Blog for hpHosts, and whatever else I feel like writing about ....

Friday 26 June 2009

When is a spam/bot filter not enough?

When it's not effective enough of course!.

Spam and bot filters have one major flaw, and it's the same flaw that other security related products have - they rely on lists/databases of known offenders. It's great when the offender is in one of the databases, as it means they're instantly blocked, but with the growing trend over the last several years, of criminals hiring out their botnets to spamming gangs (when they aren't doing the spamming themselves of course), these filters have proven to be simply a stop gap - otherwise known as effective until they come along with an IP/e-mail not known to the blacklists.

Take for example, aiseesoft.com, who are by far the most prolific spammers visiting the Freeware Arena forums. The latest IP they used was 114.249.124.223, which you'd have thought, given it's network, China Unicom Beijing province network, would already be on all of the major blacklists - but alas no, it turns out the IP used, wasn't on any of them.

There are of course, additions you could use, such as Akismet, but experience has shown, incorporating that into custom sites, non-supported CMS systems is a pain. It does however, beg the question - since it's been shown that blacklists and other such filters, are only partially effective, even Akismet doesn't catch it all, what other options are there for us?

One idea I've been pondering, is a heuristic filter, but at present, I'd have no idea how to design such a beast, let alone begin writing one. I'm therefor going to put the question to you - other than blacklists, how do you propose we all go about fighting spam (given most machines serving spam now, are actually drones that are part of a botnet, rather than your average skiddie running XRumer)?

No comments: