Definitions and terminology relating to spam, phishing, ransomware and other types of attack
Heuristic analysis
|
Anti-relay
|
Botnet / Zombie
|
Bounce
|
Dane
|
Denial of service - DDOS
|
DKIM
|
DMARC
|
DNSSEC
|
False-negatives
|
False positives
|
Bayesian filters
|
FOVI - President's scam
|
FQDN
|
Greylisting
|
Social Engineering
|
White lists
|
DNSBl blacklists
|
Malware
|
MTA / MDA
|
Opt-in
|
Opt-out
|
Ransomware
|
Scam / Nigerian419
|
Phishing
|
SMTP
|
Spam
|
Spear phishing
|
SPF
|
StartTLS
|
Virus
|
Teergrubing
|
Turing test
|
By clicking on the expressions below, you’ll get a detailed definition with examples and possible applications.
Heuristic analysis
: Heuristic analysis is a set of rules represented as regular expressions. It searches for mails with headers and bodies matching very specific characteristics known to have a high probability of being spam. ALTOSPAM uses a database of over 5,000 rules to identify both American and French spam.
Anti-relay
: Relaying is a technique that allows third parties to use your mail server to send often illegal e-mails. This abusive use of your server generates a problem of availability and quality of service, and engages the responsibility of your company, whose identity has been usurped. Altospam's Mailsafe prevents relaying: Altospam servers are positioned between the sender and your mail server, so the sender is no longer directly reachable via the Internet.
Botnet / Zombie
: A botnet is a network of zombie machines (computers infested with a trojan and controlled without their knowledge) connected to the Internet. The botnet is remotely and globally controlled by a botmaster to perform often repetitive tasks on a large scale. The botmaster hides his identity using proxies, the TOR network and/or shells to mask his IP address.
Bounce
: Bounces are non-delivery emails sent by mail servers. They're not spam, since they're theoretically legitimate. However, as many spammers impersonate legitimate individuals, some bounces may reach you when you are not the originator of the original e-mail.
Dane
: DANE (DNS-based Authentication of Named Entities) is a standardized protocol designed to validate the certificate used in a TLS-secured connection...
Denial of service - DDOS
: Denial of Service (DoS) or Distributed Denial of Service (DDoS) is an attack designed to render a computer application incapable of responding to user requests. Mail servers can fall victim to these attacks. Altospam's Mailsafe, with its front-end position in your SMTP architecture, prevents your server from falling victim.
DKIM
: DKIM is a standard for mail authentication by the sending domain. Using asymmetrical cryptography, it can be used to sign a message to guarantee its integrity, from sender to recipient.
DMARC
: DMARC stands for "Domain-based Message Authentication, Reporting and Conformance", and is a standard for preventing the spoofing of your domain to send e-mails.
DNSSEC
: DNSSEC (Domain Name System Security Extensions) is a standardized protocol for securing DNS data.
False-negatives
: The false-negative rate is the percentage of spam messages interpreted by antispam as legitimate e-mail. A solution like ALTOSPAM, which blocks over 99% of spam, has a false-negative rate of less than 1%.
False positives
: The false-positive rate is the percentage of legitimate e-mails wrongly identified as spam by the anti-spam software. False-positive and false-negative rates are key elements in measuring the quality of an antispam solution. The lower these rates, the more efficient the solution. However, these two rates always vary inversely. ALTOSPAM helps to reduce the more damaging false-positive rate to as low as possible, which is very close to zero.
Bayesian filters
: A probabilistic method for filtering e-mail, based on the statistical distribution of keywords in e-mails. This type of algorithm uses the most heterogeneous possible base of spam and hams (legitimate messages) to be able to recognize the type of message received.
FOVI - President's scam
: Fovi (False Transfer Orders), also known as "President Scams", are highly targeted attacks. They require a preliminary phase of getting to know the target company, its staff and its chairman.
FQDN
: FQDN stands for "Fully Qualified Domain Name", which translates as "Fully Named Host Name". A mail server must be fully named on the Internet.
Greylisting
: Greylisting is an anti-spam technique that consists of temporarily rejecting a message by sending a temporary refusal code to the sending server. The latter, in compliance with the SMTP protocol, must resend the e-mail after a few minutes. Most spam servers don't bother!
Social Engineering
: In the fight against spam, social engineering is a form of scam that uses manipulation or deception to obtain information or access from a third party.
White lists
: List of safe domains or addresses. By default, very few hosts are considered safe, as their addresses could be spoofed by spammers. However, ALTOSPAM uses a self-learning whitelist system to speed up processing time for issuers already tested and considered safe. ALTOSPAM allows users to create their own whitelist.
DNSBl blacklists
: RBL (Realtime Blackhole List) or DNSBL (Back List DNS) are lists of servers or IP networks known to assist, host, produce or retransmit spam, or provide a service that can be used as a medium for sending spam: OpenSMTP Relay, Open Proxy List (OPL). ALTOSPAM uses a wide range of complementary public and proprietary RBLs. ALTOSPAM also enables users to create their own blacklists of e-mail addresses, so as not to be bothered by senders identified as harmful.
Malware
: "Malware" is an umbrella term for all kinds of malicious software. This includes viruses, but also other types such as worms, Trojans, spyware, ransomware, adware and so on. In short, malware is a broad, all-encompassing category of software designed to cause damage, steal data or disrupt the operation of a computer system.
MTA / MDA
: A mail server consists of at least 2 processes: the MTA (Mail Transport Agent) and the MDA (Mail Delivery Agent). The MTA, or SMTP server, handles the reception of e-mails.
Opt-in
: Opt-in is prior consent. In France, it is illegal to send unsolicited advertising emails to individuals without their prior consent. Even if the sender respects opt-in, he still has to respect opt-out.
Opt-out
: Opt-out is the right to object. In France, the sending of unsolicited e-mail is authorized in a professional context, provided that the subject of the e-mail is logical in view of the recipient's position within the company. However, the recipient must always have the option of easily unsubscribing from a mailing list or emailing.
Ransomware
: Ransomware is malicious computer software that takes data hostage. The ransomware encrypts and blocks the files on your computer and demands a ransom in exchange for a key to decrypt them.
Scam / Nigerian419
: Scams are email "cyber scams", also known as Nigeria 419. These e-mails, in which you are solicited for millions of euros in exchange for a percentage, generally come from Africa or developing countries.
Phishing
: Phishing is a fraudulent message using social engineering techniques to steal users' login details, passwords or credit card numbers. We consider phishing to be a form of spam. Spear-phishing is a variant of phishing in which the recipient is targeted, unlike a more massive, generic phishing attack.
SMTP
: The SMTP protocol was defined by RFC 821. It is one of the oldest Internet protocols, and has always been backward-compatible. SMTP is the protocol for sending emails. ALTOSPAM is entirely based on this protocol, and analyzes emails directly during the SMTP transaction.
Spam
: Spam is a prospecting technique involving the mass distribution of unsolicited information, often of an advertising nature, by e-mail. ALTOSPAM considers as spam any email that does not comply with the French Law for Confidence in the Digital Economy (LEN) of June 22, 2004, supplemented by the interpretation clarifications defined by the CNIL at its meeting of February 17, 2005.
Spear phishing
: Spear phishing is a targeted e-mail attack technique aimed specifically at individuals or organizations. Attackers use personalized information and social engineering techniques to create deceptive e-mails that appear legitimate. The aim is to trick the victim into divulging sensitive information, such as login details, passwords or financial information.
SPF
: This issuer authentication technique is extremely easy to implement. The principle is simple: once the sender's domain has been extracted, a TXT-type DNS query is performed on the domain in question to obtain the list of mail servers authorized to send emails.
StartTLS
: StartTLS (or opportunistic TLS) enables an unsecured connection to be elevated to a secure connection on a single port: in an initial unencrypted exchange, client and server communicate about their respective encryption capabilities and agree to establish this secure channel, after which the rest of the communication is encrypted.
Virus
: A computer virus is a program written to spread to other computers. It disrupts the operation of the infected computer to varying degrees of severity. It can be spread via any digital data exchange medium such as the Internet, and in particular via e-mail messages or attachments. Altospam's Mailsafe integrates six complementary antivirus programs, guaranteeing that viruses are not propagated by this means.
Teergrubing
: A session-keeping technique that significantly reduces the response speed of the SMTP server on certain connections considered suspicious. Teergrubing can be used to constrain the SPAM server.
Turing test
: This technique, also known as challenge/response, consists of sending an email requesting authentication (via the reproduction of a displayed code) to the sender of the message in order to verify its actual physical existence. Used on its own, this technology has a number of disadvantages (filtering work shifted to the message sender, systematic sending of often unsolicited messages, generation of false positives). ALTOSPAM has chosen to integrate it with other technologies, and to use it only when appropriate at the end of the analysis, in which case it releases unresolved false positives.