Automated email blacklist generation
by ZetaGecko | Add Your Comments | Email
Many techniques are used for spam filtering: searching for user-specified words or phrases, statistical analysis of text, etc. One of the oldest involves creating a black list of sender email addresses from which all messages are blocked. Spammers have long since learned to work around blacklists by changing their addresses often and even using fake addresses to send from. But blacklisting can still be a useful tool in the fight against spam, if done correctly.
Old blacklists are rarely very effective these days, but because a spammer may use the same email address for a short period of time--even if for just one emailing--if a blacklist can be generated quickly enough, it can catch some spam. The trick is generating it quickly enough, and without too much effort, both of which require automation. Yesterday, I threw together a pair of scripts to do just that.
Blacklister is a pair of free scripts that work with qmail mail servers to generate automatic blacklists. The ways it works is that you generate one or more fake email addresses and post them on a website or other publicly-available place, where spammers' automated tools can find them. The email address of anyone who sends a message to that address is added to a database of addresses to block. You include some text telling humans visiting your site not to send email to those addresses. Or even better, you hide them from view of human visitors using one technique or another. Thus, anyone who sends a message to that address must be a spammer. All messages sent to this address are thrown away.
The next time the spammer send out a message, if they send it to the fake address first, then by the time the message arrives at your real address, assuming they use the same address to send to both, you know who they are and reject their message. Creating multiple fake addresses increases the probability of the message being delivered to a fake address before your real address.
The same technique could be used to perform more complex analysis of emails being sent to fake addresses. For example, you could find all hyperlinks in the body of the email and block any message containing the same links. (You'd need to be able to catch cases where the link URL is slightly different, since the links will often contain an identification code to tell the spammer who clicked it). This technique would have the advantage of catching cases where spammers use a different fake address for each message they send out.
If your mail server runs qmail and mySQL, you can download Blacklister and add a tool to your anti-spam arsenal today.