6 anti-spam products horizontal comparison test (1)

China Internet Association 2006 the first China Anti-Spam survey showed that from November 2005 to March 2006, the proportion of spam received by Chinese Internet users rose from 61.53% to 63.97%, up 2.44%, well above the last survey of 0.9%. Chinese netizens have received an average of 19.33 spam messages a week, up 2.08 from 17.25 a week in October 2005. Junk mail is getting worse! In the face of these nasty spam, we lose more than just time, and the cost of the mail server's extra effort to process spam and the technical manpower to process spam is even greater. In the face of these unsolicited spam, how to use technical means to govern, has become our general concern. To this end, the "Computer World" evaluation laboratory in the recent anti-spam products horizontal comparison evaluation. The test has been the industry's general attention, and finally a total of gold from the Crown Group, IronPort Bae, SurfControl, sensitive technology, trends and technology, as well as Shuo-Qi technology and other 6 domestic and foreign manufacturers of 6 excellent hardware and software products participated in the test. In addition, in this test, we used the industry's advanced testing equipment, and chose to be as close as possible to the actual application of the test standards, to help readers understand the anti-spam technology, products and applications, and to choose anti-spam products to provide useful guidance. Spam is not a spam message, it is necessary to review its history of development first. The first record of spam was a chain letter emailed in August 1985, which continued to spread over 1993 years. In the June 1993, there was an e-mail message for "Make Money Fast" on the internet. In April 1994, Canter and Siegel's law firm sent a letter to more than 6,000 newsgroups to promote legal support for green cards in the United States. This is the first time in history to use the term spam (spam) to describe a news or email initiative. At the same time, spam is also beginning to arouse people's attention and disgust. Some savvy traders are immediately aware of the business opportunities that e-mail brings, and many people are starting to use e-mail as a commercial advertisement, and in May 1995 someone wrote the first dedicated application floodgate, which can send emails to a lot of people at once. In August, 2 million e-mail addresses were sold, and spam was increasingly linked to business. In the April 1996, people began using "unsolicited commercial e-mails" (uce,unsolicited commercial e-mail) to address spam and began to actively find ways to prevent spam from flooding the internet. Later, the spam delivery technologyAlso began to be exploited by hackers and virus programs, in order to execute attacks or even just to waste network bandwidth resources, and send spam messages. As a result, the industry is also beginning to use the term "unsolicited bulk mail (ube,unsolicited Bulk e-mail)". While spam is a lot of names, it is certain that they are unsolicited and are mostly hostile uninvited guests. It should be said that the proliferation of spam is only a by-product of the rapid development of the Internet. The root of the problem is that the basic protocol--smtp (Simple Mail Transfer Protocol), which is widely used on the internet, is obviously inadequate in security. One of the founders of the SMTP protocol Sluizer once said that the SMTP protocol was not able to eliminate spam because SMTP was designed based on the principle of default trust and lacked an effective mechanism to verify the identity of the sender. Although later through layers to make up, but after all, SMTP congenitally deficient, "patch" is only "patch". In addition to the internal cause of SMTP security is not high, there are many external factors caused by the increasing proliferation of junk mail. First, the bandwidth problem. In recent years, the rapid development of broadband network for the proliferation of spam to provide bandwidth support; second, the cost problem. With the decreasing cost of network communication, the continuous improvement of computer hardware performance and the maturing of software mass technology, the cost of sending spam is very low; third, the question of interest. For spammers, their low cost of input can often be rewarded with good returns; For the overwhelming spam, we also lack the relevant laws, norms and constraints. Spam prevention and filtering is the main method of dealing with spam, which can be divided into three categories: MTA (message transfer agent) filtering, MDA (mail forwarding agent) filtering, and MUA (mail user agent) filtering. MTA filtering means that the MTA checks the session's data during a session and filters messages that meet the filter criteria. MDA filtering is when the MDA receives a letter from the MTA, checks it locally or remotely, and filters messages that qualify for filtering. And MUA filtering is the mail client filtering, most popular mail clients, such as Outlook, Outlook Express, Netscape Mail, foxmail, etc. support MUA filtering. The filtering techniques covered below are based on the MTA or MDA filtering, which is based on the mail server side. 1. Black and white list is spam filtering the most traditional way, it is based on IP address, domain name and e-mail address information such as blacklist technology to screen spam, through the white list technology to allow the release of the message. The advantage of this technology is that it does not occupy system resources and is easy to deploy;Manual maintenance, and spammers can avoid filtering by changing information about them. RBL (real-time blacklist) technology is developed from the blacklist technology, it can be provided by RBL operators of the public RBL data updates, make up for a simple blacklist need manual maintenance of the defect. Unfortunately, many blacklist databases now have strong regional discrimination, for example, the RBL in North America contains a large number of host names and IP addresses in China, some of which were caused by early open relay, and some by false positives. But these delays have not been rectified, to some extent hinder our country and North America's mail link, also hindered our country's users to use these blacklist services. 2. SMTP connection frequency control spammers often send a large amount of spam over a period of time, blocking the mail server. The frequency control of SMTP connection can ensure that the mail server does not respond to abnormal connection requests, and ensures the smooth passage of normal mail. 3. reverse domain authentication Regardless of the authentication, the goal is to avoid the MTA being exploited by spammers, but it may still be helpless for spam sent to the local area. The simplest and most effective way to solve this problem is to reverse domain name verification of the sender's IP address. The DNS query is used to determine whether the sender's IP is consistent with its purported name, for example, its purported name is mx.yahoo.com and its connection address is 10.10.10.10, and its DNS records do not match. This method can effectively filter out the spam from the dynamic IP, for some users of the dynamic domain name, can also be shielded according to the actual situation. 4. Content filtering even with the technology in many of the previous links, there will still be a considerable amount of spam. In this case, the current method is based on the content of the message header or text filter. The test of the manufacturers in addition to the master-Qi technology, the other have the ability to filter content. The keyword filtering method is through the mail content scanning engine, to the mail common title language, the spam beneficiary's name, the telephone number and so on the information carries on the filtration. Because the keywords of spam in different periods change, you need to update the keyword filter set regularly. The statistical method based on Bayesian probabilistic theory is more complex, but at the same time it is more intelligent. The theory of this method is based on the analysis of the common keywords in a large number of spam mails, and then the statistical model of the distribution is derived, and the probability of the target mail being spam is calculated. This method has a certain adaptive, self-learning ability, has been widely used. There is a rule-scoring filter technology, currently more representative of the SpamAssassin, it is an artificial intelligence technology application system, it is found in the mail every keyword to score, the higher the score, the higher the likelihood of spam, when all the keywords score more than a certain number, The message will be determined as spam.It should be noted that content filtering is the most expensive system resource in all of the above methods. Therefore, in the case of large mail flow, preferably with High-performance server. 5. Virus scanning many spam messages are often generated by virus programs, and viruses can spread across the network with messages. So virus scanning is an important way to reduce spam. All products of this test are equipped with antivirus engine. 6. Behavioral Analysis Technology Behavioral analysis technology is the latest emerging of a mail filtering technology, its advantage is that the spam can be intercepted, reducing the receipt of mail and content analysis of the use of system resources and network bandwidth. Although the current behavior filtering technology is not fully mature, and the network environment requirements are high, but the behavior analysis technology by virtue of its good application prospects or caused by the major security manufacturers concern. The test products are more or less have a certain degree of behavioral analysis capabilities, especially the Spamtrap 120, is a completely based on behavioral analysis of products. 1 2 3 next page >> content navigation to force (0 votes) (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) Text: 6 anti-spam products horizontal comparison test (1) Return to network security home