Anti-spam solution against bots

There’s an easy solution to bot spam that as far as I know nobody has implemented yet.

1. All spam contains hyperlinks
2. All spam is sent repeatedly in a short timeframe from the same computer.
3. There is rarely a legitimate case where a single computer will send greater than some threshold (say 20) emails in a short timeframe which contains hyperlinks.

Therefore, just have email servers check outgoing emails. If emails per second is greater than X, and greater than Y emails have been sent by that system already in the last M minutes, and all those emails contain hyperlinks, that computer is potentially sending spam. It would be more accurate to add the condition “Identical or similar hyperlinks” but that would be easily circumvented.

Legitimate marketers will have their own email servers so can still send legitimate spam (such as mailling lists). Bot computers behind AOL accounts would be throttled.

The way to implement this is through a table which tracks the last N email senders. Every time an email with a hyperlink is sent, lookup that sender in the table. If that sender is not in the table, add it. Add to that sender’s spam score the number of recipients. If this would cause the score to exceed some threshold T, reject the send entirely and flag this sender in some kind of log as a potential spammer. This score will diminish by 1 point every M seconds. If the score reaches 0, remove this sender from the table.

With the correct settings, this won’t bother 99% of the users, spam bots would be throttled, and perhaps most importantly they would be flagged as suspect systems. An admin can then check if that user is indeed spamming and ban as appropriate.

Leave a Reply

Your email address will not be published. Required fields are marked *