Hyperlink: Security: E-Mail
Meta-Reference on Information Technology

E-Mail Security

Spam - Unsolicited Junk E-mail

The two most common definitions of spam are "Unsolicited Bulk Email" and "Unsolicited Junk Email", mostly with commercial purpouse. The spam practice is basically tied to three factors: illegal and indiscriminated obtention of email addresses to create mailing lists; large scale (bulk) distribution of unsolicited email messages (for marketing, promotion, fraud etc.); and use of open mail relays for bulk email distribution.

Open mail relays are SMTP servers that permit third-party relay. These servers permit spammers to connect to them from anywhere in the world, usually from a modem connection, and then forward the spam to its intended victims.

• Antispam.br [In Portuguese]
  Antispam.br is an information portal maintained by the Brazilian Internet Management Committee (CGI.br) at its NIC.br, and constitutes a reference source on spam, unbiased and technically sustained.
• Spam (electronic)
  From Wikipedia, the free encyclopedia.
  E-mail spam. Category: Spamming.
• Movimento Anti-Spam Brasileiro - Brazil
  Also as antispam.org.br.
  Suggested Blocking List of spam covering Brazil, to filters for SMTP servers, based on reverse domains from brazilian ISPs, on dial-up (modem) and broadband (xDSL/cable) access services.
  Blocking Techniques: Blocking rules for Sendmail 8.8.x, CISCO Router, Cyclades Router, MS Exchange Mail Server.
• Network Abuse Clearinghouse - Abuse.net
  The Network Abuse Clearinghouse is intended to help the Internet community to report and control network abuse and abusive users.
  Resources: Abuse.net Contact Database has contact addresses for over 69,000 domains. Listing of semi-automated abuse reporting tools. Reviews of books about network management and spam fighting. The spam tools mailing list.
  Fight Spam on the Internet! - spam.abuse.net.
  Overview Information About SPAM
  What is spam? Why is it bad? What other nasty things have spammers done? Should I hit "remove"? What are some things not to do? FAQ. Help for Users, Help for Sysadmins, Help for Marketers.
  Abuse.net Mail relay testing service.
• Net Abuse FAQ
  Collection of email abuse FAQs, at FAQs.org.
  • Net Abuse FAQ (news.admin.net-abuse FAQ)
  • The Email Abuse FAQ
  • How do spammers get people's email addresses
  • Address Munging FAQ: "Spam-Blocking" Your Email Address
  • Figuring out fake E-Mail & Posts (alt.syntax.tactical FAQ)
  • Scams and Hoaxes FAQ: Messages you DON'T want to post
  • Teergrubing FAQ
  • Dealing with Trolls Crossposting and Flames
• spamfaq.net
  Home of the FAQ for the newsgroup news.admin.net-abuse.email. These documents aims to answer all your questions about Unsolicited Bulk Email, also known as spam.
• Paul Graham's Anti-Spam
  Articles and resources for spam filtering.
  
  • A Plan for Spam, August 2002
    This was the first article describing the spam-filtering techniques used in the new spamproof web-based mail reader Paul Graham built to exercise Arc. and which served as base for most Bayesian Filtering anti-spam software.
  • Better Bayesian Filtering, January 2003
    This article was given as a talk at the 2003 Spam Conference. It describes the work done to improve the performance of the algorithm described in A Plan for Spam, and what Paul plans to do in the future.
• Spamotomy
  "Cutting junk email out of your life". Anti-spam tool reviews: desktop/client software, server software and hardware.
• SpamCon Foundation
  The SpamCon Foundation protects email as a viable communication and commerce medium by supporting measures to reduce the amount of unsolicited email that crosses private networks, while ensuring that valid email reaches its destination.
• CAN-SPAM Act of 2003, U.S.A.
  From Wikipedia, the free encyclopedia.
  The CAN-SPAM Act of 2003 (15 U.S.C. 7701, et seq., Public Law No. 108-187, was S.877 of the 108th Congress), signed into law by President Bush on December 16, 2003, establishes the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions. The acronym CAN-SPAM derives from the bill's full name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. The abbreviation is a homonym since the verb can may allude either "to put away" or "is able to".
• Controlling unsolicited bulk e-mail - Who's taking action? What's being done?
  Artigo da revista SunWorld, por Barry D, boa introdução ao assunto.
• CAUCE: Coalition Against Unsolicited Commercial Email - Join the Fight Against Spam!
  Other Resources.
  EuroCAUCE: The European Coalition Against Unsolicited Commercial Email.
• The SPAM-L Mailing List
  SPAM-L is a LISTSERV mailing list created on August 1995 and is dedicated to "Spam prevention and Discussion".
• Fighting Spam
  By Jeff Makey. Current Blacklist Comparison.
• Junk Busters
  The mission of JunkBusters is to free the world from junk communications. Besides Junk E-mail, Junk Busters also covers Telemarketing Calls, Junk Mail, Data About You, Web Ads.
• CAS - Collectif Anti Spam [In French]
• Get that spammer!
  A tool for tracking down junk e-mailers, junk news posters and their internet service providers.
  Original location.
• Spam Filters
  Spam Filters, article and review by Sam Holden, 23/Aug/2003, Freshmeat.net.
• ii.com: IMAP Service Providers
  IMAP Service Providers: A Step in Dealing with Viruses, Spam, and Email Overload. Article by Nancy McGough, Infinite Ink, 02/Apr/2002, updated 05/Sep/2003.
• Spam Calculator
  Calculate the cost of spam for your organization. By Trend Micro Spam Prevention Service.
• RompeCadenas [En Español]
  "Quebra-Correntes". Site argentino de informação sobre tudo sobre os boatos, spam, vírus e outras ofensas que nos chegam por e-mail.
• ICQ Inc. - Security and Privacy - Anti Spam
  Informações sobre as ferramentas de proteção contra Spam integradas no ICQ.
• Responsible Electronic Communication Alliance (RECA)
• Foiling Spam with an Email Password System
  By Prof. Timo Salmi. See also Timo's procmail tips and recipes: How do I automatically return certain email messages.
• Google Directory: Internet Abuse: Spam

Spam Black-Lists

• Open RBL
  Multi DNS-based Black Lists (DNSBL) Lookup.
• drbcheck: dr. Jørgen Mash's DNS database list checker
  By dr. Jørgen Mash (moensted). SPAM links.
• List of All Known DNS-based Spam Databases
  By Declude - JunkMail. IP/DNS-based (DNSBL) Spam Databases, Domain Based (RHSBL) Spam Databases, Other Spam Databases.
• Trend Micro RBL+ Service
  Formerly MAPS - Mail Abuse Prevention System. MAPS was founded in late 1996 as a non-profit organization whose mission was to defend the Internet's e-mail system from abuse by spammers, pioneering in the development of anti-spam technology and network policies. In 2000, after four years of operating as a non-profit organization, MAPS started to charge for their great services as a profitable company based in San Jose, California. In June of 2005, Trend Micro acquired Kelkea, Inc. the parent company of MAPS. The RBL+ service is now offered under the Trend Micro brand, but will still be held to the same high standards as always by the MAPS Threat Analysis team, which now is part of the Trend Micro Threat Prevention Network.
  Anti-Relay: MAPS Library - How to secure your mail system against third-party relay, covering a wide list of mailer server software.
  Lookup Tools for MAPS lists: RBL, DUL, RSS, OPS, NML.
  MAPS Services and initiatives - Message Defense Services:
  
  • MAPS RBL - Realtime Blackhole List
  • MAPS RSS - Relay Spam Stopper. Query the MAPS RSS database.
  • MAPS DUL - Dialup Users List
  • MAPS TSI - Transport Security Initiative
  • MAPS VTF - Volunteer Task Force
  • stop.mail-abuse.org: Filtered Forwarding Service (SSL-capable browser required)
  • MAPS PAS - Policy Administration Services
  • Alliance for Spam Free Networks (ASFN)
• CBL - Composite Blocking List
  The CBL takes its source data from very large spamtraps, and only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, without doing open proxy tests of any kind.
  CBL IP Address Lookup.
• PSBL - Passive Spam Block List
  An easy-on, easy-off blacklist that doesn't rely on testing and should reduce false positives because any user can remove their ISP's mail server from the list. The idea is that 99% of the hosts that send spam never send me legitimate email, but that people whose mail server was used by spammers should still be able to send me email. To achieve this I simply add any host that spams the spamtraps of the many domains I'm running to the blacklist, but allow anybody to remove the host from the list. PSBL is powered by Spamikaze software.
• SpamCop
  SpamCop é um serviço gratuito para ajudar a punir spammers por enviar e-mail indevido a você.
• Spamhaus Block List (SBL)
  The SBL is a realtime database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams. The SBL is queriable in realtime by mail systems thoughout the Internet.
• Vipul's Razor
  Spam detection and filtering network. By Vipul Ved Prakash.
• OsiruSoft's Open Relay Spam Stopper
  OsiruSoft's DNSBL database check.
• ORBL - Projeto Open Relay Black List
  ORBL Project was deactivated on June 20, 2004, because it ran out of funds.
  The ORBL Project, first MAPS - Mail Abuse Prevention System of Brazil, is essentially a database storing IP (Internet Protocol) addresses of poorly configured e-mail servers (OPEN RELAYs), which are, or could be, used for sending of unauthorized e-mail messages (SPAM), junk, commercial marketing, frauds and hoaxes, or proliferation of viruses, trojans and other threats. The ORBL was created by a brazilian Computer Science student and launched on April 2003, based on the ORDB.org Project. The fighting against spam has three primary bases: information, denounce and prevention.
• Google Directory: Spam Blacklists

Phishing Scam - Internet Frauds

• Anti-Phishing Working Group (APWG)
  Phishing Archive, Resources, Membership, News.
  Consumer Advice: How to Avoid Phishing Scams.
• US-CERT - Report Phishing
  US-CERT is collecting phishing email messages and web site locations so that we can help people avoid becoming victims of phishing scams. You can report phishing to the US-CERT by sending email to .
• Fraud surveys and statistics
  Australian Institute of Criminology, Australian Government.

Software Anti-Spam for Users and E-mail Clients

• Ferramentas Anti-Spam para o usuário final em plataformas Windows [In Portuguese]
  Article and review by Jacomo Dimmit Boca Piccolini and Renata Cicilini Teixeira, Security Incidents Response Center (CAIS), National Education and Research Network (RNP) - Brazil. Published on RNP NewsGeneration Newsletter, August 26, 2003, volume 7, edition #4.
• Spamotomy: Anti-spam Tools Search
  User and technical reviews of Desktop/Client Anti-spam Software. By Spamotomy.
• K9 - Robin Keir's Email Spam Filtering
  K9 is an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time. K9 learns from its mistakes and becomes better and better at being able to identify spam. More importantly it learns to recognize what you consider to be spam.
  K9 is freeware, written by Robin Keir. K9 is for standard POP3 email accounts only. It does not directly support Hotmail, AOL or any other kind of webmail type systems, nor does it support SSL or secure authentication as used ny MSN.
• MailWasher Free
  MailWasher is a powerful email checker with effective spam elimination. A safe way to stop unwanted viruses and emails before they get to your computer. It can bounce and delete unwanted emails, automatically checks SPAM blocking databases/lists. MailWasher runs on Win95/NT4 or greater, supports POP3, IMAP, Hotmail, MSN, AOL/Netscape. The free version enables only one e-mail account.
• MailWasher Pro
  Enhanced, commercial version of MailWasher, by Firetrust.
• SpamPal for Windows
  SpamPal is a mail classification program that can help separate your spam from the mail you really want to read. SpamPal is free software, by James Farmer.
• EmC - Email Control
  EmC - email anti-spam and anti-virus for Win95/98/ME/2000/NT/XP. In English and Portuguese.
  EmC 5.0.
• Save My Modem
  SaveMyModem is a anti-spam, mail-shaper, delete-on-server software. Open source software licensed under GPL.
  Features: portable (runs natively on Linux and Windows), plugin architecture (other mail filters/mail protocols can be easily added), complex rules with logic operators and extended regular expressions match, black list check for spammers, interactive mode (to test and improve your rules) and batch mode (if you trust your rules), UIDL database (avoid dupicates), APOP (secure pop3 authentication), configurable bandwidth usage (how many lines/bytes to download and check), bounce message option (simulate your mailbox is unavailable), multi-threaded (handles slow DNS/POP3 servers).
  SourceForge project: savemymodem.
• POPFile
  POPFile is an automatic mail classification tool. It's free, open source, multi-platform and very cool. Languages: English, Norsk, Deutsch, Português do Brasil, Français, Dansk, Español, Korean, Japanese.
  Once properly set up and trained, POPFile will work in the background of your computer, scanning mail as it arrives and filing it however you wish. You can give it a simple job, like separating out junk e-mail, or a complicated one - like filing mail into a dozen folders. Think of it as a personal assistant for your inbox.
  POPFile is a Naïve Bayesian email proxy (not an email client) classifier, created by John Graham-Cumming. It was inspired by another project called Ifile. POPFile is written in Perl, so it is multi-platform as Perl also is. POPFile currently works with POP3 protocol, but IMAP support is under discussion. POPFile is free software, licensed under the GNU General Public License (GPL).
  POPFile Documentation - Manual (English). POPFile Documentation Project: User Information - HOWTOs, Frequently Asked Questions (FAQ), Troubleshooting, Glossary; Advanced usage - Option Reference, Extensions, Experimental, Utility Scripts.
  Forums for POPFile: Help, HOWTO, Documentation, Source Code, UI, Extension, Spam, Open Discussion.
  POPFile FAQ. POPFile Download - Windows installation e cross-platafrm.
  SourceForge Project: POPFile.
• MailGate SpamWeasel
  Features: Easy to install, Powerful rules, Highly configurable, Archive viewing, Mail management, Free of charge.
• Mozilla Spam Filtering
  As of early in the Mozilla 1.3 development cycle, Mozilla Mail now has basic junk-mail classification capabilities. The infrastructure is being written with the idea of one day being able to have and use multiple mail filtering plugins. For the moment, however, only one is currently supported, and it does Bayesian classification as described in Paul Graham's A Plan for Spam.
• TUCOWS E-Mail Anti-Spam Software
• Freeware Anti-Spam Tools & Shareware Anti-Spam Tools
  By WebAttack.com Internet software collection.

Software for E-mail Gateways and Servers

Spam blocking and anti-virus e-mail scanners.

• SpamAssassin
  Apache SpamAssassin Project, formerly spamassassin.org.
  SpamAssassin is a rule-based mail filter to identify "spam", also known as unsolicited commercial email. It uses a wide range of heuristic tests on mail mail headers and body text to identify spam, as well as blacklists and Razor spam databases.
  The distribution provides a command line tool (spamassassin) to perform filtering, along with a set of Perl modules (Mail::SpamAssassin) which implement a Mail::Audit plugin, allowing SpamAssassin to be used in a mail filter, or in a spam-protection proxy POP/IMAP server. SpamAssassin is free software, open source distributed under Perl's Artistic license, also available at CPAN. Requires Perl (5.6 or greater recommended).
  
  • SpamAssassin Configuration Generator
    Web tool designed to make it easier to customize an installation of SpamAssassin with some common options, by Michael Moncur. After you answer a set if questions, a SpamAssassin configuration file matching your choices will be displayed, and you can download it and use it with your SpamAssassin installation.
• Spamikaze
  Spamikaze is an automated spam blocklist system, designed to: block spam at the SMTP level; reduce false positives; work with existing mail servers; make sending spam as annoying as receiving spam. Unlike some other spam blocking systems, Spamikaze does no tests for open relay or open proxy vulnerabilities at all. Instead, Spamikaze simply lists the IP addresses that have sent spam and allows anybody to remove IP addresses from the list. Spamikaze is free software.
• MailScanner
  MailScanner (original home) is a complete e-mail security system designed for use on e-mail gateways. It protects against viruses, and detects attacks against e-mail client packages (such as Outlook, Outlook Express, Eudora). It can also detect almost all unsolicited commercial e-mail (spam) passing through it and respond to all incidents in a wide variety of ways. To achieve a high level of trust, MailScanner is open source, distributed for free under the GNU Public Licence (GPL).
  MailScanner can also protect against unknown viruses hidden inside e-mail attachments by refusing attachments whose filenames match any given pattern (example: refuse any file with ".txt.vbs" extension). Attachments containing viruses can be automatically disinfected, if possible. MailScanner is easy to install into an existing e-mail gateway, requiring very little knowledge of sendmail and no change to an existing sendmail configuration. MailScanner itself is entirely open source and it is superior to many commercial packages, but it uses widely known commercial virus scanning packages at its core. Based on sendmail or Exim e-mail service, compatible with 8 commercial file-based virus scanners (auto-update for McAfee and Sophos also supported), but it can be easily adapted to use any other file-based virus scanner.
• Inflex
  By Paul L Daniels, owner of PLDaniels/PLD.
  Inflex is an Open Source solution to scanning emails which are passing through your server, both incoming (local) and outbound. Inflex give to you the ability to block or pass email based on any set of tests you choose, varying from virus scans to email text content rules. GNU General Public License (GPL).
  Inflex General discussion list. FreshMeat.net Open Source Projects: Inflex.
  Inflex Electronic Mail Scanning System site: Inflex.
  
  • XaMime - Commercial Inglex
    Unix Email content control system. By Paul L Daniels.
• PureMessage
  PureMessage (formerly PerlMx) is a complete email filtering system for spam protection, virus protection, and corporate policy enforcement, at the gateway level. Anti-virus protection from McAfee Security, Web-based Admin, Extensible Interface (API). For Linux x86, Solaris, HP-UX, FreeBSD.
• Spam Hippo
  Free Spam Removal Software for News Servers.
  Written by Kachun Lee for PathLink Technology Corporation.
• SpamBouncer
  A Procmail based spam filter. Free software by Catherine A. Hampton.
• MIMEDefang
  MIMEDefang is a framework for filtering e-mail. It uses Sendmail's "Milter" API, some C glue code, and some Perl code to let you write high-performance mail filters in Perl. People use MIMEDefang to: Block viruses, Block or tag spam, Remove HTML mail parts, Add boilerplate disclaimers to outgoing mail, Remove or alter attachments, Implement sophisticated access controls. You're limited only by your imagination. If you can think of it and code it in Perl, you can do it with MIMEDefang.
  MIMEDefang Discussion List.
• Armour GateSecure
  ByExtol Corp.
• AMaViS - A Mail Virus Scanner
• Antivirus -- a Sendmail Milter
  By William Colburn. Requires Sendmail 8.12.2 or later, ripmime (free), Mcafee Virusscan for UNIX (commercial).
  Milter Slash Site.
• Qmail-Scanner: Content Scanner for Qmail
  Qmail-Scanner (also known as scan4virus) is a content scanner: an addon that enables a Qmail Email server to scan all gatewayed Email for certain contents. It is typically used for its anti-virus protection functions (used in conjunction with commercial virus scanners), but also enables scanning by message headers and text string patterns, and attachment filenames or types. This software is open source released under the GPL.
• LinuxLinks: Internet Mail Utilities

SPF - Sender Policy Framework & SRS - Sender Rewriting Scheme

• SMTP+SPF: Sender Policy Framework
  SPF is Sender Policy Framework (formerly known as Sender Permitted From), the Anti-Forgery solution that's making the world a safer place for email. SPF fights email address forgery and makes it easier to identify spams, worms, and viruses. Domain owners identify sending mail servers in DNS. SMTP receivers verify the envelope sender address against this information, and can distinguish legitimate mail from spam before any message data is transmitted.
  SRS: Sender Rewriting Scheme: SPF breaks email forwarding, requiring mail forwarding MTAs to rewrite the sender address. SRS is how to fix it.
• SPF Tools at spfTools.net
  Site FAQs, Test Records, Create Records SPF Adoption Roll & Validator, Email Header Checker, SPF Wiki.
  Alternative address: spftools.infinitepenguins.net.
• Sender Policy Framework
  From Wikipedia, the free encyclopedia.
• Sender Policy Framework (SPF) - A Convention to Describe Hosts Authorized to Send SMTP Traffic
  IETF Internet-Draft by Mark Lentczner and Meng Weng Wong, May 2004.
• SPF/FROM-HDR - Determining sender policy for the From: header
  IETF Internet-Draft by Mark Lentczner, Wayne Schlitt and Meng Weng Wong, July 2004.
• libspf2
  libsrs2 is the next generation SRS library from the original designer of SRS. It implements the Sender Rewriting Scheme, a part of the SPF/SRS protocol pair. By Wayne Schlitt, Shevek.
  libspf2 implements the Sender Policy Framework (SPF).
• Mail::SRS
  Perl module by Shevek. Search CPAN - Mail::SRS.
• [SPF] Sender Policy Framework at Midwestcs
  SPF Test Suite, LibSPF-alt SPF implementation.
• libspf.org - The Original ANSI C SPF Reference Library
• PySPF: Python implementation of SPF
• SRS-socketmap
  SRS integration with sendmail, by Mark.
• SPF implementation for qmail
• Mis experiencias con SPF (Sender Policy Framework)
  By Jesús Cea Avión.

Anti-Virus Gateway Info

• Mini-FAQ: "antivirus software for Linux/Unix"
  Maintainer: Rainer Link, OpenAntiVirus Project.
• Anti-Virus / Anti-Spam Gateway Products (PDF)
• Anti-Virus Protection: Gateway vs. Host-Based Methods (PDF)
• Stopping Viruses at a Unix Mail Gateway
  By Thomas A. Heinrichs, SANS Institute, August 20, 2001.