What is spam and how to deal with spammers on the Internet. The main ways to protect against spam How spammers clean the databases from inactive email addresses

According to statistics, more than 80 percent of malicious programs penetrate the local network through e-mail. The mail server itself is also a tasty morsel for hackers - having access to its resources, the attacker gets full access to email archives and lists of email addresses, which allows you to get a lot of information about the life of the company, its projects and work. After all, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by attacking those addresses or writing fake emails.

Spam is, at first glance, a much lesser threat than viruses. But:

a large flow of spam distracts employees from their tasks and leads to an increase in non-productive costs. According to some reports, after reading one letter, an employee needs up to 15 minutes to enter the working rhythm. If more than a hundred unsolicited messages come in a day, then their need to view them significantly violates the current work plans;
spam facilitates the penetration into the organization of malicious programs disguised as archives or exploiting vulnerabilities in email clients;
a large flow of letters passing through the mail server not only worsens its performance, but also leads to a decrease in the available part of the Internet channel, an increase in the cost of paying for this traffic.

With the help of spam, some types of attacks using social engineering methods can also be carried out, in particular phishing attacks, when a user receives letters disguised as messages from completely legal persons or organizations, asking them to perform some action - for example, enter a password to their bank card.

In connection with all of the above, the e-mail service requires protection without fail and in the first place.

Solution Description

The proposed solution for protecting the enterprise mail system provides:

protection against computer viruses and other malicious software distributed via e-mail;
protection against spam, both incoming to the company by e-mail and distributed over the local network.

Modules can be installed as additional modules of the protection system;

protection against network attacks on the mail server;
anti-virus protection of the mail server itself.

Solution Components

The system for protecting mail services can be implemented in several ways. The choice of the appropriate option is based on:

the company's information security policy;
operating systems used in the company, management tools, security systems;
budget restrictions.

The right choice allows not only to build a reliable protection scheme, but also save a significant amount of money.

As examples, we will give the options “Economic” and “Standard”

The “Economical” option is built on the basis of the Linux operating system and the maximum use of free products. Composition of the variant:

virus and spam protection subsystem based on products of Kaspersky Lab, Dr.Web, Symantec. If a company uses a demilitarized zone, it is recommended to move the mail traffic protection system to it. It should be noted that products designed to work in the demilitarized zone have more functionality and greater capabilities for detecting spam and attacks than standard ones, which improves network security;
firewall subsystem based on the iptables2 firewall standard for the Linux operating system and management tools;
attack detection subsystem based on Snort.

Mail server security analysis can be done with Nessus

The solution based on the “Standard” option includes the following subsystems:

subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
firewall and intrusion detection subsystem based on Kerio Firewall or Microsoft ISA.

Mail server security analysis can be done with XSpider

Both of these options do not include instant messaging and webmail security modules by default.
Both the “Economic” option and the “Standard” option can be implemented on the basis of software products certified by the FSB and FSTEC, which allows them to be supplied to government agencies and companies with an increased level of security requirements.

Benefits of the proposed solution

the solution provides reliable protection against the penetration of malicious programs and spam;
optimal selection of products allows you to implement a protection scheme that takes into account the needs of a particular client.

It should be noted that a full-fledged protection system can only function if the company has an information security policy and a number of other documents. In this regard, Azone IT offers services not only for the implementation of software products, but also for the development of regulatory documents and auditing.

You can get more detailed information about the services provided by contacting the specialists of our company.

The following technologies are used to protect mail servers:

There are two main methods of spam protection: protection against spam when the mail is received by the server, and separating spam from the rest of the mail after it is received.

Blacklists. Blacklists include IP addresses from which spam is sent.

Greylisting or greylisting. The principle of operation of gray lists is based on the tactics of sending spam. As a rule, spam is sent in a very short time in large quantities from any server. The job of the greylist is to deliberately delay the receipt of emails for some time. The address and forwarding time are entered into the greylist database. If the remote computer is a real mail server, then it must keep the letter in the queue and repeat the forwarding within five days. Spam bots, as a rule, do not keep messages in the queue, so after a short time they stop trying to forward the letter. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is added to the local whitelist for a sufficiently long period.

DNSBL (DNS blacklist)– lists of hosts stored using the DNS system. The mail server accesses the DNSBL and checks it for the presence of the IP address from which it receives the message. If the address is in this list, then it is not accepted by the server, and the corresponding message is sent to the sender

Message limit. Set a limit on the number of messages.

Program Spamassassin(SA) allows you to analyze the content of an already delivered message. SpamAssassin comes with a large set of rules that determine which emails are spam and which are not. Most of the rules are based on regular expressions that match the message body or header, but SpamAssassin uses other techniques as well. The SpamAssassin documentation refers to these rules as "tests".

Each test has some "cost". If the message passes the test, this "cost" is added to the total score. The cost can be positive or negative, positive values are called spam, negative values are called ham. The message goes through all the tests, the total score is calculated. The higher the score, the more likely the message is spam.

SpamAssassin has a configurable threshold above which an email will be classified as spam. Usually the threshold is such that the email must meet several criteria; just one test failing is not enough to exceed the threshold.

The following technologies are used to protect websites from spam:

1. Image captcha. Those. the user is shown arbitrary text that the user must enter in order to perform any action.

2. Text captchas– the subscriber must enter the answer to the proposed question to confirm his actions.

3. Interactive captcha- a little common, but very useful form of protection. For example, to confirm actions, the user will be asked to solve an easy jigsaw puzzle - for example, to assemble a picture from three or four parts.

- €55-250 million annually. 60% world mail traffic.
50-75% from all Russian mail traffic. Modern anti-spam tools filter 85-98% of spam. The volume of the world market of sales of anti-spam filters and services in 2004 amounted to approximately $500 million (according to IDC).
Most antivirus vendors have included antispam components in their products. During the year, anti-spam companies made several purchases of anti-spam software companies (in particular, the purchase of BrightMail by Symantec for $340 million). In Russia, most of the holders of public mail services and most providers have installed anti-spam filters, which made it possible to alleviate the problem of spam for their customers. The undoubted leader in Russia in terms of sales and the number of protected mailboxes is Spamtest technology.
1. PREVENTION The #1 anti-spam tool is to protect your address. Spammers will not know your address - there will be no spam. Light up your address on the network, you will have to throw it away and start a new one, it will only be a matter of time. And, as a result, inform all your friends and partners again of the new address, while losing a number of contacts is possible. To keep this from happening Enter two email addresses. One address for long-term contacts (do not shine it on the network).
Another address for making contacts, using the network (chat rooms, bulletin boards, etc.).
Then there should be no spam on the first address, because it is not known on the network.
When spam goes to the second address, just throw it away and start a new one.
2. NAME CHOICE People tend to get the most concise address. Let's say sergey@mail.ru is cool and what a pity that all the simple addresses are already taken. Be sure to [email protected] spam is pouring in non-stop. It's cool to have a concise site name, but the email address will still have to be reported to everyone personally, whether it be from numbers or an original, not a hackneyed word. By the way, for this purpose, the leading mail gmail.com registers names no shorter than 6 characters. All short names have long been included in the spam lists.
3. HTML SPECIAL CHARACTERS The simplest and most commonly used method of protecting against spiders is to encode an email address using HTML special characters. Instead of a dog @ . But today this method is hopelessly outdated.
Robots can easily find such addresses.
4. JAVASCRIPT On the anti-spam code generator page, you can generate your own script. Since these address hiding scripts are handicraft, they are very diverse and there are no programs that would be able to extract email from JavaScript. Today it is the most reliable address protection on the network.
5. ANTISPAMMERS But, what if you are exposed, or you are so famous that it is impossible for you not to be exposed, then you cannot do without an anti-spammer. There are many anti-spammer programs that you can download online.
What I do not recommend.
I came to the conclusion that all these anti-spams are small and weak, and a person cannot pull sensible anti-spam, only a reputable company, say, such as Gmail.com, can do this. Their spam remains on the server, you can always go in and correct it. So my strong advice: get yourself a mail on Google.
I have not seen the best spam filter, all spam remains on the server, which, if desired, can always be viewed and corrected. Anti-spammers do not completely solve the problem, but make life easier in the problem.
6. POCKET PC & WAP Spam has reached this level, but today there are quite reliable means of protection. Therefore, the development of this issue is not relevant.

Dear friends and users of our site, I am with you again, SpaceWolf, and today we will talk about the urgent problem of “SPAM”. The way to solve this problem will get rid of spam on the contact form, spam comments or spam on online orders.

I would like to immediately note the pros and cons of this method:

Works well against bots.
Quick installation in the form of sending messages
Minimum code (3 lines)
It does not require special knowledge, except for the location of the main files.
Users who do not have java will not be able to pass the verification and therefore send a message.

Basically everything. Let's proceed with the installation:

1) Add an additional hidden field to your form (this is a comment form, a feedback form, a product order form) with the name name=”check” meaning value="" leave empty. Example:

2) In the same form, but only in the button (“send”, “write”, “Leave feedback” or whatever you call it), add the following code:

If ($_POST["check"] != "stopSpam") exit("Spam decected");

Spam protection - how it works

The principle is as simple as the code itself. It is designed to prevent spam bots from running programs on JavaScript. At the time when a regular user clicks on the “order” button in our hidden field, the word “stopSpam” will fit in, and in the case of a robot, this field will remain empty. Let me explain at the moment why it will remain empty ?. The robot fills in all fields except for our hidden field with an identifier id=”check” and variable check will remain blank, hence the mail will not be sent. And when the user clicks on the button, our JavaScript, which we added to the button.

I advise you to use this method in conjunction with captcha, the effect will be better.

Well, that's all. If the article helped you, write comments, repost and do not forget to say "Thank you" in the comments.

If someone has other problems or questions, leave them in the comments, we will be happy to find a solution together. We are waiting for your messages!

Spam is the mass mailing of messages to users who have not given their consent to receive them. Carried out for the purpose of advertising certain products, spreading information, identity theft, etc. This is an intrusive advertisement for something. In most cases, spam is presented in the form of sending emails, but in fact it is used wherever there is open access to the dissemination of information: social networks and media, forums, comments on websites, instant messengers, emails, SMS to the phone. Even offline, there is spam. For example, advertising brochures in your mailbox. People who send spam are called spammers. Spam advertising is one of the cheapest methods of promotion on the Web, but not the most effective. Such mailing is negatively perceived by the audience, which does not allow all companies to use it. Those who care about reputation and image do not use spam.

Where did the word "spam" come from?

The word "spam" first appeared in the 40s of the 20th century, in the post-war period. Initially, it meant the name of canned food included in the meat diet of soldiers. After the war, they had to be urgently sold before the expiration date had expired and they had not deteriorated. This led to the fact that advertising of this product was everywhere: on the streets, in newspapers, in transport. It was deliberately made aggressive, imposing on people the need to purchase these canned food. It was this event that was remembered when this kind of advertising began to be actively used on the Web. Aggressive and intrusive distribution of advertising messages received the corresponding name - spam. Since then, the word "spam" means "mass mailing of intrusive advertising." The user did not ask, did not subscribe, but they send him letters, in the content of which he is not interested. In the early days (as soon as the Internet and e-mails appeared), spam advertising on the Web was more effective than it is now. People are not used to this, and there was no advertising "blindness" then. But it still remains one of the most inexpensive ways to reach the maximum audience, which allows it to stay afloat as one of the most popular ways to promote your services and products.

A spam attack is the distribution of spam messages with an increased concentration on certain sites or channels. For example, spammers have found that a particular forum has a high bounce rate. This information spread in spam circles, and a huge wave of messages with intrusive advertising hit the site. Such an event is called a spam attack. Spamming attacks are not always made due to the high return of the site. Sometimes they happen due to someone's malicious intent in order to harm the site and its owner. For example, they are carried out by unscrupulous competitors.

Types of spam

All spam can be classified according to several criteria.

By area of distribution:

online spam - distributed in the online space;

offline spam - distributed in offline space.

Distribution method:

manual – messages are sent manually.

According to the degree of danger:

Most popular websites and email accounts are adequately protected against dangerous spam. They use spam filters. Messages that can cause real harm are blocked automatically. The most dangerous of them are permanently deleted, the less dangerous or just dubious ones are placed in the Spam folder. Often, the system mistakenly places messages in the Spam folder that do not carry any harm to the user, for example, a letter confirming registration on some site. For the system, these are unfamiliar sources, therefore, it does not trust them. Therefore, regularly check your Spam folder and remove the necessary letters from there.

Safe

commercial advertising. It includes sending messages advertising various kinds of goods, services, websites, etc. As mentioned earlier, spamming is one of the most inexpensive ways to promote on the Web. Hence, it is in demand among internet entrepreneurs. They simply chose spam as one of their promotion channels;

advertising that is prohibited by law. In Russian legislation, there is a list of goods and services that are prohibited from advertising. Most popular channels (search engines, social networks) adhere to these requirements, and sometimes add their own. This causes some difficulties for advertisers. E-mailing does not have such restrictions, which allows advertisers to freely advertise any goods and in any form;

manipulation of public opinion. Often spam is used as a tool to influence the public opinion of the audience. These are not only political motives, but also commercial ones. For example, someone decides to send compromising material to a competitor or send mailings on behalf of someone in order to get a negative reaction in response. Such mailing does not harm users, but can cause certain moods in society;

mailing with a request to forward the message. A particularly popular form of social media spam. As a rule, it does not carry any semantic load and does not pursue any goals. These are messages in the spirit of "Forward this letter to 20 friends and next year you will find the love of your life." Oddly enough, but there are people who continue to do this. Rarely may contain hidden advertising.

Dangerous (malicious)

This type of spam can cause real harm to users - steal their personal data (logins, passwords), gain access to electronic wallets, infect a computer with viruses, etc. Most often, the content of such emails includes links or attachments. In no case do not go through them and do not download. Types of dangerous spam:

Places of distribution

Where can you find spam?

In email, this is the most common place for spam messages. Letters are not moderated before being sent, therefore, their content is not limited in any way. As a rule, spam filters are used after sending.

Forums - those sites where there is no moderation are very popular among spammers, as this allows you to freely publish any information. Forums where all messages are verified are not used at all or are used to post hidden advertising.

Comments on sites - similar to forums, those sites where there is no moderation are highly popular among spammers.

Social Media – The number of spam messages on social media has only grown in recent years. Private messages and comments are the most popular communication tool. Spam in social networks is characterized by greater "friendliness". Senders, as a rule, do not just send you an advertising message, but try to enter into a dialogue, get to know each other. Of course, such an unexpected desire to communicate is caused only by commercial goals - to sell a product or service.

Messengers - in recent years, with the growing popularity of messengers (Viber, Telegram, WhatsApp), the number of spam messages in them has also grown.

SMS - probably, everyone received SMS with advertising from unknown numbers on their phone. This is spam.

How spammers find email addresses

One of the most popular questions is “How do spammers know my address or phone number?” Finding user contacts is not a big problem. You can get them in several ways.

Based on the above, the conclusion suggests itself: do not leave your contact details anywhere. Create several email addresses - one for important correspondence and important services, the other for everything else. If spam catches up with you, then let it be in the second mailbox.

How to disable spam

In some cases, it is easy to turn off spam - just click the "Unsubscribe" button in the letter. The method works if you yourself once subscribed to the source. Sometimes a subscription is issued automatically after registration on the site.

But be careful. Sometimes spammers design links in the form of an unsubscribe button. Of course, after clicking, no unsubscribe will occur. You will simply be moved to the promoted resource. If the source seems unfamiliar to you, it is better to use the following method and block it to get rid of annoying emails. In most mail services, as well as in social networks, you can block addresses and users from which unwanted letters come. How to block spam (using Gmail as an example):

Ready! After the actions taken, the selected address will not be able to send you letters. Now he is blacklisted. Similar actions can be performed on social networks.

Spam protection methods

In order not to have to block each spammer manually (after all, there can be hundreds of sources), it is enough to follow simple tips and recommendations for protecting against spam.

Do not publish your address and contacts in public and questionable places.

Get a second box for unimportant messages and use it.

Do not download attachments.

Use only popular mail services (they have the maximum level of protection against spam).

Create a more complex postal address. The lighter the address, the easier it is for spammers to generate it.

The most secure mailboxes

From the point of view of protection against spam mailings, the safest mailboxes are:

Google mail (gmail);

Yandex mail;

Mail.ru-mail.

It is important to understand that no service will provide 100% protection. There will always be promotional emails. After all, spam methods are improving every year, becoming more sophisticated and secretive, spammers are constantly finding new ways to bypass filters. But the above services are capable of minimizing the number of unwanted messages.