Paul Wolfe - Anti-Spam Tool Kit

Paul Wolfe
Charlie Scott
Mike Erwin

McGraw-Hill/Osborne

New York Chicago San Francisco
Lisbon London Madrid Mexico City Milan
New Delhi San Juan Seoul Singapore Sydney Toronto

McGraw-Hill/Osborne
2100 Powell Street, 10th Floor
Emeryville, California 94608
U.S.A.

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book.

Anti-Spam Tool Kit

Copyright 2004 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1234567890 FGR FGR 01987654

Book p/n 0-07-223168-8 and CD p/n 0-07-223169-6
parts of
ISBN 0-07-223167-x

Publisher: Brandon A. Nordin

Vice President & Associate Publisher: Scott Rogers

Executive Editor: Jane K. Brownlow

Senior Project Editor: LeeAnn Pickrell

Acquisitions Coordinator: Athena Honore

Technical Editor: James C. Foster

Copy Editor: Lisa Theobald

Proofreader: Marian Selig

Indexer: Valerie Haynes Perry

Composition: Tara A. Davis, Kelly Stanton-Scott

Illustrators: Kathleen Edwards, Melinda Lytle

Series Design: Dick Schwartz, Peter F. Hancik

Cover Design: Theresa Havener

This book was composed with Corel VENTURA Publisher.

Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

About the Authors

Paul Wolfe

Paul Wolfe is currently an independent information security consultant and author. Before that, he spent eight years in the data center industry (the source and destination of much spam), where he implemented information security policies and procedures, including secure electronic commerce and e-mail systems for small to mid-sized companies. Paul has performed information security work for Fortune 500 companies, law enforcement, and government. He has coauthored the following books: Snort for Dummies (Wiley, 2004), Virtual Private Networks, 2nd ed. (OReilly & Assoc., 1999), Virtual Private Networks, 1st ed. (OReilly & Assoc., 1998), Building Web Commerce Sites (IDG Books, 1997), Building VRML Worlds (McGraw-Hill/Osborne, 1997), and The CGI Bible (IDG Books, 1997). He served as technical reviewer for Web Programming Secrets (IDG Books, 1996).

Charlie Scott

Charlie Scott is an information security analyst for the city of Austin, where he helps maintain the citys network security infrastructure and policies. He sees spam as a special kind of security problem and has engineered spam countermeasures for ISP and government e-mail systems. He serves on the board of directors of Austin Free-Net, a nonprofit, community-based organization dedicated to ensuring underserved communities can access and effectively use the Internet and computer technologies. Charlie is a Certified Information Systems Security Professional (CISSP) and a Cisco Certified Network Professional (CCNP). He has coauthored the following books: Snort for Dummies (Wiley, 2004), Virtual Private Networks, 2nd ed. (OReilly & Assoc., 1999), Virtual Private Networks, 1st ed. (OReilly & Assoc., 1998), Building Web Commerce Sites (IDG Books, 1997), Building VRML Worlds (McGraw Hill/Osborne, 1997), The CGI Bible (IDG Books, 1997), Web Programming Secrets (IDG Books, 1996), and The 60 Minute Guide to VRML (IDG Books, 1995). He served as technical reviewer for The 60 Minute Guide to CGI Programming in Perl 5 (IDG Books, 1996).

Mike Erwin

Mike Erwin is the President and Chairman of Symbiot, Inc., a risk-management company specializing in intelligent security management, risk metrics, and threat modeling. Mike is one of the original founders of Symbiot and continues to guide the company by providing organizational management, leadership, and vision. Prior to Symbiot, he thwarted spam at OuterNet, Inc., an ISP and data center company he founded in 1994, and prior to that, he served as an Internet services manager at Apple Computer. He has given conference presentations on a variety of topics, including anti-spam tactics and tools. Mike is a Certified Information Systems Security Professional (CISSP), and he has coauthored the following books: Snort for Dummies (Wiley, 2004), Virtual Private Networks, 2nd ed. (OReilly & Assoc., 1999), Virtual Private Networks, 1st ed. (OReilly & Assoc., 1998), Building WebCommerce Sites (IDG Books, 1997), The CGI Bible (IDG Books, 1997), Web Programming Secrets (IDG Books, 1996), The 60 Minute Guide to VRML (IDG Books, 1995), and Foundations of WWW Programming in HTML & CGI (IDG Books, 1995).

About the Technical Editor

James C. Foster

James C. Foster (CISSP, CCSE) is the Director of Research and Development for Foundstone Inc., and is responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was a senior advisor and research scientist with Guardent Inc. and an adjunct author at Information Security Magazine, subsequent to working as an information security and research specialist at Computer Sciences Corporation. With his core competencies in programming, web-based applications, cryptography, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial-grade cryptography implementations.

Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He is commonly asked to comment on pertinent security issues and has been sited in USAToday,Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds degrees and certifications in Business, Software Engineering, Management of Information Systems, and numerous computer-related or programming-related concentrations and has attended or conducted research at the Yale School of Business, Harvard University, Capitol College, and the University of Maryland.

Foster is also a well-published author with multiple commercial and educational papers and computer books. He is a contributing author of Hacking Exposed, 4th Edition.

ACKNOWLEDGMENTS

The authors bow humbly before the developers of the open-source and proprietary anti-spam tools covered in this book. Thank you for giving us such a diverse and creative arsenal for spam-fighting.