Methods of protection against spam. Protecting email from spam and phishing: current threats and advanced solutions. Advantages of the proposed solution

Spam is the mass sending of messages to users who have not consented to receive them. Carried out for the purpose of advertising certain products, disseminating information, stealing personal data, etc. This is intrusive advertising of something. In most cases, spam is presented in the form of sending emails, but in reality it is used everywhere open access to disseminate information: social networks and media, forums, comments on websites, instant messengers, emails, SMS to phone. Even in the offline space there is spam. For example, promotional brochures in your mailbox. People who send spam messages are called spammers. Spam advertising is one of the cheapest methods of online promotion, but not the most effective. Such mailing is perceived negatively by the audience, which prevents all companies from using it. Those who value their reputation and image do not use spam.

Where does the word "spam" come from?

The word “spam” first appeared in the 40s of the 20th century, in the post-war period. Initially, it meant the name of canned food included in the meat ration of soldiers. After the war, they had to be urgently sold before the expiration date expired and they spoiled. This led to the fact that advertising for this product was everywhere: on the streets, in newspapers, in transport. It was deliberately made aggressive, imposing on people the need to purchase these canned foods. It was this event that came to mind when this kind of advertising began to be actively used on the Internet. Aggressive and intrusive sending of advertising messages is appropriately called spam. Since then, the word “spam” has meant “mass sending of intrusive advertising.” The user did not ask, did not subscribe, but they send him letters in the contents of which he is not interested. At first (as soon as the Internet and email appeared), spam advertising on the Internet was more effective than it is now. People were not used to this, and advertising “blindness” did not yet exist. But it still remains one of the most inexpensive ways to reach the maximum audience, which allows it to remain afloat as one of the most popular ways to promote your services and products.

A spam attack is the sending of spam messages with increased concentration on certain sites or channels. For example, spammers have discovered that a certain forum has a high return rate. This information spread among spam circles, and the site was hit with a huge wave of messages with intrusive advertising. This event is called a spam attack. Spamming attacks are not always carried out due to the high impact of the site. Sometimes they happen due to someone’s malicious intent with the aim of harming the site and its owner. For example, they are carried out by unscrupulous competitors.

Types of spam

All spam can be classified according to several criteria.

By area of ​​distribution:

online spam – distributed in the online space;

offline spam – distributed in the offline space.

By distribution method:

manual – messages are sent manually.

By degree of danger:

Most popular sites and electronic mailboxes have sufficient protection against dangerous spam. They use spam filters. Messages that can cause real harm are blocked automatically. The most dangerous of them are deleted permanently, less dangerous or simply dubious ones are placed in the Spam folder. Often, the system mistakenly places messages in the Spam folder that do not cause any harm to the user, for example, a letter confirming registration on a website. For the system, these are unfamiliar sources, therefore, it does not trust them. Therefore, regularly check your Spam folder and remove the necessary messages from there.

Safe

commercial advertising. Includes sending messages advertising various types of goods, services, websites, etc. As mentioned earlier, spam mailing is one of the most inexpensive ways to promote on the Internet. Hence, it is in demand among online entrepreneurs. They simply chose spam as one of their promotion channels;

advertising that is prohibited by law. IN Russian legislation There is a list of goods and services that are prohibited from advertising. Most popular channels ( search engines, social networks) adhere to these requirements, and sometimes add their own. This causes certain difficulties for advertisers. Electronic mailing does not have such restrictions, which allows advertisers to freely advertise any products and in any form;

manipulation of public opinion. Spam is often used as a tool to influence the public opinion of the audience. These are not only political motives, but also commercial ones. For example, someone decided to send out compromising material about a competitor or send out mailings on someone else’s behalf in order to receive a negative reaction in return. Such mailings do not harm users, but can cause certain sentiments in society;

• mailing with a request to forward the message. A particularly popular type of spam in in social networks. As a rule, it does not carry any meaning and does not pursue any goals. These are messages in the spirit of “Forward this letter to 20 friends and next year you will find the love of your life.” Oddly enough, there are people who continue to do this. Rarely may contain hidden advertising.

Dangerous (malicious)

This type of spam can cause real harm to users - steal their personal data (logins, passwords), gain access to electronic wallets, infect the computer with viruses, etc. Most often, the contents of such letters include links or attachments. Do not click on them or download them under any circumstances. Types of dangerous spam:

Places of distribution

Where can you find spam?

IN e-mail– the most common place for spam messages. Letters are not moderated before being sent, therefore their content is not limited in any way. As a rule, spam filters are used after sending.

Forums – those sites where there is no moderation are very popular among spammers, as this allows you to freely publish any information. Forums where all messages are verified are not used at all or are used to publish hidden advertising.

Comments on sites - similar to forums, those sites where there is no moderation are increasingly popular among spammers.

Social networks – the number of spam messages on social networks has only increased recently. Personal messages and comments are the most popular tool for disseminating information. Spam on social networks is characterized by greater “friendliness”. Senders, as a rule, do not just send you an advertising message, but try to enter into a dialogue and get to know each other. Of course, such an unexpected desire to communicate is caused only by commercial purposes - to sell a product or service.

Messengers – in recent years, with the growing popularity of instant messengers (Viber, Telegram, WhatsApp), the number of spam messages in them has also increased.

SMS – probably everyone has received an SMS with advertising from unknown numbers on their phone. This is spam.

How spammers find mailing addresses

One of the most popular questions is “How do spammers know my address or phone number?” Finding user contacts is not a big problem. You can get them in several ways.

Based on the above, the conclusion suggests itself: do not leave your contact information anywhere. Create several email addresses - one for important correspondence and important services, the other for everything else. If spam catches up with you, then let it be in the second mailbox.

How to disable spam

In some cases, it is easy to disable spam - just click the “Unsubscribe” button in the letter. The method works if you yourself once subscribed to the source. Sometimes a subscription is issued automatically after registering on the site.

But be careful. Sometimes spammers design links as an “Unsubscribe” button. Of course, after clicking, no unsubscribe will occur. You will simply be transferred to the promoted resource. If the source seems unfamiliar to you, it is better to use the following method and block it to get rid of annoying letters. In most email services, as well as in social networks, you can block addresses and users from whom unwanted emails come. How to block spam (using Gmail as an example):

Ready! After these steps, the selected address will not be able to send you letters. Now he is blacklisted. Similar actions can be performed on social networks.

Anti-spam methods

To avoid having to block each spammer manually (after all, there can be hundreds of sources), just follow simple tips and anti-spam recommendations.

Do not publish your address and contacts in public or dubious places.

Create a second mailbox for unimportant messages and use it.

Do not download files as attachments.

Use only popular email services (they have the maximum level of protection against spam).

Create a more complex mailing address. The lighter the address, the easier it is for spammer programs to generate it.

The most secure mailboxes

In terms of protection from spam mailings, the most secure mailboxes are:

Google mail (gmail);

Yandex mail;

Mail.ru-mail.

It is important to understand that no service will provide 100% protection. Promotional emails will always slip through. After all, spam methods are improving every year, becoming more sophisticated and secretive; spammers are constantly finding new ways to bypass filters. But the services described above are capable of minimizing the number of unwanted messages.

This is a new Kaspersky Lab product designed for comprehensive protection home computer. This program provides simultaneous reliable protection against viruses, hackers and spam. The Kaspersky Anti-Spam module is one of the elements of this home computer protection system. First of all, it should be noted that Kaspersky Anti-Spam is not an independent product and does not work separately from Kaspersky Personal Security Suite. To some extent, this can be called a disadvantage, since users cannot use Kaspersky Anti-Spam separately, but comprehensive protection also has its undoubted advantages.

Anti-virus protection and firewall have been discussed more than once on the pages of our publication. Therefore, in this article we will look exclusively at the operation of the antispam module.

The basis of Kaspersky Anti-Spam is the intelligent SpamTest technology, which provides: fuzzy (that is, triggered even if there is an incomplete match) comparison of the letter being checked with samples - letters previously identified as spam; identification of phrases characteristic of spam in the text of the letter; detection of images previously used in spam emails. In addition to the criteria listed above, formal parameters are also used to identify spam, including:

• "black" and "white" lists that the user can maintain;
• various features of mail message headers characteristic of spam, for example, signs of falsification of the sender's address;
• techniques used by spammers to deceive mail filters - random sequences, replacing and doubling letters, white on white text and others;
• checking not only the text of the letter itself, but also attached files in plain text, HTML, MS Word, RTF and other formats.

Installation of the antispam module

The module is installed during installation of Kaspersky Personal Security Suite. When choosing installation options, a user who uses email clients other than Microsoft email programs may not install the module for Microsoft Outlook.

It should be noted that Kaspersky Anti-Spam scans any correspondence received by email SMTP protocol. Thanks to this, it can filter out spam in any email program, but more on that below.

Integration into Microsoft Outlook Express

The program does not have its own interface as such. In Microsoft Outlook Express, the Kaspersky Anti-Spam module is integrated as a menu and as an additional panel.

One may note some inconvenience when using this panel, although it has nothing to do with the antispam module itself. Due to the principles of operation of the mechanism Microsoft programs Outlook Express Kaspersky Anti-Spam panel cannot be docked in a convenient place for the user. Each time you start the program, the panel will appear third. You will have to constantly move it to a convenient place or come to terms with this state of affairs.

Program operation

When receiving mail, Kaspersky Anti-Spam analyzes incoming correspondence. If spam is detected, the letter is marked with a special label [!! SPAM] in the Subject field and placed in the Deleted Items folder. Messages recognized as non-spam are not marked with anything and are processed by the mail program in accordance with established rules. If the program is not sure that the letter is spam, then the [?? Probable Spam] and the letter is placed in the Inbox for the user to make a final decision. In addition, the program uses two more types of labels: - for letters with obscene content and - for automatically generated letters, for example letters from email robots.

Thanks to such tags you can organize Kaspersky work Anti-Spam with any other email program. It is enough to create rules in your email client to sort emails by these tags. In Microsoft Outlook itself, such folders are created with one click of a button in the antispam module settings window.

Training program

The program can be trained in two ways: by classifying messages received by the user as spam - not spam, and by downloading updates from the Laboratory server. The first method allows you to train the program for the user’s personal email, the second allows you to quickly respond to massive spam events on the Internet.

When you launch it for the first time, Kaspersky Anti-Spam will extract from address book Microsoft Outlook all addresses to add them to the "Friends List". All letters from these recipients will be perceived by the antispam module as not spam and will be passed through without checking. Subsequently, the user can edit this list by adding or removing recipients to it. In addition to the "Friends List" there is also a "Enemies List". Any correspondence received from recipients on the Enemy List will be clearly classified as spam.

Adding recipients to your friends or enemies lists is done by simply clicking a special button on the Kaspersky Anti-Spam panel. Training is also carried out there. If you miss a spam email, you just need to click the “This is spam” button. A window will appear in which the user must tell the program what to do with this message.

The “Send as an example of spam” command generates a letter to Kaspersky Lab with a message about spam for further training. This command can be ignored. You can neglect adding the author to the enemies, but you should definitely add the letter to the spam samples. This is how the program is trained for personal correspondence.

Since Kaspersky Anti-Spam does not integrate into other email clients, its training in these programs is only possible through updates received from the Laboratory server. Unfortunately, this training option does not make it possible to train the program for the specifics of personal mail.

Settings

In the program settings you can: specify the location of the module databases, if the user wants them to be stored in a non-standard location; disable or enable filtering; set update parameters and view statistics.

The Kaspersky Anti-Spam module provides sufficient full protection user email from spam. Like any other program, it requires training. And while this learning is happening, erroneous recognitions are possible correct letters like spam and vice versa. A relative disadvantage is that the module does not allow you to delete messages on the server that are obvious spam. The user still has to spend his traffic on these unnecessary letters. On the other hand, with this approach to spam filtering, not a single valuable message will be lost. In all other respects, Kaspersky Anti-Spam deserves the most serious attention, especially considering the integration of the module with other programs that ensure the security of the user’s computer.

- €55-250 million annually. 60% global mail traffic.
50-75% from all Russian mail traffic. Modern anti-spam tools filter 85-98% of spam. The global sales market for antispam filters and services in 2004 was approximately $500 million (according to IDC estimates).
Most antivirus vendors have included antispam components in their products. During the year, there were several acquisitions of anti-spam software manufacturers by anti-virus companies (in particular, the purchase of BrightMail by Symantec for $340 million). In Russia, anti-spam filters were installed by the majority of holders of public mail services and the majority of providers, which made it possible to alleviate the severity of the spam problem for their clients. The undoubted leader in Russia in terms of sales volume and number of protected mailboxes is Spamtest technology.
1. PREVENTION#1 way to fight spam is to protect your address. If spammers don't know your address, there will be no spam. If you expose your address on the Internet, you will have to throw it away and create a new one, it will only be a matter of time. And, as a result, you have to inform all your friends and partners again of the new address, and you may lose a number of contacts. To prevent this from happening Create two email addresses. One address for long-term contacts (don’t post it online).
Another address for making contacts, using the network (chat rooms, bulletin boards, etc.).
Then there should be no spam at the first address, because it is not known on the network.
When spam arrives at the second address, just throw it away and create a new one.
2. SELECTING A NAME People strive to get the most concise address. Let's say sergey@mail.ru is cool and what a pity that all the simple addresses are already taken. Rest assured that [email protected] spam is pouring in non-stop. It’s cool to have a laconic site name, but the email address will still have to be communicated to everyone personally, even if it is from numbers or original, not a hackneyed word. By the way, for this purpose, the leading mail gmail.com registers names of at least 6 characters. All short names have long been included in spam lists.
3. HTML SPECIAL CHARACTERS The simplest and most commonly used method of protecting against spiders is encoding the email address using special HTML characters. Instead of a dog - @ . But today this method is hopelessly outdated.
Robots easily find such addresses.
4. JAVASCRIPT On the anti-spam code generator page you can generate your own script. Since these scripts for hiding an address are created at home, they are very diverse and there are no programs that can extract email from JavaScript. Today this is the most reliable address protection on the network.
5. ANTI-SPAMMERS But what if you have been exposed, or you are so famous that it is impossible for you not to be exposed, you cannot do without an antispammer. There are many anti-spammer programs, you can download them online.
What I don’t recommend doing.
I came to the conclusion that all these antispams are small and weak, and a person cannot handle a sensible antispam; only a reputable company, say, such as Gmail.com, can do this. Their spam remains on the server, you can always go in and correct it. So my strong advice: get yourself an email account on Google.
I have never seen a better spam filter; all spam remains on the server, which can always be viewed and corrected if desired. Antispammers do not completely solve the problem, but make life easier with the problem.
6. POCKET PC AND WAP Spam has reached this level, but today there are fairly reliable means of protection. Therefore, the development of this issue is not relevant.

According to statistics, more than 80 percent malware penetrate into local network precisely through email. The mail server itself is also a tasty morsel for hackers - by gaining access to its resources, the attacker gets full access to email archives and lists email addresses, which allows you to get a lot of information about the life of the company, the projects and work carried out in it. After all, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by launching attacks on those addresses or composing fake emails.

At first glance, spam is a much lesser threat than viruses. But:

• A large flow of spam distracts employees from performing their tasks and leads to an increase in non-production costs. According to some data, after reading one letter, an employee needs up to 15 minutes to get into a working rhythm. If more than a hundred unwanted messages arrive per day, then their need to view them significantly disrupts current work plans;
• spam facilitates the penetration of malware into the organization, disguised as archives or exploiting vulnerabilities of email clients;
• a large flow of letters passing through the mail server not only degrades its performance, but also leads to a decrease in the available part of the Internet channel and an increase in the cost of paying for this traffic.

Spam can also be used to carry out some types of attacks using social engineering methods, in particular phishing attacks, when the user receives letters disguised as messages from completely legal individuals or organizations, asking them to perform some action - for example, enter a password for their account. bank card.

In connection with all of the above, the email service requires protection without fail and first of all.

Description of the solution

The proposed solution for protecting an enterprise's email system provides:

• protection from computer viruses and other malicious software, distributed via email;
• protection against spam, both arriving to the company by e-mail and distributed over the local network.

Modules can be installed as additional modules of the protection system;

• protection against network attacks on the mail server;
• anti-virus protection of the mail server itself.

Solution Components

The mail service protection system can be implemented in several ways. The choice of the appropriate option is based on:

• accepted company policy information security;
• operating systems, management tools, security systems used in the company;
• budget restrictions.

The right choice allows you not only to build a reliable protection scheme, but also to save a significant amount of money.

As examples, we give the options “Economy” and “Standard”

The “Economy” option is built on the basis operating system Linux and making the most of free products. Composition of the variant:

• anti-virus and anti-spam subsystem based on products from Kaspersky Lab, Dr.Web, Symantec. If your company uses a demilitarized zone, it is recommended to move the mail traffic protection system into it. It should be noted that products designed to work in the demilitarized zone have greater functionality and greater capabilities for detecting spam and attacks than standard ones, which improves network security;
• firewall subsystem based on iptables2 firewall and management tools standard for the Linux operating system;
• attack detection subsystem based on Snort.

Mail server security analysis can be done using Nessus

The solution based on the “Standard” option includes the following subsystems:

• subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
• firewall and attack detection subsystem based on Kerio Firewall or Microsoft ISA.

Mail server security analysis can be done using XSpider

Both options above do not include instant messaging and webmail security modules by default
Both the “Economic” option and the “Standard” option can be implemented on the basis of certified FSB and FSTEC software products, which allows them to be supplied to government agencies and companies with an increased level of security requirements.

Advantages of the proposed solution

• solution provides reliable protection from the penetration of malware and spam;
• Optimal selection of products allows you to implement a protection scheme that takes into account the needs of a specific client.

It should be noted that a full-fledged security system can only function if the company has an information security policy and a number of other documents. In this regard, the Azone IT company offers services not only for the implementation of software products, but also for the development regulatory documents and conducting audits.

More detailed information You can learn about the services provided by contacting the specialists of our company.

The following technologies are used to protect mail servers:

There are two main methods of protecting spam: protecting against the arrival of spam when the mail is received by the server, and separating spam from the rest of the mail after receipt.

Blacklists. IP addresses from which spam is sent are blacklisted.

Gray lists or greylisting. The principle of operation of gray lists is based on spamming tactics. As a rule, spam is sent in very a short time in large quantities from any server. The work of a gray list is to deliberately delay the receipt of letters for some time. In this case, the address and time of forwarding are entered into the gray list database. If the remote computer is a real mail server, then it must store the letter in a queue and resend it within five days. Spambots, as a rule, do not save letters in the queue, so after a short time they stop trying to forward the letter. When resending a letter from the same address, if the required amount of time has passed since the first attempt, the letter is accepted and the address is added to the local white list for a sufficiently long period.

DNSBL (DNS blacklist)– lists of hosts stored using the DNS system. Mail server accesses the DNSBL and checks for the presence of the IP address from which it receives the message. If the address is in this list, then it is not accepted by the server, and a corresponding message is sent to the sender

Message limit. Setting a limit on the number of messages.

Program SpamAssasin(SA) allows you to analyze the contents of an already delivered letter. SpamAssassin comes with large set rules that determine which emails are spam and which are not. Most rules are based on regular expressions, which are matched to the message body or header, but SpamAssassin also uses other techniques. In the SpamAssassin documentation these rules are called "tests".

Each test has some "cost". If the message passes the test, this "cost" is added to the overall score. The value can be positive or negative, positive values ​​are called "spam", negative values ​​are called "ham". The message goes through all the tests and a total score is calculated. The higher the score, the more likely the message is spam.

SpamAssassin has a configurable threshold, above which a letter will be classified as spam. Typically the threshold is such that the letter must meet several criteria; triggering only one test is not enough to exceed the threshold.

The following technologies are used to protect websites from spam:

1. Captcha picture. Those. the user is shown arbitrary text that the user must enter to perform some action.

2. Text captchas– the subscriber must enter the answer to the proposed question to confirm his actions.

3. Interactive captcha– a less common, but very useful type of protection. For example, to confirm actions, the user will be asked to solve an easy puzzle - for example, assemble a picture from three or four parts.