| |
 |
 |
SPF
Description: Sender Policy Framework
Domains use public records (DNS) to direct requests for different services
(web, email, etc.) to the machines that perform those services.All domains
already publish email (MX) records to tell the world what machines receive
mail for the domain.
SPF works by domains publishing "reverse MX" records to tell the world what
machines send mail from the domain. When receiving a message from a domain,
the recipient can check those records to make sure mail is coming from where
it should be coming from.
With SPF, those "reverse MX" records are easy to publish: one line in DNS is
all it takes.
Read more...
|
 |
DNSBL
Description:
A DNSBL is a DNS (domain name service)-based spam blocking list.
People who run mail servers can usually configure their email server
software to use these lists as rejection or filtering criteria. These lists
contain IP addresses of other servers that you might receive spam from.
There are dozens of such lists available, all built by different criteria,
at every conceivable vector in the sanity spectrum.
You might hear these lists called "RBLs." RBL is a "service mark" claimed by
a spam-blocking company called MAPS (Mail Abuse Prevention System). Their
"MAPS RBL" (Realtime Blackhole List) was the first DNSBL. MAPS is considered
by some to be little more than a footnote in the anti-spam history books,
now that so many robust, and often free, alternatives have appeared.
Read more...
|
 |
WHITELISTING
Description:
When one does greylisting one generally also need to do some
whitelisting. Whitelisting basically means having a list of sender email
servers (IPs) / sender email addresses that are never refused on first
try (as greylisting does). In some cases you might do this because you
trust the mailer and do not want to delay whatever mail it sends to you.
However, and this is the case to note(!); there are misbehaving mailers
(MTAs) out there that will not be able to get a legitimate email through
a greylisting server BECAUSE IT DOES NOT TRY AGAIN LATER (as the RFC
email server standards defines that it has to do)!. Of course you may
say: "f*** them for not adhering to the standards! we do not want mail
from them anyway!", however this is a baaaad solution as 1) you may lose
important mail this way 2) your clients may lose important mail this way
(and they will not appreciate this!). Therefore: Whitelisting is a
_must_ for a production server that uses greylisting. Whitelisting some
IPs/email addresses generally is included with all greylisting
implementations (do not choose an implementation that does not allow you
to define some IPs to whitelist!).
Read more...
|
 |
GREYLISTING
Description:
Greylisting is a way to block spam
based entirely on the behaviour of the sending server; the content of the
message is irrelevant. Greylisting is complementary to other spam filtering
techniques such as blacklisting. At it's simplest, Greylisting looks at the
envelope sender address, the recipient address, and the sending IP address, and
defers delivery if these haven't been seen together before; spammers don't
usually retry.
Read more...
|
 |
BLACKLISTING
Description:
A Blacklist is a database of
known internet addresses (or IP's) used by persons or companies sending spam.
Various ISP's and bandwidth providers subscribe to these blacklist databases in
order to filter out spam sent across their network or to their subscribers.
There are several Internet organizations, possibly most prominently MAPS, who
maintain lists of IP addresses that are known in some way to support spammers
(having open relays, hosting Web sites, distributing marketing spamming
software, etc.). If you operate a mail server, usually there is something in its
configuration (e.g., Sendmail's rulesets) which can consult these lists, called
"blacklists" or "blocklists," in an automated way when receiving a piece of
mail. Usually this takes the form of a DNS lookup of a specially crafted name.
For example, if MAPS discovers there's an open relay at address 10.20.30.40,
they will put an entry for 40.30.20.10.relays.mail-abuse.org in their DNS
servers. When your mail server is receiving mail, it calls the operating system
to ask it what the IP address of the email client is, comes up with 10.20.30.40,
then does a nameserver (DNS) query for the above string. If your mail server
gets an expected response, it throws an error back to the email client, and
refuses to accept the email. If instead it gets back an error (due to no record
being there for example), it assumes the email is coming from an OK source and
proceeds. As a form of even more severe punishment, some of the blacklist
organizations distribute Internet routing information (BGP data) that cause ALL
IP traffic from these networks to be effectively discarded. Effectively, this
forms an Internet "blackhole" (it's unreachable from your network).
Read more...
|
 |
 |
|
|
|
|
