Anti-Spam Tool Kit

This book is the first to follow in the genre defined by "Anti-Hacker Tool Kit." While AHTK examined tools used by intruders and defenders, ASTK focuses on tools and techniques to counter unwanted email. AHTK has slightly more coverage of Windows than UNIX applications; ASTK spends more time on Windows, especially with client configurations. As a desktop FreeBSD user, I still found plenty of helpful information.

Since I'm not directly responsible for enterprise anti-spam defenses, ASTK's comparison of the many block lists was particularly enlightening. Prior to reading ch 5 I knew of many lists but not their particular capabilities. I found the coverage of SpamAssassin in chs 6-8 fairly thorough. Ch 14's overview of email and headers very helpful. I had not heard of server-based greylisting until reading ch 15.

I found a few of the authors' comments odd. On p. 250 they claim "most organizations do not run UNIX-based email solutions." I find this difficult to believe, but no proof for the statement is given. Figure 2.2 in ch 2 shows a mail sender using POP/POP-SSL/IMAP/IMAP-SSL to send email. At least using Mozilla and Firefox on UNIX, I connect to my ISP's SMTP server to send email and then retrieve it with POP or IMAP. In ch 3 the authors advocate IPv6 because it makes "a spammer's identity known and verified even if he or she doesn't want it to be." IPv6 should not change many, or any, spammer tactics. Spammers aren't forging TCP sessions with IPv4 now; they forge information (headers, etc.) transferred within application layer data. I believe some of these weird comments could have been addressed by more diligent technical editing.

Overall, I found ASTK enlightening and practical. The authors give enough details on various server- and client-side tools to make implementation (at least on a trial basis) possible. I look forward to other tool-related books in the "Anti-Hacker" series.

Rating:
Summary: Actionable spam-fighting tips for users of all types
Review: I've never been interested in viruses, worms, or spam. All three represent the lowest end of malware, with spam occupying a particularly disdainful place in the computer security hierarchy. I wasn't very excited when a review copy of "Anti-Spam Tool Kit" (ASTK) arrived in the mail, but I found myself drawn in by the value of the content and tools it described. I highly recommend anyone tasked with fighting spam read ASTK.

This book is the first to follow in the genre defined by "Anti-Hacker Tool Kit." While AHTK examined tools used by intruders and defenders, ASTK focuses on tools and techniques to counter unwanted email. AHTK has slightly more coverage of Windows than UNIX applications; ASTK spends more time on Windows, especially with client configurations. As a desktop FreeBSD user, I still found plenty of helpful information.

Since I'm not directly responsible for enterprise anti-spam defenses, ASTK's comparison of the many block lists was particularly enlightening. Prior to reading ch 5 I knew of many lists but not their particular capabilities. I found the coverage of SpamAssassin in chs 6-8 fairly thorough. Ch 14's overview of email and headers very helpful. I had not heard of server-based greylisting until reading ch 15.

I found a few of the authors' comments odd. On p. 250 they claim "most organizations do not run UNIX-based email solutions." I find this difficult to believe, but no proof for the statement is given. Figure 2.2 in ch 2 shows a mail sender using POP/POP-SSL/IMAP/IMAP-SSL to send email. At least using Mozilla and Firefox on UNIX, I connect to my ISP's SMTP server to send email and then retrieve it with POP or IMAP. In ch 3 the authors advocate IPv6 because it makes "a spammer's identity known and verified even if he or she doesn't want it to be." IPv6 should not change many, or any, spammer tactics. Spammers aren't forging TCP sessions with IPv4 now; they forge information (headers, etc.) transferred within application layer data. I believe some of these weird comments could have been addressed by more diligent technical editing.

Overall, I found ASTK enlightening and practical. The authors give enough details on various server- and client-side tools to make implementation (at least on a trial basis) possible. I look forward to other tool-related books in the "Anti-Hacker" series.

Rating:
Summary: ok book
Review: The book was ok but it really didn't go into detail about blocking spam besides Spam Assassin. I could have really used more information about spam bouncer and razor. scohen@scohen.mysticjj.com

Rating:
Summary: Good description of state of art in 2003
Review: The book was written around the end of 2003, and gives an excellent technical description of the main antispam techniques being used by ISPs, companies and individuals.

Bayesian techniques are heavily covered here, along with mention of several proprietary versions. The other main technique of note is Realtime Blacklists (RBLs).

But note that the above, and indeed other methods mentioned, suffer from the drawback of heavy manual intervention. For example, to periodically retrain a Bayesian on new sample sets of spam or nonspam. Or, when considering RBLs, having to manually judge whether a given domain is that of a spammer or not.

At the corporate or ISP level, this manual effort is expensive and ongoing. At the individual level, some, like Paul Graham, who suggested using Bayesians, are willing and able to take the time to retrain their Bayesians. But most users are not willing to continuously do this.

One portion of the book is already crucially outdated. In 2004, AOL, and possibly other ISPs, started applying an RBL against domains found inside the bodies of messages, and not just against domains from the headers. As far as I can tell on a reading of this book, whilst it describes various means of finding and applying RBLs, it does not mention the important idea of using them against body domains.

Rating:
Summary: Practical Information and Advice To Help Tame Spam
Review: There is no question that spam is a potential threat to the effectiveness of email as a form of communication and is at the very least an annoyance to anyone who uses email. To that end, a book like this contains valuable advice and information for virtually anyone. The detailed coverage of such a wide variety of tools and techniques- even covering tools for different operating systems and different levels of the network such as client and server- provides a comprehensive "tool kit" for the reader to employ in fighting spam.

The authors provide a sufficient amount of detail for the various tools for the reader to get a feel for their relative pros and cons and how to implement them. SpamAssassin is covered in much greater detail than many of the other products. Many of the tools and utilities covered in the book are included on the accompanying CDROM and are free so you can get right to work blocking spam as soon as you read the book.

There have been some changes in some email clients and the way ISP's handle spam as well as some legal challenges to the concept of RBL's (realtime blackhole lists) since this book came out, but with over 60% of all email being spam it is obvious that many people still need a resource like this.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com)

Rating:
Summary: Death to SPAM!
Review: This book goes a long way in sounding the eath nell against SPAM! I can't believe the coverage of tools and lots of opensource. Great job!

Rating:
Summary: Excellent Client Coverage
Review: This book provides so many spam clients, I'm not sure I've digeted all of it yet. I espesially like the coverage of the Windows clients espesially the open source ones. Well worth the price just for this information.