent from these computers to designated smart hosts via port 25 and to other smart hosts via the email submission port 587.

port 25 interception network address translation

Port 25 interception network address translation can be used to intercept all port 25 SMTP traffic and direct it to a mail server that enforces rate limiting and Egress spam filtering. This is commonly done in hotels but it can cause email privacy problems as well. Making it impossible to use STARTTLS and SMTP auth if the port 587 submission port isn’t used.

rate-limiting machines

Rate-limiting machines that suddenly start sending lots of emails may well have become zombie computers by limiting the rate that email can be sent around what is typical for the computer in question legitimate email can still be sent but large spam runs can be slowed down until manual investigation can be done.

spam report feedback loops

Spam report feedback loops by monitoring spam report from places such as spam cop AOL’s feedback loop and network abuse clearinghouse the abuse of the domain at a mailbox etc. ISPs can often learn of problems before they seriously damage the ISPs reputation and have their mail servers blacklisted.

form field control

Form field control both malicious software and human spam senders. Often use forged from addresses when sending spam messages control may be enforced on SMTP service.

To ensure senders can only use the correct email address in the form field of outgoing messages in an email users database each user has a record with an email address the SMTP server must check.

If the email address in the form field of an outgoing message is the same address that belongs to the users credentials supplied for SMTP authentication. if the form field is forged an SMTP error will be returned to the email client.


Terms Of Service (TOS) & Acceptable Use Policy (AUP) Agreements

Most ISPs and webmail providers have either an acceptable use policy AUP or a Terms of Service (TOS) agreement that discourages spammers from using the system and allows the spammer to be terminated quickly for violations.

legal measures

Legal measures from 2000 onwards many countries enacted specific legislation to criminalize spamming appropriate legislation and enforcement can have a significant impact on spamming activity where legislation provides specific text that bulky mailers must include.

This also makes legitimate bulk email easier to identify increasingly Anti-Spam efforts have led to co-ordination between law enforcement researchers major consumer financial service companies and Internet service providers in monitoring and tracking email spam identity theft and fishing activities, and gathering evidence for criminal cases analysis of the site’s being spam bowties by a given piece of spam can often be followed up with domain registrar’s with good results.

new solutions and ongoing research

New solutions and ongoing research several approaches have been proposed to improve the email system.

cost-based systems

Since spamming is facilitated by the fact that large volumes of email are very inexpensive to send one proposed set of solutions would require that senders pay some cost in order to send an email making. It prohibitively expensive for spammers Anti-Spam activist daniel balsam attempts to make spamming less profitable by bringing lawsuits against spammers.

Send Email To A Channel

Send email to a channel is a new proposal for sending an email that attempts to distribute Anti-Spam activities by forcing verification probably using bounce messages so backscatter doesn’t occur when the first email is sent for new contacts.

Enjoy the post? For More Posts Visit Stop Web Form Spam