Anti-Spam Glossary

Allow list – See Whitelist

Authenticate – Verify a user is who they claim to be by requiring them to provide proof of their identity. There are many techniques that can be used to authenticate an email user, such as a local system username and password, LDAP, and IMAP and POP passwords.

Bayesian (learning agent) - Uses artificial intelligence to filter spam. Spam and legitimate email are submitted to this agent and it learns the characteristics of both spam message and legitimate email. Because Bayesian filters can be trained, their effectiveness improves over time.

Blacklist - A list of known spam offenders from whom all incoming email messages will be deleted. For example, if a user constantly receives spam messages from they might wish to place that address on their blacklist.

Block List – See Blacklist

Bot Network – A bot network consists of tens of thousands of compromised machines called drones or zombies that run malicious software. Spammers use the bot network to conceal their identity.

Challenge/Response Filtering – It is an authentication method used to determine the legitimacy of a sender. Before a recipient will accept a message, he/she will send some form of challenge, and the sender must respond in the correct manner.

Corpus - A large collection of email messages used to test an anti-spam filter’s accuracy.

Dictionary Attack – An email spamming technique in which the spammer sends out millions of emails with randomly generated addresses using combinations of letters added to known domain names. The spammer attempts to reach a percentage of real email addresses.

Directory Harvest Attacks – Spammers use a list of published names from the Internet to send junk email.

Denial of Service (DOS) - An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worms, which can cause severe damage to files, a denial of service attack interrupts network service for some period. A distributed denial of service (DDOS) attack uses multiple computers throughout the network that it has previously infected. The infected computers act as "zombies" and work together to send out large quantities of bogus messages, thereby increasing the amount of phony traffic.

DNS Black List (Blackhole List) - Sometimes simply referred to as a blacklist, is the publication of a group of IP addresses known to be sources of spam. The goal of a DNS black list is to provide a list of IP addresses that a network can use to filter out undesirable traffic. After filtering traffic coming from or going to an IP address on the list simply disappears, as if it were swallowed by an astronomical black hole. The Mail Abuse Prevention System (MAPS) Real-time Blackhole List (RBL), is one of the most popular blackhole lists.

Domain Spoofing - The use of someone else's domain name when sending a message and is part of the larger problem of spoofing. Domain spoofing can also be used by malicious individuals in phishing scams.

Domain Keys - Proposed by Yahoo, Domain Keys use public key encryption technology at the domain level to verify the sender of email messages.Internet service providers (ISPs) that support domain key technology can allow authenticated email messages to bypass spam filters, freeing up resources to scan unauthenticated messages

False negative - A spam message that is incorrectly identified as non-spam by an anti-spam filter.

False positive - A non-spam message that is incorrectly identified as spam by an anti-spam filter.

Ham - Any non-spam email message (i.e. an email message that a recipient wishes to receive).

Heuristic (rules) filtering - Tests email message header and body against criteria specified by a spam filter.

Honeypot - A computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems, such as hackers and spammers.

MIME – An abbreviation for Multipurpose Internet Mail Extensions. A specification for formatting non-ASCII messages so that they can be sent over the Internet. Many email clients now support MIME, which enables them to send and receive graphics, audio, and video files as attachments via the Internet email system.

Open Mail Relays - Sometimes called an insecure relay or a third-party relay, is an SMTP email server that allows third-party relay of email messages. By processing email that is neither for nor from a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of spam.

Open Proxy – A server that allows unauthorized Internet users to connect through it to other computers on the Internet.

Phishing - The act of sending an email message to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email message directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The web site, however, is bogus and set up only to steal the user’s information.

Proxy Server – A server that performs specific functions on behalf of another application or system while hiding the details involved.

Sender ID - The Sender ID Framework is a proposed standard that was created to counter email domain spoofing and to provide greater protection against phishing schemes. This combined specification is the result of Microsoft's Caller ID for email proposal, Meng Wong's Sender Policy Framework (SPF), and a third specification called the Submitter Optimization. These three draft technical specifications have been submitted to the Internet Engineering Task Force (IETF) and other industry organizations for review and comment.

Signature Matching – A spam-filtering technique. Vendors that use signature matching to filter spam collect and analyze a large amount of email messages. They identify spam messages by generating a signature, which is a string of 32 to 128 alphanumeric digits that is calculated based on the content of the message. This signature is added to a database of all of the spam signatures that the vendor has calculated. This database is used to automatically discarding every copy of a spam message as soon as it recognizes it as spam.

SPF - Sender Policy Framework - an extension of SMTP that stops email spammers from forging the “From” fields in an email. As SMTP itself does not provide an authenticating mechanism, the SPF extension provides an authentication scheme by specifying which computers are authorized to send email from a specific domain. SPF only stops spammers from forging the “From” field in email. It does not stop spammers from sending emails from domains they control or compromise. Spammers can easily publish their own Sender Policy Framework (SPF) record, and therefore it is not an effective spam filtering technique.

Spim – Also spelled as spIM, spam over instant messaging. Spim is perpetuated by bots that harvest instant message screen names off of the Internet and simulate a human user by sending spam to the screen names via an instant message.

SMTP – Simple Mail Transfer Protocol – SMTP is a standard Internet protocol used to transfer email messages between servers (first defined in RFC 821 in 1982). It captures information on the route of a message, but lacks security. As a result, spammers can exploit this by altering the email’s origin.

Spam - Unwanted or unsolicited commercial email messages sent to one or more email recipients against their wishes.

Spamware – Software that is designed for sending email in bulk.

Spoofing - Methods spammers use to conceal their identity. A common way spammers hide their identity is by embedding false and misleading information in email message headers.

Trojan Horses – A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. A common type of Trojan horse is a program that claims to rid your computer of spyware, but instead introduces spyware onto your computer.

Virus - A malicious program that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Whitelist - Sometimes call an Allow List, is a list of addresses and domains from which all messages should be accepted, without being scanned for spam content.

Worms – A special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Zombie - A computer that has been implanted with malicious software that puts it under the control of a spammer without the knowledge of the computer owner.