Defending your site against spam

Monday, 30 June 2003, 1:44 PM EST

Like so many other people out on the Internet, I get unsolicited commercial email or "spam". Until recently, I could handle spam by just deleting it or using email aliases. Unfortunately, my server was rendered useless by a spam attack launched by an unknown spammer. The experience forced me to improve my spam defenses. In two articles, I will share the research and results of my effort to implement an anti-spam system. In this first installment, I will briefly cover various anti-spam systems and the system I chose, a network level defense. In the next installment, I'll dig deeper into the details of an implementation with qmail. (The information is general enough that it could be applied to other email systems such as Postfix or Sendmail.)

Let's begin by covering the current state of the anti-spam world. Since spam is such a widespread problem, there have been an increasing number of anti-spam measures devised in the last four years. Some measures involve legislation, some techniques require large groups of people, and some are simple techniques that individuals can use. I will cover some of the more popular defenses that individuals or administrators can implement on their own as well as mention a few of the up-and-coming systems. None of these systems is perfect. I do not claim that any of these will work without a hitch.

[ Read more ]

Related items


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th