38
Access is usually achieved by sending email masquerading as a
trustworthy person or business (financial institution, insurance
company). The email can look very genuine, and will contain graphics
and content which may have originally come from the source that it
is impersonating. You will be asked to enter, under various pretenses
(data verification, financial operations), some of your personal data –
bank account numbers or user names and passwords. All such data, if
submitted, can easily be stolen and misused.
It should be noted that banks, insurance companies, and other
legitimate companies will never request user names and passwords in
an unsolicited email.
6.3.4 Recognizing spam scams
Generally, there are a few indicators which can help you identify spam
(unsolicited emails) in your mailbox. If a message fulfils at least some
of the following criteria, it is most likely a spam message.
▪ sender address does not belong to someone on your contact list
▪ you are oered a large sum of money, but you have to provide
a small sum first
▪ you are asked to enter, under various pretenses (data verification,
financial operations), some of your personal data – bank account
numbers, user names and passwords, etc.
▪ it is written in a foreign language
▪ you are asked to buy a product you are not interested in. If you
decide to purchase anyway, please verify that the message sender
is a reliable vendor (consult the original product manufacturer).
▪ some of the words are misspelled in an attempt to trick your spam
filter. For example „vaigra” instead of “viagra”, etc.
6.3.4.1 Rules
In the context of Antispam solutions and email clients, rules are tools
for manipulating email functions. They consist of two logical parts:
1. condition (for example, an incoming message from a certain
address)
2. action (for example, deletion of the message, moving it to
a specified folder).
The number and combination of rules varies with the Antispam
solution. These rules serve as measures against spam
(unsolicited email). Typical examples:
▪ 1. condition: An incoming email contains some of the words
typically seen in spam messages
2. action: Delete the message
▪ 1. condition: An incoming email contains an attachment with
a .exe extension
2. action: Delete the attachment and deliver the message to the
mailbox
▪ 1. condition: An incoming message arrives from your employer
2. action: Move the message to the „Work” folder.
We recommend that you use a combination of rules in Antispam
programs in order to facilitate administration and to more eectively
filter spam (unsolicited email).
6.3.4.1 Bayesian filter
Bayesian spam filtering is a very eective form of email filtering used
by almost all Antispam products. It is able to identify unsolicited
email with a high degree of accuracy. The Bayesian filter can work on
a per‑user basis.
The functionality is based on the following principle: The learning
process takes place in the first phase. The user manually marks a
sucient number of messages as legitimate messages or as spam
(normally 200/200). The filter analyzes both categories and learns,
for example, that spam usually contains words “rolex” or “viagra”, and
legitimate messages are sent by family members or from addresses
in the user’s contact list. Provided that a greater number of messages
was processed, the Bayesian filter is able to assign a certain “spam
index” to each message and thus decide on whether it is spam or not.
The main advantage is its flexibility. If a user is, say, a biologist, all
incoming emails concerning biology or a relative fields of study will
generally receive a lower probability index. If a message includes
words that would otherwise qualify it as being unsolicited, but it is
sent by someone from a contact list, it will be marked as legitimate,
because senders from a contact list decrease overall spam probability.
6.3.4.2 Whitelist
In general, a whitelist is a list of items or persons who are accepted,
or have been granted access permission. The term „email whitelist“
defines a list of contacts from whom the user wishes to receive
messages. Such whitelists are based on keywords searched for in
email addresses, domain names, or IP addresses.
If a whitelist works in „exclusivity mode“, then messages from any
other address, domain, or IP address will not be received. On the other
hand, if it is not exclusive, such messages will not be deleted, but
filtered in some other way.
A whitelist is based on the opposite principle to that of a blacklist.
Whitelists are relatively easy to maintain, more so than blacklists.
We recommend that you use both the Whitelist and Blacklist to filter
spam more eectively.
6.3.4.3 Blacklist
Generally, a blacklist is a list of unaccepted or forbidden items or
persons. In the virtual world, it is a technique enabling acceptance of
messages from all users not present on such a list.
There are two types of blacklist. It is possible for users to create their
own blacklist in their Antispam program. On the other hand, many
professional, regularly updated blacklists created by specialized
institutions can be found on the Internet.
Blacklist is based on the opposite principle to that of whitelist. It is
essential to use blacklists to successfully block spam, but they are very
dicult to maintain, since new items to be blocked appear every day.
We recommended that you use both the Whitelist and Blacklist to
filter out spam more eectively.
6.3.4.5 The server‑side control
The server‑side control is a technique for identifying mass spam email
based on the number of received messages and the reactions of users.
Each message leaves a unique digital „footprint“ on the server based
on the content of the message. In fact, it is a unique ID number which
tells nothing about the content of the e‑mail. Two identical messages
will have identical footprints, while dierent messages will have
dierent footprints.
If a message is marked as spam, its footprint is sent to the server.
If the server receives more identical footprints (corresponding
to a certain spam message), the footprint is stored at the spam
footprints database. When scanning incoming messages, the program
sends the footprints of the messages to the server. The server returns
information on which footprints correspond to messages already
marked by users as spam.
To Previous Page
Loading...
Need help?
General
