Spam protection technologies

A modern spam mass mailing containing hundreds of thousands of messages can be distributed within a few minutes. Most often spam comes from zombie networks – formed by a quantity of users’ computers infected by malicious programs. What can be done to resist these attacks? Currently the IT security industry offers a lot of solutions and anti-spam developers have various technologies available in their arsenal. However, none of these technologies can be deemed to be a ‘silver bullet’ in the fight against spam. A universal solution simply does not exist. Most state-of-the-art products have to integrate several technologies, otherwise the overall effectiveness of the product is not very high.

The most well-known and widely spread technologies are specified below.


DNSBL (DNS-based Blackhole Lists) is one of the oldest anti-spam technologies. This blocks the mail traffic coming from IP servers on a specified list.

  • Advantages: The blacklist guarantees 100% filtering of mail traffic coming from suspicious sources.
  • Disadvantages: The level of false positives is rather high, and that is why this technology must be used carefully.

Detecting bulk emails (DCC, Razor, Pyzor)

This technology provides detection of completely identical or slightly varying bulk emails in mail traffic. An efficient ‘bulk email’ analyzer needs huge traffic flows, so this technology is offered by major vendors who have considerable traffic volumes, which they can analyze.

  • Advantages: If this technology works, it guarantees detection of bulk emailing.
  • Disadvantages: Firstly, ‘big’ mass mailing can contain completely legitimate messages (for example, and are sending out thousands of messages which are practically similar, but are not spam). Secondly, spammers can break through this defense with the help of smart technologies. They use software which generates different content (text, graphics etc.) in each spam message.

Scanning of Internet message headings

Special programs are written by spammers that can generate spam messages and instantaneously distribute them. Sometimes, mistakes made by the spammers in the design of the headings mean that spam messages do not always meet the requirements of the RFC standard for a heading format. These mistakes make it possible to detect a spam message.

  • Advantages: The process of detecting and filtering spam is transparent, regulated by standards and fairly reliable.
  • Disadvantages: Spammers learn fast and make less and less mistakes in the headings. The use of this technology alone provides detection of only one-third of all spam messages.

Content filtration

Content filtration is another time-proven technology. Spam messages are scanned for specific words, text fragments, pictures and other spam features. Initially, content filtration analyzed the theme of the message and the text contained within it (plain text, HTML etc). Currently spam filters scan all parts of the message, including graphical attachments.

The analysis may result in the creation of a text signature or calculation of the ‘spam weight’ of the message.

  • Advantages: Flexibility, and the possibility to fine-tune the settings. Systems utilizing this technology can easily adapt to new types of spam and rarely make mistakes in distinguishing spam from legitimate email traffic.
  • Disadvantages: Updates are generally required. Specialists, and sometimes even anti-spam labs, are required in the setting-up of spam filters. Such support is rather expensive and this influences the cost of the spam filter itself. Spammers invent special tricks to bypass this technology. For example, they may include random ‘noise’ in spam messages, which impedes the evaluation and detection of the spam features of the message, or they may use a non-alphanumeric character set. This is how the word viagra may look if this trick is used vi_a_gra or vi@gr@, or they may generate color-varying backgrounds within the images, etc.

Content filtration: Bayes

Statistical Bayesian algorithms are just another approach to the analysis of content. Bayesian filters do not require constant adjustments. All they need is initial ‘teaching’. The filter ‘learns’ the themes of emails typical for a particular user. For example, if a user works in the educational sphere and often holds training sessions, any emails with a training theme will not be detected as spam. If a user does not normally receive training invitations, the statistical filter will detect this type of messages as spam.

  • Advantages: Individual setting.
  • Disadvantages: It works better if used for individual email traffic. Bayesian filtration does not work perfectly on corporate servers with many different types of emails. If a user is lazy and does not ‘teach’ the filter, the technology will not be effective. Spammers try to find ways to bypass Bayesian filtration and in general, they are quite successful.


Greylisting is the temporary denial of the ability to receive a message. The denial includes an error code understood by all email systems. Normally the sender would then resend the message. However, once denied, the programs used by spammers do not resend emails.

  • Advantages: This is one possible solution.
  • Disadvantages: Delays in email delivery. For many users this solution is unacceptable.

Listes grises

Une liste grise empêche temporairement la réception d’un message. Le refus inclut un code d’erreur que tous les systèmes d’e-mails comprennent. En général, l’expéditeur va renvoyer le message. Cependant, une fois qu’ils ont été refusés, les programmes utilisés par les spammeurs ne peuvent pas renvoyer les e-mails.

  • Avantages : C’est une solution possible.
  • Désavantages : Cette technique cause des retards pour recevoir des e-mails. Pour de nombreux utilisateurs, cette solution est inacceptable.

Spam and phishing in Q1 2018

The quarter’s main topic, one that we will likely return to many times this year, is personal data. It remains one of the most sought-after wares in the world of information technology for app and service developers, owners of various agencies, and, of course, cybercriminals. Unfortunately, many users still fail to grasp the need to protect their personal information and don’t pay attention to who and how their data is transferred in social media. Read Full Article


Tens of thousands per Gram

In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform. The lack of information provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting people to take part in the ICO and purchase tokens. Read Full Article


Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail. Read Full Article


IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article


Spam and phishing in Q3 2017

In terms of the average share of spam in global email traffic (58.02%), the third quarter of 2017 was almost identical to the previous reporting period: once again growth was slightly more than one percentage point – 1.05 (and 1.07 p.p. in Q2 2017). As in previous quarters, spammers were quick to react to high-profile events and adapted their fraudulent emails to the news agenda. Read Full Article


Spam and phishing in Q2 2017

In Q2 2017, the average share of spam in global email traffic amounted to 56.97%, which was only 1.07 p.p. more than in the previous quarter. One of the most notable events of this quarter – the WannaCry epidemic – did not go unnoticed by spammers: numerous mass mailings contained offers of assistance in combating the ransomware. Read Full Article