中文版 | News | Archives | Reviews | Forum | $ DealsLinks | History | Contact | Privacy

Microsoft Anti-Spam Strategy (2)
Bluetooth 24 June 2004

 

In the discussions, there is also mentioning of other methods to reduce the amount of SPAM. One of the ways is based on policy and reputation.

What that means is that your mail filter will allow your mails from your organisation to go through as mail systems and filters of those who receive your mail as an indication that your messages are worthy of their users’ attention. This could involve these organisations that are audited and certified to pay a sum of money with a trustee organisation so that they would not violate the policy.

This is like 1st class mail and normal mail. Express lanes and normal routes. Well this might work or might not work but it is just another method to stop spam.

The second point brought up was on the use of CPU cycles of sending spams. The suggestion was to calculate certain hash key taking up CPU cycles per message. With this approach it can deter spammers as it would be too time consuming. Although this can deter spams, it also poses a problem because legitimate mails will take double the time to process the hash.

Another method is to implement something like a Caller-ID so that the receiver of the "call" knows who is sending the email (originate from). Some suggestions were made about sending the sender's IP address instead of mail domain or together as domain spoofing is easier but IP spoofing for email might not be as simple. A caller id mechanism can be achieved in e-mail relatively simply by having administrators of domains publish the Internet addresses of their outgoing e-mail servers in the Domain Name System (DNS) in addition to the incoming e-mail servers that they list there today (the term “domain” refers to the part of an e-mail address that follows the at sign “@”). With such a caller-id, service, emails received should be able to know a mail coming from abc@xyz.com was actually sent from xyz organisation. One thing we note is that this can't solve the problem of a forgery of someone else email addr within the organisation since the outgoing ip would be the same.

Discuss >>>

(C) Copyright 1998-2009 OCWorkbench.com