Anti-spam techniques

No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) as opposed to not rejecting all spam email (false negatives) – and the associated costs in time, effort, and cost of wrongfully obstructing good mail.

There are a number of techniques that individuals can use to restrict the availability of their email addresses, with the goal of reducing their chance of receiving spam.

A related technique is to display all or part of the email address as an image, or as jumbled text with the order of characters restored using CSS.

A common piece of advice is to not to reply to spam messages[3] as spammers may simply regard responses as confirmation that an email address is valid.

Similarly, many spam messages contain web links or addresses which the user is directed to follow to be removed from the spammer's mailing list – and these should be treated as dangerous.

Such forms, however, are sometimes inconvenient to users, as they are not able to use their preferred email client, risk entering a faulty reply address, and are typically not notified about delivery problems.

Many modern mail programs incorporate web browser functionality, such as the display of HTML, URLs, and images.

It may, however, be useful to avoid some problems if a user opens a spam message: offensive images, obfuscated hyperlinks, being tracked by web bugs, being targeted by JavaScript or attacks upon security vulnerabilities in the HTML renderer.

[7] Unfortunately, it can be difficult to track down the spammer, and while there are some online tools such as SpamCop and Network Abuse Clearinghouse to assist, they are not always accurate.

In general these attempt to reject (or "block"), the majority of spam email outright at the SMTP connection stage.

[10][11][12] While not directly attacking spam, these systems make it much harder to spoof addresses, a common technique of spammers - but also used in phishing, and other types of fraud via email.

Thus, a popular technique since the early 2000s consists of extracting URLs from messages and looking them up in databases such as Spamhaus' Domain Block List (DBL), SURBL, and URIBL.

Greylisting temporarily rejects all messages from unknown senders or mail servers – using the standard 4xx error codes.

HELO/EHLO checking – RFC 5321 says that an SMTP server "MAY verify that the domain name argument in the EHLO command actually corresponds to the IP address of the client.

The nolisting technique is simply the adding of an MX record pointing to a non-existent server as the "primary" (i.e. that with the lowest preference value) – which means that an initial mail contact will always fail.

Spammers who probe systems for open relays and proxies will find such a host and attempt to send mail through it, wasting their time and resources, and potentially, revealing information about themselves and the origin of the spam they are sending to the entity that operates the honeypot.

Such a system may simply discard the spam attempts, submit them to DNSBLs, or store them for analysis by the entity operating the honeypot that may enable identification of the spammer for blocking.

Thus, if a site receives spam advertising "herbal Viagra", the administrator might place this phrase in the filter configuration.

[17] SMTP proxies allow combating spam in real time, combining sender's behavior controls, providing legitimate users immediate feedback, eliminating a need for quarantine.

Statistical filters typically also look at message headers, considering not just the content but also peculiarities of the transport mechanism of the email.

[19] An organization can successfully deploy a tarpit if it is able to define the range of addresses, protocols, and ports for deception.

A malicious person can easily attempt to subscribe another user to a mailing list — to harass them, or to make the company or organisation appear to be spamming.

To prevent this, all modern mailing list management programs (such as GNU Mailman, LISTSERV, Majordomo, and qmail's ezmlm) support "confirmed opt-in" by default.

Firewalls and routers can be programmed to not allow SMTP traffic (TCP port 25) from machines on the network that are not supposed to run Mail Transfer Agents or send email.

Network address translation can be used to intercept all port 25 (SMTP) traffic and direct it to a mail server that enforces rate limiting and egress spam filtering.

[24] By monitoring spam reports from places such as spamcop, AOL's feedback loop, and Network Abuse Clearinghouse, the domain's abuse@ mailbox, etc., ISPs can often learn of problems before they seriously damage the ISP's reputation and have their mail servers blacklisted.

Control may be enforced on SMTP servers to ensure senders can only use their correct email address in the FROM field of outgoing messages.

Increasingly, anti-spam efforts have led to co-ordination between law enforcement, researchers, major consumer financial service companies and Internet service providers in monitoring and tracking email spam, identity theft and phishing activities and gathering evidence for criminal cases.

[26] Analysis of the sites being spamvertised by a given piece of spam can often be followed up with domain registrars with good results.

Anti-spam activist Daniel Balsam attempts to make spamming less profitable by bringing lawsuits against spammers.