An email service must be reliable, convenient, and above all
secure. Email recipients rely on their
email services to protect them from spam, viruses, forgery, identity theft, and even more serious crimes. We have gathered what we think are the
best open-source programs to provide a secure setup. There
are three basic components to this security – blocking a Denial of Service
(DoS) attack, checking the identity and reputation of an unknown sender, and
filtering messages from senders whose reputation is unknown.
Check ID: Reputable Senders have less than 1 spam in: 100
emails Filter Thresholds: – IP Blacklist: - - - - - Moderate – Spam if greater
than: 75 – Ham if less
than: 50 Filter – spam:
score > 75, ham: score < 50
Default Settings
The Block DoS gate
uses a blacklist of IP addresses that are currently being heavily abused. There are many IP blacklist services
available. Each is a tradeoff between
blocking addresses that are used for spamming and not blocking legitimate
mail. We have chosen a list on the
conservative end, since it is intended to block only the most voluminous
sources of spam, not provide a complete anti-spam solution. Reaction time is important also, since DoS
attacks usually start very suddenly.
The Check ID gate determines the identity and reputation of the sender. A query to the Registry of Public Email Senders provides information on most legitimate senders, including what methods the sender offers to authenticate their Identity, and ratings of that sender by various Rating Services. Rejection of forgeries is based on the policy of the ID owner, using the ID owner's authentication records. Thus no rejection of legitimate mail (except a very few at the Block DoS stage) will occur based on the Receiver's policy.
Acceptance of all mail
from Reputable Senders is based on a threshold set by each Recipient. Spam haters can set the threshold high, and
very few senders will qualify.
Recipeints that need the utmost reliability in delivery of mail
addressed to them will set a lower threshold, and tolerate a higher level of
spam. Any mail from senders that don't
authenticate, or that don't have an acceptable reputation, will go to the Spam
Filter.
The Spam Filter uses a variety of methods to sort the remaining mail into three categories. These methods may include more aggressive IP blacklists, heuristic rules that identify common characteristics of spam, and statistical analysis of the message content. Recipient options control which blacklists are selected, and what thresholds are set for the three categories.
Modern spam filters do a good job of classifying most messages as clearly spam or clearly ham, so there are usually few messages in the Unsure category. The default is to accept the message if its spam score is less than 50, and send it to the spam bucket if greater than 75. This sets a wide margin for false rejects. Most recipients will reduce this margin after they gain some confidence that they are not seeing many false rejects with a score as high as 75.
A Recipient who prefers to use the spam filter that comes with his own email program, can set the ham threshold to 100 and bypass the shared filter above. A filter with individual training is likely to be more accurate, particularly for recipients who have "spammy" words in their normal email.
DMQ 01/07/06