Authentication – “Are you real?”
Normally sender won’t be sending thousands of emails per day, therefore authentication or challenge method won’t be hindering their flow of production. But for spammer sending bulk mails in thousands, this method would definitely slow down their rate of successful sending and most spammer don’t even provide a valid return address!
The most common form of authentication method is as the method itself called “Self Authenticate”. This method is effective and would have zero or little false positive.
Example would be, Calvin sent Philip a email. Philip’s Anti spam appliance hold on to the email and sent a authentication mail back to Calvin asking him to verify his “Sending”. Once Calvin had verified by a return mail, his email address will be automatically added to the “Permitted sender” list and no further authentication mail will be send to him in future. The questions are “What happen if he didn’t reply the mail? Or if Calvin Anti spam appliance after receiving the Challenge mail from Philip’s Anti spam appliance sent the same challenge back to Philip? Normally for anti spam appliance with self authentication features, would parked these mail that was unauthenticated in various places. These could include “Certainly Spam”, “Probably Spam” or “Maybe Spam”. Depending on the features and functions used by the anti spam appliances, various different scenarios could happen here. Therefore for user choosing self authentication as their spam fighting tool, it is important to know and understand the nature and behaviour of the anti spam appliance against un-authenticated mails.
Greylisting is another form of challenge that is popular in many anti spam appliance. Unlike Self authentication that required user intervention, what is does is that it rejected the mail with a "450 temporary rejection". Most servers will try again after receiving the error. But for spammer that send thousands of mails a day would not do so. Therefore it greatly cut down the numbers of spam in the process.
Such methods would help in prevent spam but can never stop spam completely. Self authentication or Greylisting method can be an additional form of load for the appliance as well. Therefore when considering usage of this method, we have to take into the consideration of the numbers of users and load of the mails.
End of Part 3
Subscribe to:
Post Comments (Atom)
Posts
1 comment:
Really excellent article about email spam and secutity
Post a Comment