Analysis of core technology of anti-spam firewall

The origins and technology of Spam

The SMTP protocol itself is a simplified mail Submission protocol, lacking many of the necessary authentication, which is one of the reasons why the SMTP protocol is flooding the spam message. Because of the SMTP protocol, the sender is allowed to forge the vast majority of the sender's signature information, such as: sender, letter routing, and so on, even after anonymous forwarding, open forwarding and open agent, and so on, can almost completely erase the sender of spam characteristics. At present, the vast majority of spam has forged its true source of mail, which has caused great difficulties in finding a stop to the spread of spam.

The SMTP protocol also lacks some of the necessary behavioral controls to effectively discriminate between normal mail and spam messages, which is the second cause of spam flooding. Spam messages usually have certain behavioral characteristics, such as sending extremely large amounts of e-mail in a short period of time, usually with specific communication features.

Anti-spam technology is either a certain flaw in itself, such as the determination of spam can not be absolutely accurate, or need a lot of implementation costs, etc., or because of the actual environmental constraints can not be applied, For example, you cannot completely overturn the original SMTP protocol and use a new mail protocol that avoids the generation and propagation of spam. Therefore, simply relying on technical means does not completely solve the spam message.

Analysis of anti-spam technology

We will analyze what technology the anti-spam firewall uses as a proxy for the protection technology used by a spammers-barracuda anti-spam firewall. The following are the protection techniques used by this anti-spam firewall:

1 denial of service attacks and security protection

2 IP Block List

3 Rate Control

4 Double virus Scan

5 User Custom Rules

6 Spam fingerprint check

7 Message Intent Analysis

8 Bayesian Intelligence Analysis

9 Rule-based Scoring System

10 virus protection for uncompressed files

Due to virus protection for rate control, virus scanning, and decompression files for viruses, anti-spam subsidiary functions We do not discuss, it is worth mentioning that the firewall to prevent DDoS attacks and anti-spam firewall to prevent Dos attacks are not the same. According to the technical engineer's introduction: Anti-spam firewall to prevent Dos attacks are mainly to prevent a mail address in a short period of time to send a large number of spam, resulting in a Dos attack.

The core technology of spam is Bayesian intelligent analysis, spam fingerprint inspection, rule-based scoring system, user custom rule, its core is Bayesian intelligent analysis, spam fingerprint inspection technology. Here we will analyze the anti-spam filtering technology:

1 spam fingerprint check

When it comes to fingerprint checking of spam, many people find it mysterious, in fact, the fingerprint of the mail is the combination of some strings in the content of the message, also known as snapshots. is to identify information that has been identified as spam from a similar, but not identical, message. For example: If you are often plagued by spam, you will not be unfamiliar with the following words: "Agent service", "enrollment", "cash", is not it when you see them can not help but think of junk mail?