6 Ways Spam Filters Block Out Unwanted Messages Before Ever Reading Them

With spam growing at such an alarming rate, blocking it can be a very resource-intensive undertaking. In order deal with this threat efficiently, spam-protection companies have developed a number of tools for filtering out obnoxious or malicious email messages before they’ve even had a chance to pass through the network.

Whitelisting and Blacklisting

A whitelist is simply a list of senders that has been pre-authorized by you. If you work in an environment where security and confidentiality are important, you might want to prevent internal employees from receiving messages from people outside of the company.

A blacklist is the opposite of a whitelist, where you maintain a listing of IP addresses and email addresses   of known offenders.

The problem with these 2 approaches is that the lists need to be managed by hand. Also, they must be continually updated as new spammers emerge, and old spammers change their tactics.

Sender Policy Framework Checking (SPF)

http://www.openspf.org/ manages a list of email servers, and the IP addresses which are permitted to send email for those domains. This helps prevent email “spoofing”, which used to be a major flaw in the SMTP protocol. When an email header is received, its sender domain and IP address can be compared to a database to see if there is a match. If not, the message is blocked before it’s ever received.

Header Syntax Checking

This is one of the simplest spam check methods, but it’s also one of the most effective. It simply consists of checking the syntax of the incoming SMTP RCPT commands string. Poor syntax is suspicious, since professional mail server hosts adhere to very strict guidelines. On the other hand, spammers are generally much sloppier.

Reverse DNS Checking

The IP address can be checked against the DNS to see if it’s coming from a dial-up account or home computer. A professional email server would never do this, and the TOS of most ISPs forbid use hosting of servers on a consumer home connection.

Bounce Tag Address Validation

Have you ever mistyped an email address and had it bounced back? Well, some spammers will try to trick you into thinking that you’ve sent a bounced message. The way to protect against this trick is to insert a secret code in the header of every email you send out. If a “bounced” message comes back without this code in the header, you know it’s a fake.

Message Deferring

When a new message is coming in, the recipient will send a defer command to the sending server. This is a bit like saying “We’re busy right now. Please try again in 5 minutes.” When the message gets sent again the second time, that mail server passes the test. Spam bots are not likely to try re-sending the message as requested like a legitimate server would.

These are just a few basic ways that unwanted messages can be deflected before ever being received by your mail server. After that, you can begin a more advanced spam-detection process.