Stay away from garbage intrusion comprehensive understanding of various anti-spam solutions

Source: Internet
Author: User
Keywords Solutions spam anti-spam
Since 2000, the rapid development of Internet technology, mail technology has gradually become one of the most important communication tools in modern society. However, the innate intrusion of spam on mail users has become one of the most widely recognized threats to internet use by the end of 2006. There are a number of shocking numbers: 1000 of spam messages are generated worldwide every day, and 94% of the messages that users receive are spam; the United States and China are the world's largest two spam-producing countries and consumers, with an average of 19.4 spam messages received by Chinese netizens every week. These spam messages are filled with unsolicited commercials, pornography and reactionary content, political sensitive topic spread, even computer viruses and malicious code, to our normal mail to send and receive more difficult, so that enterprises network and mail resources are malicious waste, and even the organization and personal hardware assets suffered invasion, destruction and other losses. The latest form of spam is phishing mail, which spammer the user's username and password by spreading similar emails to banks and affiliates, while others control the computer through malicious code, turning the computer of the network user into a zombie PC, Use these PCs to send spam like a lot of ads to get business value. It can be said that the fight against spam and to the extent of the white-hot. China's anti-spam technology research is almost synchronized with foreign countries, but the process of production is relatively slow, basically to 2003 years after the initial application of professional-level products and systems program. At the international, there are two major open source community more authoritative, the current most of the world's spam core technology is derived from these two communities, one is the famous spamassassin, one is, Razor. China has not yet formed a relatively large open source community of anti-spam technologies. In the technical, especially the product structure to draw on these famous pioneers. When it comes to anti-spam technologies, there are generally three types of solutions. The first is the primary user-level client scenario. Most people think that the client program effect is not good, there is actually a misunderstanding, many of the statements are included in the business interests in the inside, so it can not be objective evaluation. Client scenarios, some people think that foxmail, Outlook, such as mail clients with a simple black-and-white list to determine the spam function, in fact, this is wrong. True client solutions include not only these Black-and-white list features, but also other types of methods, such as real-time RBL, fingerprint checking, trust network, and even content filtering technology, because it serves the object is "client personal user", does not care about the mail server, It is then still a professional-level anti-spam anti-spam scheme. The point is that professional products need to be found, and that they are of great economic value in the context of 50 of people, and that there is no other solution that is more competitive in more than 50 applications. RepresentativeProducts are the world's leading anti-spam technology company Cloudmark Company's personal version of the anti-spam products. The second type of technology scheme is the Anti-Spam gateway scheme. This scheme is the most widely used and the easiest enterprise anti-spam scheme. This program is a variety of anti-spam technology integrated into a device or software system, placed on the front-end of the mail server, the incoming and outgoing mail system of all messages filtered, reviewed, to violate the rules or have obvious spam characteristics of the disposal of the message. Gateway-type anti-spam scheme, which can be a specialized hardware product or a software form. In particular, it is traditionally thought that hardware products are better than software products, this understanding is also very biased, need to look at the difference: if the Anti-Spam gateway software with the mail system to achieve a true sense of seamless integration, can greatly improve the overall performance of the system, rather than as some commercial companies claim, The hardware product must be the best; the reason is simple: This saves two computing links (the anti-spam system after you unpack the mail system it can be transferred directly to the mail system without packing, and the mail system can accept the message without first having to unpack it--reducing the action means improving the performance. Gateway solution is the most important enterprise anti-spam scheme, because of the different technical routes of various commercial and research institutions, there are 3 kinds: (1) technical route based on experience rule and content inspection technology. This kind of anti-spam gateway, the main inspection methods include keyword filtering, Bayesian filtering, rule-based scoring system, mail fingerprint check, black and white list technology, rate control and so on. Need is to extract samples, extract content features and other information to check and filter spam. The product represented is the Barracuda anti-spam system. It should be noted that most of these products require a large number of content check calculation, the product's system structure and hardware platform system resource requirements, performance Peak is not very high, especially some products are written with pear, program restrictions, making performance as its main bottleneck. This user in the selection is to pay attention to, when choosing to use a higher number of models to deal with the sudden peak of the message. (2) Intelligent Behavior Identification technology route. Recognizing the performance limitations of rule-based and content-based technologies, some technical people have abandoned content checking, and instead have placed the main checks of product solutions on the protocol analysis of Mail. This kind of technology summarizes and analyzes the common behavior of spammers, such as sending a mass of clients, sending a high frequency, DNS camouflage, IP spoofing and so on, parsing the characteristics of these "garbage behaviors" and forming rules, using this writing rule to judge whether an email is legal. This kind of technology, at the same time includes numerous mail compliance authentication mechanism, but also contains the partial kill virus and so on content layer technology. It is also to be noted that such techniques are aimed at a large scaleMass-featured spam, and there is no good solution for a single, irregular, or even legitimate source of messages that send illegal content. Because it doesn't emphasize content checking, the most important criterion for spam is "content" illegal! However, this technology has been able to reject most of the spam because the vast majority of spam is actually generated by mass. The products represent manufacturers of sensitive technologies and anti-spam products from Taiwan's company, which claims to use behavioral recognition technology to counter spam. (3) Mixed mode route. This technical route emphasizes the process processing technology, utilizes the process processing technology to integrate various anti-spam technologies, including the intelligent behavior recognition based on protocol analysis, and also includes the pattern comparison route based on the rules and the content checking. Anti-spam gateway under the control of Intelligent process processing platform, order to let the mail accept all levels of compliance checks and content inspection. Comprehensive application of behavioral recognition technology, at the protocol layer, TCP/IP is analyzed and normalized to the behavior of sending and connecting, and the message from Hello, Auth, from, to, data and so on at the SMTP layer is inspected, and the mails which violate normal rules are analyzed emphatically, and the obvious mass behavior is disposed. The content inspection phase, also strictly in accordance with the "process", virus killing, user-level Black-and-white list, keywords, Bayesian filtering, fingerprint inspection, as well as other content-based inspection technology. This kind of gateway design architecture is better, "process" approach, so that a large number of spam in the "front-end" is filtered out, and in the content phase of the system's workload is very small, can greatly improve the overall performance of the system and garbage processing capacity. This type of product is represented by the Commontouch anti-spam engine, as well as the Chi Hai Hua Cheng cyanfilter anti-spam engine. Their common feature is the process of disposal, all have their own core anti-spam engine. Coummontouch's anti-spam engine uses real-time inspection technology to check the Trust network, while the Cyanfilter anti-spam engine includes Chinese word segmentation, Feature evolution engine technology and so on, which makes Qinglian Cyanlotus anti-spam gateway more powerful in Chinese garbage. In addition, the Cloudmark company's telecommunications-grade anti-spam Gateway also has the ability, its genetic algorithm and the world's largest "Trusted user network" is unmatched. The third category is the ASP Anti-Spam service scheme. This programme focuses on SME environments with fewer than 500 users. Anti-spam service providers first establish an anti-spam service center, which has the ability to provide anti-spam services to multiple domains and multiple servers at the same time. After purchasing the anti-spam service, the user points the MX record of his e-mail address to the service center, which adds the user's domain name at the same time, so that the user's message reaches the user's mail system, regardlessIs the way to buy space, or have a stand-alone server, the first to reach the ASP Anti-Spam Service Center for filtration inspection to achieve the purpose of purifying garbage. Such schemes are more economical and are not subject to geographical and deployment constraints. However, so far, there is no actual operation of the anti-Spam ASP appeared. Users, whether personal or enterprise, need to consider several factors when choosing an anti-spam solution: (1) economy. Individual users and a small number of enterprises can choose to use a professional client or ASP anti-spam solutions, not only save investment also has the same anti-spam effect, but also eliminates late maintenance and so on. (2) Anti-garbage effect of anti-spam system. The evaluation of the effectiveness of the anti-spam system generally includes the spam recognition rate, false negative rate, at the same time need to pay attention to the spam false alarm rate, in particular, the normal message to identify as spam "false positive" false positives, which is the most critical reference factor of anti-spam system. We can tolerate a day to receive a number of spam (of course, the number of cases), but all can not tolerate the normal mail is wrongly judged as "garbage" and Suffer "discard"! and evaluation of anti-spam system anti-spam effect of the method, is the actual trial! Because each user's spam category is not the same, some users spam mainly in English garbage, some Chinese garbage, some pictures, and some are advertising text, there are some fishing, and some are to live with virus garbage. Different spam features, need to use different anti-spam products: such as English garbage, we can choose foreign professional products; If the Chinese garbage more, the first consideration should be given to domestic, especially the Chinese word segmentation technology (due to China, Japan, Korea, the three languages of the two-byte and not participle of the particularity, Generally, anti-spam products can be difficult to deal with, but many of the virus, you can consider mainly by the virus-killing companies to provide anti-spam products. (3) Pay attention to the overall performance of the system. Anti-spam products, if the performance does not pass, with the growth of the business and the growing problem of spam, there may be a lot of problems, and performance problems may affect our normal mail efficiency; Due to defects in design and hardware configuration (especially in product structure and design language), Cause mail jam, overflow, normal message loss, system paralysis and so on, will make us lose heavy! (4) Easy management and flexibility. Generally speaking, the requirement of flexibility and simplicity is contradictory. Our principle is to gradually reduce the workload of network management personnel and users, while giving network management and users the maximum personalized needs. For example, each user should have their own personalized black-and-white list, their personalized keyword filtering strategy, and so on, so that our anti-spam system more targeted and efficient. When choosing a product, generally consider the Web management, simple parameter setup, less management and maintenance workload, and intelligent (especially self-learning) products. At the same time, product upgradesTo be timely, especially the virus library upgrade. Combined with the above mentioned, users in the anti-spam work, to fully understand the various anti-spam solutions and their actual needs to the extent, we can not blindly listen to * * Manufacturers or organizations claiming that they are the best and only good solutions, the best and most appropriate only our own decisions. Brand and market holdings in China has no reference (most brands are through a lot of publicity, and Chinese users are known as "with the public, face-saving"), the recommended practice is "trial" with the actual effect of speaking! Special, in China's garbage, the first to focus on the "Chinese" garbage, pictures of garbage, fishing garbage! At the same time, it depends on whether the anti-spam scheme has a complete "redemption" mechanism, there is a comprehensive log including spam log, blocking the mail log (most products do not have this function), virus mail log and send and receive the normal mail log. Anti-spam is a long and arduous business, we need to work together. This article is from the 51CTO Security Forum, reproduced please indicate the source and author. "The responsible editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 votes) of (0 votes) (0 votes) of the professional (0 votes) The title of the party (0 Votes) passed (0 Votes) text: Far from garbage intrusion comprehensive understanding of various anti-spam solutions Back to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.