Distributed Checksum

A number of anti-SPAM systems use distributed checksums for detecting and eventually filtering SPAM messages. The idea is that a SPAM message is likely to be sent to a large number of recipients across the Internet; maintaining a central database with the checksum of the single messages passing to MTA servers allows you to compare them and check if they repeat a sufficient amount of time for classifying them as SPAM.

The checksum is usually not computed against the entire message, but rather on different parts every time using fuzzying and/or random algorithms because SPAM messages might be slightly different for every recipient, including a different name in the first greeting line for instance. For every message received, an MTA that implements a distributed check summing-based filter will connect to a specified server, send the checksum, get the response back, and evaluate the results.

Distributed checksums require careful whitelisting for all legitimate traffic that, for some reason, is sent to a large number of recipients, most notably mailing list traffic (especially on large announcement lists). It also increases network traffic on your end since every received message requires a lookup on a central server.

Several filters that implement this idea are available, most notably DCC, Razor, and Pyzor.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment