IBM AH0QXML User Guide - Page 20

Spam avoidance techniques, 2.1.1 Passive harvesting attacks

Get IBM AH0QXML - Lotus Domino Messaging PDF manuals and user guides View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

users to not receive spam is to have them avoid having their e-mail addresses added to a spammer's list in the first place. We discuss how spammers usually accumulate these e-mail addresses and how you can help your users protect theirs. 2.1 Spam avoidance techniques From a server point of view, the most efficient way to handle spam is not to have it delivered in the first place. This is why, as a Domino server administrator, it is in your best interest to help inform your users about how to avoid getting on spam lists in the first place. If they do this effectively it can save time administering spam rejection tools. Most users, when confronted with spam, will not understand why they are getting it. Some users definitely get more spam than others, though, so we know that there is some user behavior that correlates to the amount of spam that they will receive. The best way to understand the behavior to avoid is to look at how most spammers get e-mail addresses in the first place. 2.1.1 Passive harvesting attacks In this section we introduce some passive harvesting techniques that spammers use to obtain e-mail addresses. To learn about how to protect your Domino 6 server from harvesting attacks, see 4.5, "Protecting your Domino server from active address harvesting attacks" on page 62. Web harvesting Spammer Web robots or "bots" operate like Web search engine bots, except they look specifically for [email protected] patterns in the Web page text. When an e-mail address pattern is found they store it with other e-mail addresses for use in bulk mailing. You can defend against spammer Web-bots by obfuscating mail addresses when they are placed on Web pages. The best option for defense is placing e-mail addresses into graphics. Alternatively, you can hide them inside javascript, or simply provide human-recognizable alterations to the address that make it invalid for e-mailing, or make it more difficult for the Web-bot to recognize any e-mail address pattern. Usenet harvesting Spammer news-bots use a concept similar to that used by Web search engine bots. Spammers can subscribe to any usenet group. Then after downloading posts from a usenet group, the news-bots look for [email protected] patterns in posted message content and headers. When an e-mail address pattern is found 8 Lotus Domino 6 spam Survival Guide for IBM eServer

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
8
Lotus Domino 6 spam Survival Guide for IBM eServer
users to not receive spam is to have them avoid having their e-mail addresses
added to a spammer
s list in the first place. We discuss how spammers usually
accumulate these e-mail addresses and how you can help your users protect
theirs.
2.1
Spam avoidance techniques
From a server point of view, the most efficient way to handle spam is not to have
it delivered in the first place. This is why, as a Domino server administrator, it is in
your best interest to help inform your users about how to avoid getting on spam
lists in the first place. If they do this effectively it can save time administering
spam rejection tools.
Most users, when confronted with spam, will not understand why they are getting
it. Some users definitely get more spam than others, though, so we know that
there is some user behavior that correlates to the amount of spam that they will
receive. The best way to understand the behavior to avoid is to look at how most
spammers get e-mail addresses in the first place.
2.1.1
Passive harvesting attacks
In this section we introduce some passive harvesting techniques that spammers
use to obtain e-mail addresses. To learn about how to protect your Domino 6
server from harvesting attacks, see 4.5,
Protecting your Domino server from
active address harvesting attacks
on page 62.
Web harvesting
Spammer Web robots or
bots
operate like Web search engine bots, except they
look specifically for [email protected] patterns in the Web page text. When an
e-mail address pattern is found they store it with other e-mail addresses for use
in bulk mailing. You can defend against spammer Web-bots by obfuscating mail
addresses when they are placed on Web pages. The best option for defense is
placing e-mail addresses into graphics. Alternatively, you can hide them inside
javascript, or simply provide human-recognizable alterations to the address that
make it invalid for e-mailing, or make it more difficult for the Web-bot to recognize
any e-mail address pattern.
Usenet harvesting
Spammer news-bots use a concept similar to that used by Web search engine
bots. Spammers can subscribe to any usenet group. Then after downloading
posts from a usenet group, the news-bots look for [email protected] patterns in
posted message content and headers. When an e-mail address pattern is found