URL filtering: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by one other user not shown) | |||
Line 10: | Line 10: | ||
Most spams contain URLs to redirect people to a web site. Software can extract all URLs present in the body of the message and check them against a blacklist. Primitive filters can use static flat file blacklists, and the efficiency and drawbacks are the same of a static list of keywords. Most modern filters use URL blacklists stored in DNS zones, as this is an easier way to distribute these lists. | Most spams contain URLs to redirect people to a web site. Software can extract all URLs present in the body of the message and check them against a blacklist. Primitive filters can use static flat file blacklists, and the efficiency and drawbacks are the same of a static list of keywords. Most modern filters use URL blacklists stored in DNS zones, as this is an easier way to distribute these lists. | ||
As long as URLs found in spam change very frequently, maintaining of this kind of blacklist is a hard work | As long as URLs found in spam change very frequently, maintaining of this kind of blacklist is a hard work and usually needs a lot of spam traps to collect spams. | ||
Efficiency of URL filtering is usually something between 50 % and 70 %. False positive rate can be as low as 0.1 %, but some lists are more aggressive, and can present a higher false positive rate. | Efficiency of URL filtering is usually something between 50 % and 70 %. False positive rate can be as low as 0.1 %, but some lists are more aggressive, and can present a higher false positive rate. | ||
Popular URL blacklists include the Spamhaus DBL, SURBL, and URIBL. |
Latest revision as of 12:32, 9 November 2011
Anti-spam technique: URL filtering | |
---|---|
Date of first use: | early 2000 |
Effectiveness: | Medium |
Popularity: | High |
Difficulty of implementation: | Medium |
Where implemented: | MTA |
Harm: | Low |
Most spams contain URLs to redirect people to a web site. Software can extract all URLs present in the body of the message and check them against a blacklist. Primitive filters can use static flat file blacklists, and the efficiency and drawbacks are the same of a static list of keywords. Most modern filters use URL blacklists stored in DNS zones, as this is an easier way to distribute these lists.
As long as URLs found in spam change very frequently, maintaining of this kind of blacklist is a hard work and usually needs a lot of spam traps to collect spams.
Efficiency of URL filtering is usually something between 50 % and 70 %. False positive rate can be as low as 0.1 %, but some lists are more aggressive, and can present a higher false positive rate.
Popular URL blacklists include the Spamhaus DBL, SURBL, and URIBL.