Spam War:Battling Ham against Spam

Technological Review To Protect E-mails

Bindu V.
Lecturer,Dept of Electronics & Communication SCT College of Engineering Pappanamcode, Thiruvananthapuram Kerala, India bindunn@gmail.com

Dr.Ciza Thomas
Associate Professor & Head, Dept of Computer Applications College of Engineering,Thiruvananthapuram Kerala, India

Abstract The antispam battlefield is in a complete chaos. The public has become more and more aware of the negative effects of junk mails. The voice against spam has become ever increasing; however, the amount of junk mails that find their way to mail inbox keeps increasing at a quicker pace. Unfortunately, the war against spam is much more complicated and requires multisolutions. It requires multi-solutions because there is no single definition of spam. Mails that are legitimate to one might be spam to other. Some mails are vague in nature, which can be classified either as ham or spam. So to fight spam successfully, it is necessary to find the product that could not only stop most of spam while not blocking hams, but also be able to agree with personal habits and preferences. In this paper a research-based analysis of spam is presented with focus on to the technical analysis of various weapons used in spam war and their leverages in the system. Keywords-spamwar; ham; spam; blacklist; whitelist; false negative; false positive; spammers; antispam.

challenge. To avert the danger of losing the Internet email service as a valuable, free, and worldwide medium of open communication, battle should be performed with more systematic methodologies which pave the way for new, holistic anti-spam approaches that will eradicate the spam [3]. This paper is based on a rigorous literature review of the various approaches and methodologies that are used in combating against spam and their comparative study in the present context. The paper is comprised of seven sections. Section II discusses the related work, Section III includes appropriate technologies, Section IV discusses the battle against spam and Section V deals with comparative study about the antispamming techniques. Section VI discusses the multisolutions approach. Section VII concludes the paper. II. RELATED WORKS

I.

INTRODUCTION

The Internet has become irrevocably and deeply entrenched in our modern society in a short span of time. Primarily it is due to the power of its communication substrate linking people and organizations around the globe. Email has become one of the most frequent means of communication with customers, employees and friends and one of the favored means of soliciting customers for a wide variety of goods. Email is ubiquitous and pervasive. Much work on email technology has focused on making email easy to use, permitting a wide variety of information and information types to be conveniently, reliably, and efficiently sent throughout the Internet [1]. However, there are several challenges facing the e-mail systems due to the recent spread of viruses, hackers, malwares, worms, and botnets. Spam is one of these challenges that abuse the electronic messaging system by sending a huge amount of unrequested bulk messages randomly that makes up of 80% of the emails. Spamming can be for a wide variety of reasons: commercial, personal, criminal, religious and political. Spam consumes bandwidth, disk space and affects productivity at work [2]. It can expose children to adult sites and prevents anyone from receiving important emails as their inbox gets full. Spams have become a serious technological and economic

There are many proposed and developed software and filters aimed to mitigate spamming [3,4,5] These are different attempts; each one has to fight spam from different places and perspectives as shown in figure 1. Current technical initiatives to fight spam and phishing include server and client-side spam filtering, using lists (blacklist, whitelist, greylist), email authentication standards (Identified Internet Mail (IIM), Domain Keys (DK), Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), Sender ID Framework), and emerging sender reputation and accreditation services [3].

Figure 1. Current technical initiatives for fighting spam

The recent works in fighting spam resulted in technical, economical, rule based, computational, statistical and legal solutions [3,7,8].These anti-spamming solutions can be combined to get better solutions. III. ANALYSIS OF SPAMS

The purpose of this study is to produce new knowledge about how to reduce spam for email servers and email users. In order to understand the spam problem and to explore control methods, it is useful to analyze spam control techniques by looking at spam generation and transmission as a system [4]. A. System Analysis of Spam A simple model of email transmission [5] is to consider four components along the path of an email message: sender client, sender server, receiving server, and receiving client as shown in figure 2. Clients and servers here are software and hardware subsystems. In the case of web based email services the client and server are integrated behind a web server. A sender uses their client side to compose a message. The client connects to the sending server and delivers the message in an outgoing queue. From there, the sending server connects to the receiving server, validates the existence of the recipient on the receiving server, and delivers the message. The message is stored on the receiving server until retrieved by its addressee. Eventually, the human recipient uses the client on their side to connect to the receiving server and retrieve the message.

supremacist organizations or explain their latest theories about physics and happiness. Spam illustrates what happens when technology ignores fair communication. Spam places a considerable burden on ISPs systems, thus cost the ISP and the customers a considerable amount of money. The cost of receiving a single piece of bulk email is minimal, but the cost of receiving many messages can be considerable. Laws that would restrict sending of spam have a growing support in the US, probably because of the resources that users of email spend on dealing with spam. Spam has greatly magnified effects in developing countries as compared to developed countries, because of higher Internet access costs, more lax security measures in local ISPs, and lower available bandwidth. Getting an overview of the spam traffic may be necessary when deciding new methods which can be implemented and tested. C. Spam Types Types of spam are advertisement spam, financial spam, phishing etc [3]. Most advertisement spam is commercial advertisement, often a direct product offer. The most common subcategories of the advertisement spam are: Online Pharmacy spam (promoting different versions of Viagra, Cialis, Antidepressant pills), Penny Stock spam (encouraging people to buy cheap stocks), Porn or (sex) dating spam, Pirate Software spam (offering pirate software more cheaper than the official prices), Online Casino spam (promoting gambling), Fake Degrees spam (sell fake Degrees and Diplomas), Mule job spam (promoting jobs working from home). While advertisement spam have at least a little probability, that the responder could get something for the sent money, the financial spam only tries to fool people and get their money somehow, without the chance to buy anything. The most common financial spam kinds are 419 scams and lottery spam. Phishing spam is fake alert from banks (mostly Citi Bank), PayPal, eBay etc, and it asks for confirmation, validation or monitoring of details in order to defraud people of their personal information. Phishing spams are usually linked to fake log in sites, which can be used to capture user details (e.g. passwords) in order to use this information to steal money or goods. Fraudulent e-mails harm their victims through loss of funds and identity theft. They also make a draw back in on-line business, since people lose their trust in Internet transactions. D. Spam Characteristics The basic characteristics of spam [6] are Return address is not valid. Forged routing headers to hide the origin of the email, The identity of the recipient is irrelevant Dictionary attack address-If the To address line is examined; you may see different variants of the recipients e-mail addresses. Subject line has no bearing on the content of the email. E-mail content is of a dubious nature.

Figure 2. An email route from the sender to a receiver via Internet

Any technique that can reduce the volume of spam at the receiving client will reduce costs associated with productivity loss for the human recipient. However, all costs associated with delivering the message, storing it on the receiving server, and delivering it to the client are borne by the owner of the receiving server, and ultimately passed on to the end user. These costs can be reduced if spam is stopped before it reaches the receiving server. The ideal case is when spam never even leaves the sending client. B. Spam Existence & Problems Sending hundred thousand email messages can cost under $200 and obtaining a million email addresses can cost under $100 [5]. With such low expenses, spammers can recoup their costs even if only a tiny fraction of the email messages they send out result in sales. Spam can also be used by people to cheaply spread the word about religion, recruit members for

Unsubscribe does not work in spam e-mail. If you try to unsubscribe from spam e-mail, it is often the case that the link does not work, or opens up an advertisements web site. What it does confirm however is the legitimacy of your e-mail address, which would be duly added to another spam list of verified e-mail addresses. May contain hidden scripts. If spam contains HTML, it may contain hidden JavaScript, which can open up web sites and activate advertisement popup windows.

E. Combating Spam Problems Before an e-mail arrives in mailbox it passes through a mail server, which is either hosted within the organisation or through an Internet Service Provider (ISP) [7]. Filtering out spam at this early stage (pre-receipt) before the message reaches the recipients machine is obviously desirable and many IT departments and ISPs have already installed anti-spam software on their servers. Tools also exist which are user-based and filter out e-mail that has already arrived at your mailbox (post-receipt). Due to the flood of spam that is relentlessly sent to us, for now, it is probably best to have filtering tools both at the server and the user ends. Two problems, which need to be addressed by any spam filtering system, are the rates of false positives and false negatives. A false positive is a mail message that the filter tags as spam but is actually ham, while a false negative is a mail message that the filter tags as ham but is actually spam. Having no filter at all is the case of 0 per cent false positives and 100 per cent false negatives, and a filter that blocks everything is one with 100 per cent false positives and 0 per cent false negatives. Ideally we want 0 per cent false positive, i.e. all ham gets through the filter, and 0 per cent false negatives, i.e. all spam is blocked. In reality users will tolerate a certain level of classification errors, although some would argue that the only acceptable level of false positives is zero. IV. THE SPAM BATTLE

Whatever the technical solution for filtering spam, it must take into account the fact that spammers will fight back and find new ways of fooling anti-spam software. The implications of this are twofold. On the one hand, technical solutions need to be adaptive, i.e. modifying their internal behavior to tackle new types of spam messages. On the other hand, it is important to pursue the legal route in parallel to technical solutions, in order to stop known mass spammers. A review of the solutions [8] that are currently being used to combat spam is discussed here. A. Technical Solutions Among techniques for fighting spam, the first one to be used historically is filtering at the receiving end.One of the first solutions is to search for keywords in the e-mails subject. It means to scan the subject for words, related to spam letters. This is a simple language analysis, works only by match specific phrases. Since the spam letters topic changes time by

time, keyword list has to be regularly updated. The smallest change in the words of the subject leads to mismatch. This has resulted in a high false-positive rate along with a significantly high maintenance rate. Another filtering method is blacklisting and white listing. There is a need, to make difference between two levels of blacklisting: the network-level and the address-level blacklisting. The network-level blacklisting is based on creating intentional network outages. The method has the ability the detect spam letters based on its origin rather than its content. Unfortunately new spam hosts can pop up instantly and the propagation time could be a significant weakness. Moreover if a legitimate user was accidentally blacklisted, there is no way, to get off the blacklist, hence all mails ware rejected from the blacklisted part of the network. Spammers have learnt how they can get around blacklisted networks. The address-level blacklist is an updated list of known spam sender addresses. There are on-line accessible blacklists and the user can administrate personal blacklist as well. By receiving a letter, a simple search engine tries to find the address of its sender in the list. If it matches, the letter should be surely marked as spam, or with more strict rules, it could be deleted immediately. It is a very good technique to combine with other filter methods. White listing is the opposite of blacklisting. Content filtering identifies spam, while white listing requires identifying users. A white list is a collection of reliable contacts. If e-mail comes from the members of this list, it should be marked automatically as legitimate letter what is also called ham. Just as the blacklisting, the white list also needs a continuous upgrade and refreshment. Rejecting all emails from unknown senders is a far too strict. A more appropriate usage can be achieved by sending an auto-reply for every unknown user with a query for authentication (challenge/response). This can cause limited speed and rely on the senders will. After all of these drawbacks, white listing is used only for classify letters as legitimate mails, and has nothing to do when the sender is unknown. If the blacklist and white list methods are used together, further filtering is only required for letters that do not match any of the entries in the two lists. Filtering on the network level is another method. The Simple Mail Transfer Protocol (SMTP) is the way mail servers communicate with each other. One of the important issues is to propose improvements to the current standard SMTP for sending and receiving e-mail. The problem with SMTP is that it has no safe-guards to prevent forging or spoofing e-mail addresses. One proposal is to modify the Domain Name System (DNS) in order to be able to identify the actual computers acting as mail servers rather than just the website the e-mail came from. Another proposal, to verify the sender of an e-mail, called domain keys, is to use public key cryptography to sign an e-mail before it is sent and then verify its source once it arrives. To enable this feature, backed by Yahoo, e-mail servers will have to install open-source software, causing debate about who is to take ownership of email technology standards. Yet another proposal that is

gaining momentum is called Sender Policy Framework (SPF which is a safe listing system requiring domain owner to publish the IP addresses from where e-mail is sent. When an email arrives at the server the IP address of the sender must match the published IP address for the domain mentioned in the e-mail, otherwise the e-mail is rejected before it arrives in the users mailbox. These suggested patches to the SMTP protocol will not stop spam but will help anti-spam technologies to track its origin, forcing the offenders to move to new domains more frequently. B. Economic Solutions The underlying idea behind all economic solutions is to make spammers pay for each unsolicited bulk e-mail they send, deeming spam a financially unviable proposition. Idea of electronic stamp is introduced which uses some kind of post offices for email delivering. The basic is all the e-mail traffic should be controlled by big intelligent nodes on the network, and every e-mail would cost for the sender a little money. If the receiver signs back that the e-mail was not spam, the sender gets back the 99% of the cost of the e-mail. The rest 1% goes for the post office nodes budget. For legitimate senders it could be still affordable and still the cheapest solutions, while spammers, who want to send millions of letters in a single day, should pay big amounts of money. To avoid unnecessary money transfers, it would be suitable to build a pre-paid system, and so money transfer would be enough once monthly. To implement this, system software for managing the payment will have to be plugged-in to our email software, enabling the transfer of money to the recipients e-mail account. This could be done via e-stamps, which are digital tokens that represent the amount of money being transferred. The redemption of the e-stamp is optional, so that if the e-mail is not considered as being junk, the user will probably opt not to collect the fee. The idea holds the possibility of ending spam in an unbelievable high cost, by changing the whole architecture on network level, and making the users to pay for sending e-mails. C. Computational Solutions The basic idea behind computational solutions, in similarity to economic ones, is to make spammers pay for sending e-mail. Only this time, rather than a direct payment, the sender of an e-mail is required to perform a small calculation prior to sending an e-mail. As spammers send bulk e-mails regularly, it would unfeasible for them to perform all the computations required by this proposal without heavy investment in hardware. The computation solution sent with an e-mail can be tagged to its header and verified when the email arrives. It is important in this scheme that the verification of the computation can be performed at a tiny fraction of the computation itself, and this is where the intelligence of this mechanism lies. This idea can be combined with a safe list of trusted e-mails, so that if an e-mail arrives without the computational stamp, it can be checked against the safe list before it is rejected. Rather than performing a machine computation, a different kind of problem solving can be required from the sender of an e-mail such as solving a

Captcha. A Captcha (Completely Automated Public Turing tests to tell Computers and Humans Apart) is a program that can generate and grade tests that most humans can pass but current computer programs cannot pass, such as recognizing an image with distorted text. D. Rule based Solutions Rule-based filters maintain a collection of patterns that can be matched against an incoming e-mail to decide if it is spam. Each rule produces a score, and if the total score for the message exceeds a threshold value then it is classified as spam and blocked. The most well-known rule-based filter is Spam Assassin, which is based on fuzzy logic rules to give a confidence on the accuracy of a rule. It is easy to add new rules, and to customize the weights, i.e. relative scores, and thresholds of existing rules for identifying spam. Spam Assassin supports several rule categories including: header, body and message structure rules. E. Statistical Solutions This type of solution is often implemented as a post-receipt system rather than a pre-receipt one, i.e. the spam filter only acts once the e-mail has arrived in the users mailbox. It is not a deterrent as some other solutions are, in the sense that the spammer does not have to pay for sending junk, but if effective it will make spamming futile. The essence of the statistical method is to use Bayesian text classification to assign each email message either to the spam category or the ham category. In order for this method to work it is necessary to have a large corpus of spam e-mail, in order to build accurate statistical patterns for classification purposes. The nave Bayes approach, which is the one most commonly used due to its relative simplicity and effectiveness, simply counts the number of occurrences of all words in the body of the text so as to assign their probability of being present in a spam message. Assuming that the classification software is an add-on to the e-mail software on the users machine, a statistical profile of the users ham messages can also be computed from the messages in the users inbox. When a new e-mail arrives in the users inbox the Bayesian classifier [9] will compute the probability of this message being spam or ham using the classifiers precomputed probabilities. The classifier will then choose to label the e-mail with the category having the higher probability, and if this turns out to be spam then it can put it into a separate junk e-mail folder that the user can inspect, just in case it is a false positive. The strength of this approach is that the filter is adaptive, in the sense that it can re-compute the classifiers probabilities of spam and ham as new e-mails arrive and are classified. F. Legislative Solutions Non-technical methods for preventing spam in the future include legislation and prosecution. Legislative methods have to date proved fairly ineffective due to the global extent of the activity, which has implications for how global law operates. All the nations would have to agree to the same legislation in order for it to be enforceable. Another factor lies in how the law is enforced, which would need collaboration between the

various countries as well as significant amounts of funding for enforcement. G. Other Solutions In addition to above methods there are different other solutions like e-mail aliasing, throttling approaches, authentication based methods and collaborative filtering method. The basic idea behind e-mail aliasing is to set up a variety of e-mail aliases (alternative addresses for a single user receiving e-mail) in such a way that each alias can be restricted to a different group of users. The user sets up a number of aliases to the e-mail with a set of manually configured attributes describing the acceptance criteria for each alias. Attributes include: how long the e-mail is valid, how many messages can be received until it is invalidated and who is allowed to use the alias for sending messages. The user would retire the address if spam starts to arrive via that address. The throttling simply slows down the rate at which a single network or host can send traffic. Probably this is the most sensible way to fight spam. For example a legitimate mailing list may send out huge quantities of mail, but each message is addressed to different users on different networks. A spammer on the other hand may use dictionary attack, and tries to find valid e-mail addresses on one network. In this case throttling can lead to a drawback for the spammers, but it also uses more resources from the legitimate senders. Sender authentication protocols idea is that people who can be authenticated can also be held accountable for their email practices. The idea proposes to automatically whitelist senders that can be held accountable, Senders who are not willing to submit to being identified and held responsible will be subject to filtering, or even denied access. Instead of filtering out spam, this approach filters in good email and throws away everything else. Collaborative filtering allows individuals in trusted groups to share message inoculations with the other group members in real-time to fight spam. A copy of the message is sent by the tool to a central spam database whenever any user in the community blocks a spam e-mail. All members share the contents of this database so that if the same message appears in someone elses mailbox it is automatically blocked. To take care of the problem of false positives, blocked mail is moved into a spam folder rather than being removed. V. HOW GOOD ARE THE WEAPONS IN THE WAR?

By looking at email transmission as a system, we can evaluate the likelihood of success of each technique, based on the leverage it can have in the system. The benefits and limitations [15] of the solutions are presented in this section and are summarized in table 1. Among techniques for fighting spam the least effective one is filtering at the receiving end. Sadly, this technique is also the most widespread, for reasons of ease of use. The first attempts to filter spam were block listing or blacklisting. As spammers change addresses easily or use zombies or botnets, this type of filtering soon proved of limited use, even more so because blacklisting raises concerns

about censorship. The converse of blacklisting is white listing, where only email from certain addresses is delivered. This solution works well, but does not allow new correspondents. Filtering that is done on the receiver client is easiest to deploy by an end user, but least effective, because spam has already used up network and storage resources. Filtering on the receiving server can drop spam even before it is stored locally. The reduction in spam throughput due to filtering makes spammers send larger spam volumes to compensate. Economic Solutions has strong proponents as well as opponents. It has the potential to act directly at the sender client level, thus minimizing the costs associated with spam. It is difficult and costly to implement a world-wide standard for collecting the fee. Computational solutions are a viable alternative to the economic solution, without needing the infrastructure to collect a fee which use computational stamp. A protocol involving cryptographic techniques will need to be put in place, and software developed to implement the method is a drawback. Legitimate users could be sending email from a variety of platforms, including older and slower computers, mobile devices with limited computing power, or other types of thin clients. Professional spammers on the other hand will likely be using a server farm with high-speed computers, dedicated hardware, or large botnets, and would have a few orders of magnitude advantage in speed. The biggest issue with payment based spam control techniques is that they will require changes to the email transmission protocols. Rule based solutions are easy to install and effective in blocking a large percentage of spam, but needs a lot of tuning. The strength of statistical approach is that the filter is adaptive, in the sense that it can re-compute the classifiers probabilities of spam and ham as new e-mails arrive and are classified. Also it can readily be refined to detect sub-classes of spam, such as adult and money categories, and also subclasses of ham such as work and personal categories. Legislative measures have been among the least effective means for fighting spam. For one, technology evolves quickly, and laws are often slow to keep up. Laws also tend to be too broad based. Of the four system components, the law has the most power over the servers, by regulating ISPs and other entities that manage the Internet. Spammers are usually not associated with the servers, but tend to steal resources. Techniques based on individual messages spam score are only as good as the filters that determine these scores, and are challenged by spammers modifying their message format. Second, delaying the spammers server would also unfairly penalize other legitimate users on that server. Finally, TCP damping will require rewriting the code for email clients on the receiver side so that they will be able to use the filtering score to affect the network delay. Rate throttling approaches avoid blacklisting and allow the feedback to a message to be democratically decided by the recipients. Rate throttling can effectively limit spam, because the feedback loop reaches back to the sending server. Under

rate throttling pressure from several recipients, the spammer will incur higher costs, to buy more powerful hardware or to use a larger number of zombie computers in their botnet. Sender authentication standards will probably stop email with fake addresses and content in the future. This will help stop fraud and phishing attacks. These standards will however have low impact on other types of spam as spammers can easily circumvent them. Table 1: Benefits and Limitations of Solutions
Solution Block listing Protocol change Economic solutions Computationa l solutions E-mail aliasing Sender warranted email Collaborative filtering Method Use known sources of spam Tracks the source of e-mail Impose fee for sending e-mail Impose an indirect payment on machine computation Set up e-mail aliases for different groups of people Use of a special header to certify the e-mail as valid Communities collaborate with an add-on to email software Pattern matching Benefits Blocks majority of spams Identifies and adds spam addresses to block lists Reduces junk email Viable alternative to the economic solution Reduces spam through authentication No additional software or e-mail protocol Possible eradication of large volumes of spam Easy and effective for a large percentage of spam Very effective and adaptive Prosecution of individual spammers Limitations Needs regular updates Prevent spam indirectly Difficult to implement Techniques to be developed Extension to current e-mail servers required Licensing of the technology will be problematic Scalability issues and vulnerable to random changes Vulnerable to changes and large false negatives Only a postreceipt filter Problems with enforcement

email. It is also a solution that requires little resources compared with content based methods. To detect more spam than the low risk solution, rule based solutions like Spamassassin can be used which gives a low false positive ratio. Therefore the combination of these methods along with low risk solution should be safe to use for medium risk solution. Adding this solution to the low risk solution will be more resource demanding since it operates on the email content.For a high risk solution two or more of the methods which catches a lot of spam can be used. Spamassassin, with combination of the real time black lists are good solutions. This approach will easily mark 75% of the emails as spam, but may also give over 1% false positives. Methods which analyze the contents of the email will also be resource demanding compared to the others. Adaptive statistical methods like Bayesian combined with block listing an effective multisolution giving the lowest false positive ratio in email system. VII. CONCLUSION After analyzing the techniques above, one may wonder whether there are control mechanisms that will completely eradicate spam. There are promising techniques, but they also have limitations. A combinational approach is a solution to eradicate the spam to larger extend. A very strong reason to work with combination solution is w.r.t something learned from the computer security domain: resistance to attack. Concentrating on only a single classifier, to fine tune it to perfection, will only encourage spammers to try to, and eventually defeat that specific mechanism. By using a combination algorithm, an email enclave can be protected against compromise of any single spam classifier. Although the model combination functions work well, there are still other analytical tasks that should be explored to determine how to fully automate a model combination.. VIII. REFERENCES
[1] Shlomo Hershkop, Behavior-based Email Analysis with Application to Spam Detection ,Ph.D thesis, Graduate School of Arts and Sciences,Columbia University,2006 Mansoor Al-A'ali, A Study of Email Spam and How to Effectively Combat It, Webology, Volume 4, Number 1, March, 2007. Shalendra Chhabra, Fighting Spam, Phishing and Email Fraud ,Masters Thesis,Master of Science University of California, Riverside, December 2005. Bogdan Hoanca, How Good Are Our Weapons In The Spam Wars?,Free Sample Article, IEEE Technologyand SocietyMagazine, Volume 25, Number 1, Spring 2006. Anders Wiehes ,Comparing Anti Spam Methods,Masters Thesis,Master of Science in Information Security,30 ECTS,Department of Computer Science and Media Technology,Gjvik University College, Norway, 2005. Anselm Lambert , Analysis of Spam ., Masters Thesis ,University of Dublin, Trinity College , Sara De Freitas And Mark Levene, Spam On The Internet: Is It Here To Stay Or Can It Be Eradicated?,Jisc Techwatch Paper. Spam On The Internet. Danny Goodman, Spam Wars:Our Last Best Chance to defeatspammers,scammers and hackers. Select Books, New York. Csaba Gulys, Creation of a Bayesian network-based meta spam filter, using the analysis of different spam filters. Masters Thesis

Rule-based solutions Statistical solutions Legislative solutions

Filters spam using Bayesian text classification National and global legislation to enforce antispam laws

VI.

THE COLLECTIVE WEAPONS

[2] [3]

Most anti-spam solutions [5,8] currently in use involve a combination of the techniques mentioned above. Several vendors sell anti-spam appliances that combine multiple techniques, sometimes in a collaborative enterprise-level or distributed fashion, and that allow remote management. The performance of combinations of techniques tends to be superior to that of individual techniques. These combinations can be done according to the risk of the solution marking a ham email as spam email and vice versa. For low risk solutions greylisting solution in combination with black lists seems appropriate. If the sender SMTP server is black listed, then the recipient server can greylist the email. This will result in fast delivery for unknown sources that are not black listed. Sources which are black listed by mistake will get their email delivered as long as they are running an SMTP service which follows the standard, even though it takes a little more time. This configuration will stop around two thirds of email traffic and it will have little or no negative effects for the users which ran greylisting on every

[4]

[5]

[6] [7]

[8]