URL filtering

From ASRG
Jump to: navigation, search
Anti-spam technique: URL filtering
Date of first use: early 2000
Effectiveness: Medium
Popularity: High
Difficulty of implementation: Medium
Where implemented: MTA
Harm: Low


Most spams contain URLs to redirect people to a web site. Software can extract all URLs present in the body of the message and check them against a blacklist. Primitive filters can use static flat file blacklists, and the efficiency and drawbacks are the same of a static list of keywords. Most modern filters use URL blacklists stored in DNS zones, as this is an easier way to distribute these lists.

As long as URLs found in spam change very frequently, maintaining of this kind of blacklist is a hard work and usually needs a lot of spam traps to collect spams.

Efficiency of URL filtering is usually something between 50 % and 70 %. False positive rate can be as low as 0.1 %, but some lists are more aggressive, and can present a higher false positive rate.

Popular URL blacklists include the Spamhaus DBL, SURBL, and URIBL.