|  |
FairUCE
A spam filter that stops spam by verifying sender identity instead of filtering content.
Date Posted: November 30, 2004
|
|
|
|
|
What is FairUCE?
FairUCE (which stands for "Fair use of Unsolicited Commercial Email") is a spam filter that stops spam by verifying sender identity instead of filtering content. It can stop the vast majority of spam without the use of a content filter and without requiring a probable spam or bulk folder that needs to be checked periodically. As one of the first spam filters that uses sender identity rather than email content to determine if it is legitimate, all this can be accomplished quickly using simple, inexpensive tests.
Content filters require frequent maintenance (AOL estimates that spammers respond within four hours to a change in a content filter) and require a great deal of processing for complex techniques such as bayesian, heuristics, fingerprinting, etc. The techniques spammers use to get past content filters become laughable, because FairUCE doesn't look at what they say, only at who they are. It virtually eliminates spoofed addresses, phishing, and even many viruses with a few cached DNS look-ups and a couple of if/else statements. Sender identity is the spam-fighting tool of the future. The author of this technology went from over 400 spams a day to just one or two.
How does it work?
Technically, FairUCE tries to find a relationship between the envelope sender's domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. A future version will incorporate Sender Policy Framework (SPF) or similar sender identification systems; SPF-enabled domains will not require a challenge. Challenges are sent using a dedicated queue with a short lifetime so it does not get bogged down or interfere with legitimate mail.
If a relationship can be found, FairUCE checks the recipient's whitelist and blacklist, as well as the domain's reputation, to determine whether to accept, reject, challenge on reputation, or present the user with a set of whitelist/blacklist options. A future version will use a real domain reputation system; currently this is implemented as a "whois" look-up to determine the domain's age when it first sent mail to the recipient.
The FairUCE concept is currently implemented as an SMTP proxy that runs between multiple instances of Postfix on Linux. QMail and Sendmail support are being considered. It should be possible to use existing mail server(s) on the inside of the proxy; Postfix is currently required on the outside (optionally on a separate boundary server, protecting one's regular servers from most spam). End-users cannot install FairUCE at this time; end-users, please direct your mail administrator to this page.
|
|
|
| | About the technology author(s):
Mathew Nelson joined IBM in 1991 and has been programming since the dawn of time. His previous projects include Robocode, an educational programming game for Java. A few years later, he decided to try a new game: The battle against spam. With FairUCE, he's winning. Mr. Nelson is currently an advisory software engineer in IBM's Internet Group. He is based in Cambridge, Ma., and Concord, N.H. |
|
|
| |
|
