The Arms Race Between Spammers And Anti-Spam Products It is almost impossible nowadays to read through the comment sections of forums, blogs, discussion boards without being disturbed by numerous comments advertising products or services or leading to such websites.
To fight this, different methods are employed, such as requiring users to introduce numbers from captcha images or to solve simple but still time-consuming puzzles. 10-20 seconds spent on this might not sound a lot, but for registering on a website, this can be annoyingly long, considering that other information is also to be provided and this consumes additional time. The same goes for posting comments and other activities.
Some companies have come with efficient solutions for dealing with this problem without affecting user experience, providing an absolutely seamless integration of spam filtering and identity check for the user. To identify spam-related visitors or accounts, such cloud anti-spam products can check IP or email in the spam database of blacklisted addresses they possess.
Databases Used For Spam Filtering And IP Check
This database is aggregated from all over the web from similar websites that report spammers and IPs associated with malicious cyber activity but also from other sources and may contain the following information:
- the IP, the domain, the subnet, the ISP – spammers usually reuse the physical infrastructure for activity on multiple fronts, hence the possibility to identify them by the IP;
- the country of origin associated with the IP address – discrimination aside, certain countries are much more likely than others to host servers involved in spamming or hacking. Sometimes, websites might even consider imposing additional checks or blocking altogether certain countries (keep in mind that users can normally bypass the ban using a VPN);
- the email addresses, nicknames, and usernames involved in spamming are often reused on other websites and for other activities. Given that it takes some effort to create and verify an email account, their number cannot be infinite and this can be used as an additional identification tool;
- the date when the first report of malicious activity was received;
- the number of reports (a single report is just a reason for suspicion while dozens of reported acts are a reason to blacklist the IP);
- the types of activity associated with the IP (certain IPs can be considered more dangerous than others, for instance, if they are involved in financial fraud).
This is a sponsored post