ASSP & Greylisting, The ultimate SPAM solution?

    SPAM, UCE, Junk mail; whatever you call it, we all hate it. For many years now I have tried various methods to filter spam. Some have worked better than others, but last year I ran across a system that works better than any other I have ever tried.

    Various technologies have been developed to block junk e-mail: Bayesian scoring, whitelisting, blacklisting, redlisting. All of these features have helped limit the amount of UCE making it to our inboxes, but there is a better way.

Enter ASSP, The Anti-SPAM SMTP Proxy

    ASSP Is an SMTP proxy service. ASSP uses a combination of Bayesian analysis, Whitelisting, Blacklisting, and Redlisting. None of this is new, but ASSP makes all of these easy to use and includes a simple to use web interface. If this were all that ASSP provided, it would be a worthwhile application and I would recommend it for anyone.

    The good news is that ASSP is far more than just a combination of these existing technologies. The special breakthrough is a feature called graylisting. Graylisting is a technique which monitors inbound e-mail for compliance with SMTP standards. SPAM propagators do not like to follow SMTP standards because they are looking for the cheapest way to deliver to the most people. So, when a mail server rejects a message with a temporary failure message, the spam propagator most likely will not attempt to send the message a second time. So, graylisting always sends a temporary failure message when it gets a message from an unknown server. The standard response from a valid mail server will be to wait 5-10 minutes and try again. The second time, ASSP lets it in and subjects the messages to the normal Bayesian/blacklist/redlist/whitelist tests. In our experience at my company, this reduced the spam volume by over 80% compared to Bayesian analysis alone. The other benefit was that the required resources was reduced by over 50%.

    So, how does ASSP work? Well, like the name suggests, ASSP acts as a proxy between your mail server and the Internet. When a new mail is coming in, ASSP recognizes it as a "triplet". A "triplet" is the combination of the source address, destination address, and sending mail server. The first time that ASSP sees a new "triplet", it sends a 4XX temporary delivery error too the sending server. If the sending server is a botnet or a spam propagator, then it is very likely that they will not try to send again to the same recipient (and thus the same triplet). If the sender is a normal and valid SMTP server, it will try again in 5-10 minutes and ASSP will recognize the triplet and allow the message through. For a while, the sending mail server will be allowed to send e-mail without restriction. Additionally, the mail servers that do not try again will be blacklisted after several such attempts.

    If you need a solution for blocking UCE, then I truly recommend using ASSP. You can find out more using the links below:

ASSP, The Anti-SPAM SMTP Proxy

ASSP On Wikipedia


Popular Posts