Like spam itself, the market for spam-filtering solutions is constantly growing and changing. A few years ago, simple subject, sender, or IP address filters were sufficient to battle spam. But as the arms race between spammers and the rest of us continues to escalate, collaborative solutions are becoming the top choice for the front lines.
Collaborative solutions depend on the fact that spammers broadcast their messages out to the entire world. If you receive a spam message and share its identifying characteristics with others, they can preemptively filter the message based on your identification. With a sufficient number of reporting stations sharing this type of information, you wind up with good coverage and filtering shared across many mail servers.
One promising new approach is the use of Spam URL Realtime Block Lists (SURBL-- sc.surbl.org ). These lists work by collaboratively tracking URLs included in spam messages. Spam can come from a distressingly wide variety of sources, but to be effective it has to include some way for the recipient to contact the spammer. By flagging as spam messages that contain a particular URL, it's possible to catch spam with a high degree of accuracy. Of course, the SURBL approach isn't perfect: It won't help with spam that lists a phone number rather than a URL. Spammers might also be able to fool the lists by encoding URLs, although that trick will work only until someone reports the encoded version.
Exchange Server doesn't feature much built-in support for collaborative filtering solutions. However, the lack of direct Exchange support is actually a good thing because the field of available solutions is changing so rapidly that any built-in support might soon become outdated. For example, the one collaborative solution that Exchange does support out of the box is Real-time Block Lists (RBLs, aka DNS block lists), which have already lost some of their effectiveness as spammers move toward sending messages from individual "zombie" machines instead of from easily identified IP address ranges. And the market for antispam solutions is so competitive that new and improved third-party products are always readily available. SURBLs are relatively new, and (as far as I know) no Exchange-aware antispam solutions support them--yet. It's a safe bet that competitive vendors will add support soon, but in the meantime, check out the SURBL Web site ( http://www.surbl.org ) to find out more about how the filtering technique works. As with other community or collaborative reporting systems, the more people who participate, the better the system works for everyone involved.
Register
gg66 August 25, 2004 (Article Rating: