Content filters require frequent maintenance (AOL estimates that spammers respond within four hours to a change in a content filter) and require a great deal of processing for complex techniques such as bayesian, heuristics, fingerprinting, etc. The techniques spammers use to get past content filters become laughable, because FairUCE doesn't look at what they say, only at who they are. It virtually eliminates spoofed addresses, phishing, and even many viruses with a few cached DNS look- ups and a couple of if/else statements. Sender identity is the spam-fighting tool of the future. The author of this technology went from over 400 spams a day to just one or two.
How does it work?
Technically, FairUCE tries to find a relationship between the envelope sender's domain and the IP address of the client delivering the mail, using a series of cached DNS took-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snip. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. A future version will incorporate Sender Policy Framework (SPF) or similar sender identification systems; SPF-enabled domains will not require a challenge. Challenges are sent using a dedicated queue with a short lifetime so it does not get bogged down or interfere with legitimate mail.
If a relationship can be found, FairUCE checks the recipients whitelist and blacklist, as well as the domain's reputation, to determine whether to accept, reject, challenge on reputation, or present the user with a set of whitelist/blacklist options. A future version use a real domain reputation system; currently this is implemented as a 'whois' look-up to determine the domains when it first sent mail to the recipent
The FairUCE concept is currently implemented as an SMTP proxy that runs between multiple instances of Postfix on Linux. QMail and Sendmail support are being considered. It should be possible to use existing mail servers) on the inside of the proxy.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Products; unsolicited commercial email|
|Date:||May 1, 2005|
|Previous Article:||Hijack Guard- free.|
|Next Article:||Top twenty viruses reported to kaspersky in April.|