|
Download
|
The more different applications of Spam Validation software that are available to the general public, the less ability spammers will have to frustrate its intent. The software below is provided to encourage organisations to develop their own spam solutions to help reduce the incidence of spam.
OPEN SOURCE CODE
Extracts of the working code of the Spam.a.lot.less! suite of programs are provided free of charge for the open source community, with no representations made whatsoever regarding the effectiveness or reliability of the code, under the terms of the licence set out in the terms section. The code extract was used by us at an early stage of development of the software.
Notes to the software are set out below. The download file contains the notes, along with a number of files. To download the file, click the link below:
sall.opensource.v0.1.tar.gz
The notes below are contained in the file above.
The Spam.a.lot.less! suite of programs (referred to below as "SALL") checks whether emails sent to a user of the suite is included in a list of emailers from whom the user wants to receive emails (the "whitelist"). Typically, this will start off as a dump of the users current address book.
HOW SALL WORKS TO PREVENT SPAM
The principle of SALL uses the basis of the success of spammers as its weakness. Spammers send out literally billions of emails, at relatively no cost. They hope that a tiny minority of people will respond to buy products or check them out. Even though the minority is absolutely tiny in percentage terms, it may still reach several thousands of people.
Conventional spam software tries to guess what spam software looks like. It continually chases the latest fashions used by the spammers to evade recognition by spam software.
SALL, instead, prevents any email being delivered to the user unless it is on a list of approved senders. Where an email comes in from someone not on the approved list, SALL asks the sender to confirm that they sent the email. For valid users, sending out a single confirmation is trivial relative to a single response required. However, spammers would need to respond to all the literally billions of spams they send out, which suddenly creates an overwhelming cost of sending out spam.
SALL has a validation process to check that the sender confirmation is valid. In the current round of programs, the original sender is required to do nothing other than click a link contained within a personalised email written by the user - usually with some wording, style or information that the receiver will use to know that the email requesting confirmation is valid. If spammers are able to work out a system to overcome the validaiton, SALL can easily be amended to create additional hurdles requiring additional human intervention, at just about no notice. If spammers start to employ people to respond, or if the user is using SALL to avoid unsolicited emails from legitimate organisations, the receiver of an invalid email can click a link on the delivered email to blacklist the sender.
Whereas SALL does not eliminate 100% of spam, it is very likely to eliminate a sufficient proportion of spam, and to add sufficient costs to the spammers, that spam may eventually die out.
HOW SALL SOFTWARE ACHIEVES ITS OBJECTIVE
EMails initially come in to the users standard email box. Intermittently, and/or on demand, the suite goes through every email to see if the sender is on the "whitelist". If so, the email is delivered to the users "Spam Free" mail box for collection in the normal way. If not, the email is delivered to a "Pending" mail box. SALL sends out an email to the sender requesting confirmation that they a valid user. Typically, spammers who send out billions of emails do not the resourses to respond to emails. Conversely, valid senders receive an email asking them to take some simple action, the end result of which is an http request sent to the SALL server with details of the valid email address. SALL does a simple sanity check to ensure the http request was not automated by spammer software and changes the status of the sender on the Pending Stack to "Passed". Intermittently, and/or on demand, SALL checks the status of every email on the "Pending" stack. If the status is "Passed", all emails on the "Pending" stack sent by the user are delivered to the "Spam Free" stack. All emails with a "Pending" status which are over 28 days old are deleted from the "Pending" stack.
SALL DOWNLOAD
To download the SALL software, click here
SALL SOFTWARE
The Spam.a.lot.less! suite of programs (referred to below as sall), is made up of five programs:
1. LocalProgramConstants.py
Contains the program constants that you will want to change to modify to your own details
2. sdukSallUtilities.v0.1.py
Contains a few utility routines, that wraps complex code into simple procedures
3. sdukSall.v0.1.py
Contains the code that checks whether emails are approved (in which case they are delivered to the "Spam Free" mail box), or need to be checked before being passed (in which case an email is sent out requesting the sender to confirm the initial email is valid and delivering emails to the "Pending" mail box.
4. sdukPending.v0.1.py
Contains the code that checks "Pending" mail box and either delivers emails that have been subsequently confirmed/approved or deletes them if they are over 28 days old.
5. sdukResponse.v0.1.py
Contains the code that handles the requested email confirmation from the original sender, by verifying that the confirmation is valid and, if valid, setting the status of the sender to "approved" (which sdukPending uses to know which emails can be released to the "Spam Free" mail box)
INSTALLING THE SOFTWARE
1. Simply move all the above programs to a directory of your choice.
2. Set up a "Pending" and "Spam Free" email box
3. Update the LocalProgramConstants with your own details.
4. Read the notes below
5. Set up sdukSallResponse.py to be "served" by your web server
6. Update sdukSall.py with the web address "served" by sdukSallResponse above (line 137 as at 16/02/07)
7. Every 10 minutes or so, or on request, run:
python [directory.path]/sdukSall.v0.1.py
8. Every hour or so, or on request, run:
python [directory.path]/sdukSallPending.v0.1.py
NOTES
1. To run a program at set times, at a linux terminal type:
crontab -e
Add the line (to run every ten minutes):
00,10,20,30,40,50 * * * * python /www/cgi-bin/sduk/sall/sdukSall.v0.1.py >& /dev/null
and/or (to run every hour at 5 minutes past the hour):
05 * * * * python /www/cgi-bin/sduk/sall/sdukSallPending.v0.1.py >& /dev/null:
2. The SALL suite assumes that you have implemented your own database handlers. In SALL, the module dbCLO is imported. This needs to be changed to point to your own handlers. The interface logic may also need to be amended if your own database handles use different interfaces to ours.
Our own handlers are extremely complex and are not easily explained. If there is enough demand for our handlers to be made available, we will work out how simplify the handlers to make them more easily usable.
3. As at 16/02/07, we have not run the open source software in a live environment. If the code needs updating, please let us know what parts of the code need updating.
EXPLANATION OF THE SOFTWARE
The heart of the SALL software is this (extract) code:
1. Connect remotely to a POP3 server (to scan the initial emails)
def ConnectToPOP3Server(StoreCentral, ServerAddress, UserName, Password):
popServer=''
popServer = POP3(ServerAddress)
response = popServer.user( UserName )
response = popServer.pass_( Password )
2. Retrieve the popServer list
The "list" comes in as a tuple with three records - (Message, List, charCount)
The "Message" is something like '+OK'
The "List" is a python list, one entry for each message, in the format:
(MessageNumber MessageLength)
The "charCount" is an integer with the number of characters in the tuple
So the useful information we are retrieving is contained in list[1]
def RetrieveRawHeadersList(StoreCentral, popServer):
HeadersList = popServer.list()
3. Process the email stack
For each email in the list,
"popServer.top" retrieves only the email headers (and none of the message - quite useful if you want to avoid downloaded huge email files only to find out they are spam)
"ExtractEMailHeader" pulls out the "FromAddress" for later comparison with whitelist
"ProcessEMail" establishes what action to take (such as pass, verify or delete) and then takes the action
def ProcessEMails(StoreCentral, popServer, RawHeadersList):
response, RawEMailHeader, CharCount = popServer.top(MessageNumber, 0)
EMailHeader = ExtractEMailHeader(...)
ErrorStatus, Action = ProcessEMail(...)
4. Deliver emails
Deliver emails from the original email box either to the Pending or the Spam Free mail box
"popServer.retr(MessageNumber)" retrieves the full email message from the mail box
An email header is added to the email for subsequent recognition
Each line in "RawEMail" is added to the "SendString"
"smtpServer.sendmail(...)" physically delivers the email to the new box
"DeleteEMailFromServer(...)" deletes the delivered email from the original box
def TransferEMail(StoreCentral, popServer, ToAddress, MessageNumber, SallHeader=''):
response, RawEMail, CharCount = popServer.retr(MessageNumber)
if SallHeader: SendString += '%s' % (SallHeader)
for line in RawEMail: SendString += '%s' % (line)
smtpServer.sendmail(FromAddress, ToAddress, SendString)
DeleteEMailFromServer(StoreCentral, popServer, MessageNumber)
5. Delete emails
Remove unwanted emails from the email server:
def DeleteEMailFromServer(StoreCentral, popServer, MessageNumber):
popServer.dele(MessageNumber)
LICENCING
All code in the SALL suite of programs is copyright to Software Design UK Limited. It is provided free for personal use by organisations and individuals or for commercial use by an organisation in connection with its own emails and is expressly not licenced for the purpose of resale. No representations are made as to the effectiveness or risks associated with use of the software. The software needs to be modified for use by an organisation or individual, who must take responsibility for ensuring the software works according to their desires prior to using it in a live environment. No liability is accepted for any errors arising during its use.
|
|
|