IBM AH0QXML User Guide - Page 79

Chapter 5. Using mail file rules to prevent spam

67

Reply-To: [email protected]

From: [email protected]

/*

FROM: field

*/

Received: from yahoo.ca by RTKVQCG94P7.yahoo.ca

/*

This is the host that sent the message.

*/

with SMTP for [email protected]; Wed, 06 Nov 2002 13:32:33 -0500

X-MIMETrack: Itemize by SMTP Server on A3MAIL/CAM/H/Lotus(Release 6.0|September 26, 2002) at

11/06/2002 01:30:18 PM,

Serialize by Router on A3MAIL/CAM/H/Lotus(Release 6.0|September 26, 2002) at

11/06/2002 01:30:21 PM,

Serialize complete at 11/06/2002 01:30:21 PM,

Itemize by SMTP Server on CAMMAIL01/CAM/M/Lotus(Release 6.0|September 26, 2002) at

11/06/2002 13:30:20,

Serialize by Notes Client on Beth Anne Collopy/North Reading/IBM(Release

6.0|September 26, 2002) at 11/20/2002 05:30:46 PM,

Serialize complete at 11/20/2002 05:30:46 PM

Bcc:Beth_Anne_Collopy/North_Reading/IBM%LOTUS

/*

The message is also sent to Beth Anne Collopy

*/

Content-Transfer-Encoding: quoted-printable

Content-Type: text/plain; charset=iso-8859-1

/* Most of the content of the e-mail message has been omitted, we left the last paragraph in,

as it demonstrates how the spammer is trying to act as a legitimate party sending e-mails */

/* Notice, the following paragraph includes an IP address in "to be removed from this list" and

they site some U.S. Federal Law! */

IMPORTANT: You may remove yourself from this mailing by utilizing our automated removal system

at

http://210.192.108.35/remove.html

. This message is in full compliance with U.S. Federal

requirements for commercial e-mail under bill s.1618 Title 111, Section 301, Paragraph (a) (2)

(c) passed by the 105th U.S. Congress and cannot be considered spam since it includes a remove

mechanism.

From the page source display you can determine if message header information

is deliberately misleading or has been

“

faked

”

. Examples are:

±

Missing the

“

From

”

address.

±

Multiple recipients with the same name or similar alpha spelling. For example,

[email protected], [email protected], [email protected]

±

Different source domain/IP than the sender. This is not always spam, but it is

suspicious.

±

Opt-out or remove instructions in the body with IP-numbered URLs.

For example: http://123.21.92.12/remove.html

You can also view the Received header values. The Received values typically

show Internet address information from various SMTP hosts that have processed

the message. If you notice that particular internet addresses or domains have

been involved in sending you multiple spam messages, you should consider

either creating a mail file rule for yourself or look at possibly blocking the address

or domain at the server. With the information from the page source display you

Section	Page
Front cover	1
Contents	5
Notices	7
Trademarks	8
Preface	9
The team that wrote this redbook	9
Become a published author	11
Comments welcome	12
Chapter 1. Introduction	13
1.1 Definition of spam	14
1.2 Categorizing spam	14
Chapter 2. Preventing unwanted e-mail and spam	19
2.1 Spam avoidance techniques	20
2.1.1 Passive harvesting attacks	20
2.1.2 Avoiding harvesting	21
2.1.3 Confusing the harvesters	22
2.1.4 Inform Users	22
2.2 How to block spam	24
2.2.1 At the gateway	25
2.2.2 At the server	25
2.2.3 By the end user	26
2.2.4 Selecting the best approach	26
2.2.5 Managing the ongoing anti-spam campaign	27
2.2.6 Summary	28
Chapter 3. Domino 6 anti-spam architecture	29
3.1 The Domino messaging environment	30
3.2 Domino 6 messaging components	32
3.2.1 SMTP Listener/Server	33
3.2.2 Router	35
3.3 Domino 6 anti-spam configuration	35
3.3.1 Server configuration features	36
3.3.2 User configuration features	37
3.4 Common problems and solutions	37
Chapter 4. Domino 6 Server anti-spam features	41
4.1 How to detect spam	42
4.1.1 Examining the message properties	42
4.1.2 Separating legitimate e-mail from spam based on content	43
4.2 Controlling connections from spammers	44
4.2.1 DNS Blacklist filters	44
4.2.2 Inbound Intended Recipients Controls	48
4.2.3 Disable routing mail to groups	51
4.2.4 Inbound connection controls	53
4.2.5 Inbound sender controls	54
4.3 Controlling delivery of spam	57
4.3.1 Server mail rules	57
4.4 Controlling use of your server as a relay	66
4.4.1 Inbound relay controls	66
4.4.2 Inbound relay enforcement	71
4.5 Protecting your Domino server from active address harvesting attacks	74
4.5.1 SMTP harvesting attacks	74
4.5.2 Spam mail bombing	74
4.5.3 Direct SMTP RCPT TO harvesting	74
4.5.4 Defending against active attacks	75
Chapter 5. Using mail file rules to prevent spam	77
5.1 Distinguishing between spam and legitimate e-mail	78
5.2 Mail file rules	80
5.2.1 Setting up mail file rules	80
5.2.2 Developing anti-spam mail file rules	83
5.2.3 Viewing mail rules and the evaluation sequence	89
5.2.4 Monitoring mail file rules	90
Chapter 6. Third party anti-spam products	93
6.1 Anti-spam products for Notes and Domino	94
6.1.1 spamJam for Lotus Notes and Domino	94
6.1.2 SpamEraser for Lotus Notes and Domino 6	97
6.1.3 iQ.Suite	100
6.1.4 ScanMail for Lotus Notes with eManager	101
6.1.5 XM SpamStop	104
6.1.6 Other anti-spam products for Notes and Domino	106
6.2 Anti-spam server and gateway products and services	106
6.2.1 BrightMail Anti-Spam 4.0 from BrightMail, Inc.	106
6.2.2 ActiveState PureMessage	107
6.2.3 Trend Micro Inc. products	109
6.2.4 Other anti-spam server or gateway products and services	110
Related publications	111
IBM Redbooks	111
Referenced Web sites	111
How to get IBM Redbooks	112
IBM Redbooks collections	112
Index	113

IBM AH0QXML User Guide - Page 79

they site some U.S. Federal Law

Page 79 highlights