Friday, September 21, 2007

SPAM Prevention Methods Explained

There are many ways to fight SPAM. The most widely used methods are Rule Based and Challenge-Response. A quick and concise overview of these two methods follows.

However, for those impatient readers, I'm guilty of this as well, the bottom line is that I am partial to the Challenge-Response method of SPAM prevention and strongly recommend the completely FREE software offered by The Spam Research Center. I have evaluated many different anti-SPAM programs, both free and paid, and I can honestly say that their software will not only stop close to 100% of SPAM, but it will also save you time and frustration.

Rule Based Systems

As the name infers, these methods use "rules" to determine what is and what is not SPAM. They generally look for specific keywords or content in the email. They may also use special algorithms or a distributed "community" approach where SPAM examples are sent in by users (the community) to central servers. The "community" can then use this ever-growing database to detect and block SPAM. However, because the "rule" databases are in a constant state of change in an attempt to keep up with or stay one step ahead of the "spammers", there is always the chance that valid emails will be mistaken as SPAM. In an attempt to avoid this situation, the emails are usually "tagged" as SPAM by adding a specific keyword to the email header, subject line or some other field. These keywords can then be included in email client (Outlook Express etc.) rules so that the questionable emails can be appropriately routed to special email folders for later inspection or deleted. Unfortunately, an additional burden is then put on the user to monitor "spam" email folders for falsely "tagged" emails. Although many of these Rule Based methods do reduce SPAM, the necessity of updating "rule" databases, the ever present possibility of valid emails being detected as SPAM and the time consuming need to review "spam" folder(s) makes these methods less than desireable.

Challenge-Response Systems

Although there is no perfect solution for eliminating SPAM, Challenge-Response methods have become increasingly popular. These methods are extremely simple and only require you to maintain a "white list" and a "black list". When an email is received from someone on your "white list", it is delivered. When an email is received from someone on your "black list", it is rejected and deleted. When an email is received from someone on neither of your lists, a simple "challenge" reply email is sent to them. When the unknown sender replies appropriately to the "challenge" message, they are added to your "white list" and their original and any future emails are delivered to your INBOX. The reason this method works so effectively is that "spammers" usually do not supply valid return email addresses and, if they do, there is usually a "robot" that sent the SPAM and it will not respond to your "challenge" message.


Both Rule Based and Challenge-Response methods have their PROS and CONS. However, taking everything into consideration, I feel that the Challenge-Response method is the best to date. With that said, I DO NOT feel that all implementations of this method are equal. Some Challenge-Repsonse software has the same shortcomings as those implementing the Rule Based method - "spam" folders to maintain and false positives.

I have evaluated many anti-SPAM solutions and can honestly say that I feel that Spam Research Center has the best challenge-response anti-SPAM software available today! This software has been thoughtfully designed and thoroughly tested to provide you with close to 100% SPAM protection without false positives. Better yet, the software is completely free!

I would be very interested to hear about any other free products that people have used with great success.

1 comment:

Anonymous said...

Can't spammers just use auto-responders to defeat challenge/response?