Difference between revisions of "URL filtering"

From ASRG
Jump to navigationJump to search
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= URL filtering =
 
 
 
{{ast
 
{{ast
 
|date=early 2000
 
|date=early 2000
Line 10: Line 8:
 
}}
 
}}
  
The idea behind URL filtering is that most spams contains URLs to redirect people to some web site.
+
Most spams contain URLs to redirect people to a web site.  Software can extract all URLs present in the body of the message and check them against a blacklist. Primitive filters can use static flat file blacklists, and the efficiency and drawbacks are the same of a static list of keywords. Most modern filters use URL blacklists stored in DNS zones, as this is an easier way to distribute these lists.
 +
 
 +
As long as URLs found in spam change very frequently, maintaining of this kind of blacklist is a hard work and usually needs a lot of spam traps to collect spams.
 +
 
 +
Efficiency of URL filtering is usually something between 50 % and 70 %. False positive rate can be as low as 0.1 %, but some lists are more aggressive, and can present a higher false positive rate.
 +
 
 +
Popular URL blacklists include the Spamhaus DBL, SURBL, and URIBL.

Latest revision as of 12:32, 9 November 2011

Anti-spam technique: URL filtering
Date of first use: early 2000
Effectiveness: Medium
Popularity: High
Difficulty of implementation: Medium
Where implemented: MTA
Harm: Low


Most spams contain URLs to redirect people to a web site. Software can extract all URLs present in the body of the message and check them against a blacklist. Primitive filters can use static flat file blacklists, and the efficiency and drawbacks are the same of a static list of keywords. Most modern filters use URL blacklists stored in DNS zones, as this is an easier way to distribute these lists.

As long as URLs found in spam change very frequently, maintaining of this kind of blacklist is a hard work and usually needs a lot of spam traps to collect spams.

Efficiency of URL filtering is usually something between 50 % and 70 %. False positive rate can be as low as 0.1 %, but some lists are more aggressive, and can present a higher false positive rate.

Popular URL blacklists include the Spamhaus DBL, SURBL, and URIBL.