You are on page 1of 23

Chng 1: Th rc v tc hi ca th rc

1.1. nh ngha th rc Hin nay cha c mt nh ngha hon chnh v cht ch v th rc. C quan im ch coi th rc l nhng th qung co khng c yu cu (Unsolicited Commercial Email - UCE), c quan im c th rc vi ngha rng hn, bao gm c th qung co, th nhng lm (quy ri), v nhng th c ni dung khng lnh mnh (Unsolicited Bulk Email UBE). Di y s a ra mt nh ngha thng dng nht v th rc v gii thch cc c im ca n phn bit th rc vi th thng thng. Th rc (spam) l nhng bc th in t khng yu cu, khng mong mun v c gi hng lot ti nhiu ngi nhn. Th khng yu cu y ngha l ngi nhn th khng yu cu ngi gi gi bc th . Th c gi hng lot ngha l bc th m ngi nhn nhn c nm trong mt lot cc th c gi i cho nhiu ngi khc v cc bc th ny c ni dung tng t nhau. Mt bc th c gi l th rc ch khi n l th khng yu cu v c gi hng lot. Nu th rc ch l th khng mong mun th n c th l nhng bc th lm quen, c gi ln u tin, cn nn th rc ch l th c gi hng lot th n c th l nhng bc th gi cho khch hnh ca cc cng ty, cc nh cung cp dch v. Nh nh ngha trn, th rc l th khng yu cu v c gi hng lot. Nhng yu t quan trng nht phn bit th rc vi th thng thng phi l ni dung bc th. Khi mt ngi nhn c th rc, ngi khng th xc nh c th c c gi hng lot hay khng nhng c th ni chnh xc l th rc sau khi xem ni dung th. c im ny chnh l c s cho gii php phn loi th rc bng cch phn tch ni dung th. 1.2. Cc loi th rc a s th rc l th qung co cho hng ho hoc dch v. Tuy nhin cng tn ti mt lng ln th rc mang nhng ni dung khc. Cc th rc khng mang ni dung qung co hng ho hay dch v c th phn chia thnh: Th c ni dung chnh tr: do cc t chc hay c nhn hot ng chnh tr gi trc tip ti ngi dng th in t phc v mc ch qung b, tuyn truyn hay to quan h trc tip. Hin nay ti Vit nam, th rc c ni dung chnh tr hu ht l ca cc t chc phn ng ngoi nc gi v v cn c bit ngn chn. Th t thin: do cc t chc hay c nhn hot ng t thin gi vi ni dung yu cu quyn gp hay tr gip. Ngi gi th dng ny c th

khng nhn thc c h ang gi th rc do c s bin h t mc ch gi th. Th c ni dung tn gio: dng tuyn truyn qung b cho cc t chc hoc hot ng tn gio. Trong s th nhng th qung co, mt s dng hng ho v dch v chim t trng c bit ln. Di y l kt qu phn tch thng k cc th rc gi qua my ch hotmail.com trong nm 2003 v 2004 do Microsoft thc hin [Hulten trends]. Bng 1.1: Thng k cc dng th rc ti my ch Sn phm qung co Qung co lin quan n tnh dc (khng ho) Tranh nh khiu dm Bo him Qung co thuc Ti chnh Du lch, sng bc Bn tin Cc sn phm c xut s ng ng (vn bng gi.v.v.) Scam Cc dng qung co khc Nm 2003 17% 13% 1% 8% 12% 2% 9% 20% 8% 13% Nm 2004 34% 7% 4% 10% 13% 3% 6% 10% 6% 8%

1.3. Tc hi ca th rc Th rc hin chim mt t l rt ln trong tng s th in t c gi qua Internet. Theo cc thng k khc nhau, th rc chim t 71% n 87% lng th gi qua cc my ch th in t. Lng th rc qu ln gy ra nhiu tc hi i vi s pht trin Internet ni chung v ngi s dng th in t ni ring. C th k ra mt s tc hi ca th rc: - Th rc gy thit hi v kinh t cho ngi nhn th trong trng hp ngi nhn th phi tr tin cho lng thng tin truyn qua mng. - Th rc c th lm y hp th ngi nhn v do vy lm tht lc nhng th bnh thng n sau. - Th rc lm tn thi gian do ngi nhn phi m th v xo th khi hp th ca mnh. - Th rc gy tm l xu i vi ngi s dng th in t. Theo thng k ti http://www.pewinternet.org, 25% ngi s dng th in t coi th rc l tr ngi ln khi s dng dch v Internet ny.

- Th rc chim mt phn ng truyn Internet v lm tn thi gian x l ca my ch. 1.4. Quy trnh v th on gi th rc pht tn th rc, nhng ngi gi th rc phi c c nhng iu kin sau: mt l c danh sch a ch email nhn th, hai l c cc server cho php gi th, ba l phi son c ni dung th theo yu cu qung co v qua mt c cc b lc ni dung, cui cng cn c nhng chng trnh gi th i. 1.4.1. Thu thp a ch email gi th rc i, ngi gi th rc cn phi c mt danh sch cc a ch email cn gi. Danh sch a ch email ny c th thu thp c t nhiu ngun khc nhau, h c th mua t cc trang web thng mi c nhiu thnh vin ng k hoc s dng cc k thut di y c c a ch email ca i tng cn gi th. Ngi gi th rc (hoc i tc ca h) thng tung ra cc trang web gi by ngi dng gi a ch email cho h. K thut ny c gi l Phishing email.

Hnh 1.1: V d v trang web ly cp a ch email ca ngi dng Ngi gi th rc cn s dng cc my tm kim ch tm kim a ch email trn cc trang web. Cc my tm kim ny s tm kim nhng trang c k hiu @ v s tch a ch email t ra. Nhng chng trnh tm kim email theo kiu nh vy cn c gi l spambots. Danh sch cc a ch cng c th c sinh t ng theo mt c ch no xc sut tn ti ca a ch sinh t ng c th chp nhn c. a ch email

thng c to ra nh kt hp gia cc h tn ph bin vi cc domain nhiu ngi dng v cc con s c ngha. V d nh a ch email c sinh nh sau: T a ch gc l: nguyenvannam + @ + fpt.com.vn C th sinh ra cc a ch sau: nguyenvannam1@fpt.com.vn, nguyenvannam2@fpt.com.vn,.. nguyenvannam1982@fpt.com.vn, nguyenvannam1983@fpt.com.vn,.. xc nh mt a ch email c tn ti hay khng, nhng ngi gi th rc s gi mt bc th ti tt c cc hm th trong danh sch sinh t ng. Nu hm th tn ti v ch nhn ca n m bc th ra th s c mt chng trnh c kch hot thng bo v s tn ti ca a ch cho ngi gi th rc. Cch ny cn gi l sinh a ch email theo kiu t in. 1.4.2. Tm kim cc my tnh trn Internet cho php gi th Mun gi c th rc, ngi gi th rc cn c trong tay mt danh sch cc server gi th i. Cc server ny c th l nhng server chuyn gi th rc do ngi gi th rc s hu hoc thu, hoc l nhng server b ngi gi th rc li dng. Hnh nh sau y l trang qung co ca mt s cng ty chuyn tung th rc c Google lit k khi tm kim hai t bulk mail:

Hnh 1.2: Mt s website ca cc cng ty gi th rc Ngi gi th rc thng khai thc l hng ca nhng server cho php chuyn tip th (open relay) hoc nhng proxy m cho php gi th (open proxy).

Gi th rc

ISP

Nhn th rc

Mng trung gian

Open Mail Relay


ngi dng cc b

Hnh 1.3: Minh ha cch gi th rc qua mail server (open relay) Trn mng Internet thng c rt nhiu mail server cho php chuyn tip th. Ngi gi th rc hay s dng cc server ny chuyn tip th rc v khi h s kh b pht hin hn v chuyn c cc gnh nng v ng truyn sang cho cc server . Tuy nhin nhng mail server dng ny thng sm b a vo danh sch en (danh sch nhng a ch IP b chn) ca cc b lc th rc v khng th tip tc gi th rc c na. Mt loi server khc l cc proxy cho php gi th cng c ngi gi th rc c bit yu thch. Mc ch ca nhng proxy ny l gip cc trang web vt qua c tng la (firewall). Mt s proxy cho php gi th v bt c ai cng c th truy cp c. Ngi gi th rc li dng im ny pht tn th rc. Khi s dng nhng proxy ny, Ngi gi th rc hu nh khng b pht hin. Mt khc, vic li dng ny thng c lu di v nhng ngi qun l proxy khng quan tm ti vic proxy c b lit k trong danh sch en ca cc b lc hay khng (v mc ch chnh ca proxy khng phi gi th). Ngoi hai cch trn, nhng ngi gi th rc cn thu cc my tnh ma gi th rc. V y l cc my tnh khng c qun l nn kh c th php hin ra tc gi ca cc bc th rc. Thm na vic thu cc my tnh ny li kh r nn c ti 40%-60% ngi gi th rc bt u t chiu thc ny. Khng ch dng li vic i thu my tnh ma, nhng ngi gi th rc (v cng l nhng hacker) cn chim quyn kim sot cc my tnh hp php gi th rc Vo u nm 2005, Microsoft tin hnh kho st th mt my tnh b nhim m c v b hacker nm quyn iu khin t xa, tc my tnh ny tr thnh mt my tnh ma (zombie pc). Kt qu kho nghim cho thy rng ch trong vng 20 ngy, my tnh ma ny nhn c 5 triu yu cu kt ni t nhng ngi th rc v chnh n cng gi ti 18 triu th rc. Trong nhng ngy cao

im nht, my tnh ma ny nhn c n 470.000 yu cu kt ni v khong 1,8 triu th rc t n gi i.

CHNG 2 - GII PHP PHNG CHNG TH RC


2.1. Nhng k thut gi th rc v b lc ca Spammer. 2.1.1. Gi th rc m ha. S dng cc tp tin nh km c m ho l k thut mi nht qua mt h thng lc ni dung ca nhng k chuyn pht tn th rc. K thut tn cng kiu mi da trn mt im yu trong cc h thng lc ni dung. l nhng h thng ny khng th qut duyt ni dung trong cc email cha tp tin nh km c m ho hoc c bo v bng mt khu. Ngi nhn nhng email nh th ny c th d dng tm thy mt khu gii nn tp tin nh km v chng c t sn trong ni dung ca email. Thng mt khu s c t bng nhng dng cu ni d thu ht s ch ca ngi dng nht. 2.1.2. Gi th nh km tp PDF. nh km file PDF l bc i khn ngoan v ngi s dng vn ngh thng ip qung co s phi hin ra ngay trong phn ni dung ca e-mail. Hn na, nh dng PDF hin ph bin trong giao dch, do ngi nhn cn m file do lo ngi b l thng tin quan trng. 2.1.3. Gi th rc nh. c gi l dng th rc "da trn hnh nh", cc bc nh rc ny

thng khng cha bt k on k t no, khin cho cc b lc th rc, vn ch tm kim cc a ch URL hay cc on vn bn ng nghi, kh khn hn trong vic ngn chn. Thay v mt on vn bn, ngi dng s ch thy mt file nh dng .gif hoc .jpeg c nhng trong th mi mua cc loi dc phm hoc u t chng khon. 2.1.4. Lin kt ngi dng Internet ti Website gi mo. Th rc ngy nay khng n thun l nhng thng tin qung co m cn c th lin kt ti cc Website gi mo. Cc Website ny khng phi Website do Spammer t to ra m l nhng Website tn cng c. l cc Website c nh gi cao, ng ngi truy cp. Cc Website cha h thng thng tin ti khon hm th ca nhng ngi truy cp v thng qua Spammer thu thp a ch email nhm pht tn th rc. i vi cch tn cng ny cch chn th rc bng URL khng cn tc dng. 2.1.5. S dng cc hm th hp l. Cc b lc a ch IP phn tch phn u Header ca cc th in t cng khng cn hiu qu nu cc Spammer s dng cc hm th hp l nh Yahoo!, Gmail, Hotmail, gi spam. Tin tc khai thc cc ti khon Webmail to ra mt cch t ng, s dng cc hm th ny pht tn th rc. Hin nay cc dch v Webmail s dng cng c h tr CAPTCHA chng li vic t ng to lp cc hm th, t hn ch c kh nng tn cng ny. 2.1.6. Phng php tn cng kiu t in (Dictionary Attack). Trong lnh vc phn tch mt m, hay bo mt my tnh, tn cng kiu t in (Dictionary Attack) l mt k thut ph mt m v c th nh bi c ch xc thc bng cch xc nh cc m kha v cc cm t mt khu c kh nng c s dng. Khng ging kiu tn cng Brute force (phng php tn cng theo cch s dng tt c cc kh nng c th xy ra), th tn cng kiu t in ch xem xt n cc kh nng c th thnh cng cao nht, m cha kha thnh cng l danh sch cc t trong t in. T l thnh cng ca Dictionary Attack l rt cao do khuynh hng ngi s dng mt khu thng chn nhng mt khu ngn (thng l 7 k t hoc nh hn), hoc mt khu l nhng t ghp t nhng t n trong t in, hoc cng c th ch n gin l ni cc t n l vi mt con s, hoc l cc bin th khc

d on i vi mt my tnh c tc x l cao. Tn cng kiu t in c th c s dng trong 2 trng hp : - Trong lnh vc ph mt m: Dictionary Attack c gng xc nh cc cha kha gii m da vo mt phn ca vn bn c m ha. - Trong lnh vc bo mt my tnh: Dictionary Attack dng ph v c ch xc thc, truy cp vo h thng my tnh bng cch on mt khu. trng hp xc thc c th lm gim kh nng thnh cng ca k thut tn cng kiu t in bng vic gii hn s lng xc thc ngi dng trong cng mt khong thi gian. Thm ch c th gim thiu ng k kh nng thnh cng ca Dictionary Attack, ngi qun tr c th block ti khon sau mt s ln xc thc khng thnh cng. S ln xc thc thng c t khong 6 ln trnh trng hp t s ln xc thc qu t c th dn n block nhm nhng ngi s dng hp php. Tuy vy, nhiu h thng vn lu tr mt khu di mt s hnh thc c th b Attacker ly cp c. Khi k tn cng ly c mt s manh mi, chng c th on mt khu mt cch rt nhanh chng. Tc d on mt khu c th ln ti chc triu hoc trm triu kt qu trong mt giy. Danh sch t in c ni rng ra bi c rt nhiu ngn ng m ngi dng c th s dng lm mt khu, iu ny cng gim thiu c t l thnh cng ca kiu tn cng ny. Cc Spammer thng hay s dng k thut tn cng ny i vi nhng a ch email m chng thu thp c. V d nh khi chng gi tin ti cc a ch abc@yahoo.com, cde@yahoo.com,.. Nu nh c bt k mt a ch no c phn hi li th ca chng, th a ch s b lit k vo danh sch cc a ch m Spammer gi th rc. 2.1.7. S dng cng ngh nhn din k t quang hc (OCR). Cng ngh CAPTCHA mc nguyn thy ch n gin l nhng k t pht ngu nhin trnh vic to lp t ng mailbox ca Spammer. Tuy vy cng ngh OCR c Spammer s dng nh gi chui k t nh m CAPTCHA pht sinh. 2.1.8. Tn cng l hng DNS. L hng DNS (Domain Name System) cng c th b khai thc. Khi ngi s dng nh a ch Website ng nhng vn b dn dt vo mt Website gi mo c giao din v ni dung tng t nh Website chun, t ngi truy cp c th d

dng mt thng tin. 2.1.9. Tn Cng Bng Su Gaptcha. Ngy 22/04/2009, h thng Honeypot ca Bkis pht hin c mt mu su my tnh mi, chng ti cp nht mu nhn din v t tn l W32.Gaptcha.Worm. y l su t ng ng k ti khon ca Gmail vi mc ch pht tn th rc. ng k ti khon Gmail mt cch t ng, su Gaptcha vt qua c c ch CAPTCHA ca Gmail. CAPTCHA l mt c ch c Google dng ngn chn vic ng k ti khon Gmail t ng. My ch s yu cu ngi +-ng k ti khon c mt bc nh gm cc con s v ch ci bin dng sau in chnh xc nhng k t vo trng. Tuy nhin su Gaptcha vt qua c c ch ny. Khi vt qua c CAPTCHA, su Gaptcha lin tc t ng ng k cc ti khon Gmail sau gi gi thng tin v ti khon ng k c cho hacker. n khi Gmail kha a ch IP ca my b nhim n s t g bn thn khi h thng. Khi my ca bn b nhim virus ny, bn s thy hin tng ca s Internet Explorer t hin ln v c th chng kin ton b cc bc ng k ti khon Gmail t ng ca su Gaptcha. Sau , c th bn cng khng ng k c ti khon Gmail v IP ca my tnh b Gmail chn li. 2.2. B lc th rc v cng ngh chng th rc. 2.2.1. B lc th. B lc l mt thnh phn h tr trn cc phn mm phng chng Spam. B lc hot ng da vo cc b lut ca h thng. Cng vic ca b lc l da vo tiu ch lc ca h thng phn bit v cho php hay ngn chn th thm nhp vo h thng. Mt h thng c th kt hp nhiu b lc khc nhau, v c thit lp mc u tin.

Hnh 2.1. H thng lc th 2.2.2. Cc phng php lc th rc. Th rc tr thnh mi him ha i vi cc doanh nghip, cng nh nhng c nhn. Cc phng php pht hin v ngn chn th rc c s dng rng ri c th k ti: 2.2.2.1. Co-opperative Spam Checksums. K thut ny phn tch mt th in t thnh nhiu phn ring bit, thc hin tnh ton Checksums trn mi thnh phn phn tch trn. Nu mt th in t c xc nh l th rc Spam, cc thnh phn ca th ny s c a vo c s d liu nh l mt du hiu nhn bit Spam. C s d liu c truy vn mi khi kim tra checksum cc thnh phn ca email. H thng s nhn bit c thnh phn no c gi tr checksum trng hp vi gi tr truy vn trong c s d liu, t h thng tr v mt gi tr nh gi mt email c phi l th rc hay khng da trn s lng thnh phn kim tra checksum. 2.2.2.2. Signature & Spam Scoring.

K thut ny s dng mt danh sch cc t kha, c gi l cc du hiu (signature). Khi mt email c gi ti, h thng phn tch xem ni dung th c cha nhng du hiu khng. Mi ln du hiu c xut hin trong email, s im ghi gi tr nh gi Spam c cng thm ng bng gi tr ca du hiu . Tng im thu c cng cao, th nguy c Spam cng s tng cao. 2.2.2.3. Whitelists & Blacklists. y l hai loi c s d liu m ngi dng t t ra. Trong Black list l danh sch cc a ch gi th khng mong mun, cn White list l danh sch cc a ch hm th c php gi th ti. Cc email nm trong nhm Black list lun b b lc coi l th rc spam, cn a ch th nm trong nhm White list lun c b lc cho qua. B lc c c ch t hc. Khi mt email gi ti c nh du l th gi spam th a ch ngi gi s c t ng a vo danh sch Black list. i vi cc hm th in t ca cc c nhn trong cng ty gi th ra ngoi, b lc cng t ng t vo danh sch White list. Vic ny lm gim bt thao tc cho ngi qun tr h thng. 2.2.2.4. Heuristics. K thut lc Heuristics s dng cc tp lut thng minh xc nh cc c im ca th rc. B lc Heuristics l cc lut da trn cc c im ca th rc phn bit mt th l spam hay ham. Mt th c th c mt s c im ca th rc, tuy nhin s lng cc c im ca th phi ln xc nh th l spam hay khng. 2.2.2.5. Realtime IP Blacklist. Ti Header ca mi email cha cc thng tin a ch IP ca cc gateway m email i qua. Cc a ch ny s c kim tra xem c l mt trong s cc a ch IP nm trong Blacklist hay khng. Realtime IP Blacklist l danh sch lit k: - a ch IP l ngun pht tn Spam : Danh sch cc min gi spam bit, v c lit k, cp nht ti a ch http://spamhaus.org/sbl - Cc a ch IP l knh tip vn (open-relay) : Danh sch cc Mail Server cho php gi th rc hoc b li dng chuyn tip cc th rc spam. Danh

sch ny c lit k v cp nht ti a ch http://www.ordb.org - Cc mng dial-up (thng khng c trc tip gi email) nn c th l cc a ch pht tn Spam. Qu trnh gi th ti ngi nhn phi i qua mt s SMTP Server trung gian. Cc a ch ca cc SMTP Server ny c lu ti phn header ca email ny. Chng trnh chng Spam s kim tra header ca email, c cc a ch email ca cc SMTP Server m email i qua, so snh vi c s d liu DNS Blacklist bit. Nu trng vi mt trong s cc a ch IP trong DNS Blacklist, th ny s c duyt l spam, cn nu khng th l th email thng thng. Phng php ny kim tra email trc khi ti xung, do vy u im l khng chim dng bng thng. Nhc im l khng pht hin c email gi mo a ch ngi gi. 2.2.2.6. Realtime URL Blacklist (SURBL list). Phng php lc theo ni dung email xc nh spam. Mt k thut m cc Spammer hay s dng l cung cp cc a ch URL lin kt n nhng Website bn trong ni dung cc email. H thng pht hin trong ni dung mail nhng lin kt URL c nm trong Spam URL Blacklist (SURBL) hay khng. SURBL lit k danh sch cc min v a ch ca cc spammer bit. C s d liu c cung cp v cp nht thng xuyn ti a ch http://www.surbl.org. u im ca phng php ny l pht hin c email gi mo a ch ngi gi, tuy nhin nhc im l phi ti email xung kim tra, nn s chim bng thng ng truyn, cng nh i hi ti nguyn my tnh x l kim tra ni dung th. 2.2.2.7. URL to IP Mapping Danh sch cc URL trong email c kim tra thng qua h thng Internet DNS v c tin hnh chuyn sang cc a ch IP tng ng. Nu

nh a ch IP nm trong Blacklist thi gian thc th email cha URL c kh nng l mt th rc. 2.2.2.8. URL Categorization H thng cha mt khi c s d liu c kh nng phn loi c cc URL. Danh sch cc URL trong email c x l thng qua c s d liu ny t lit k v tnh ton mc im s xem email c phi l mt th rc hay khng. 2.2.2.9. Domain Age Cc Spammer ng k cc tn min trn Internet, s dng chng vi mc ch gi th rc, sau hy tn min sau mt thi gian ngn. H thng kim tra thi gian tn ti ca tn min gi th rc tnh ton kh nng mt email l mt th rc hay khng. 2.2.2.10. Phng php chn IP Phng php ny chn email t mt a ch IP bit trc. Khi mt email c gi n, b lc s phn tch a ch IP ngi gi. Nu a ch ny nm trong c s d liu a ch b chn th email gi l spam, nu khng l ham. 2.2.2.11. Phng php kim tra ngi nhn Phng php ny ngn chn c kiu tn cng bng t in. Xut pht t mt s email hp l ca mt min xc nh s to cc email hp l khc. T spammer s s dng kiu tn cng ny gi ti cc email c sinh ra mt cch ngu nhin, trong ch c mt s a ch mail l c thc, v hu ht l cc a ch khng tn ti, t gy trn y mail cc Mail Server. Phng php kim tra ngi nhn s dng Active Directory hoc LDAP kim tra s tn ti ca cc a ch mail ngi nhn c thc trn Active Directory ca cng ty hay khng. Nu s lng hm th in t khng tn ti vt qu ngng do qun tr vin t ra th th c gi ti b xt l th rc. 2.2.2.12. Phng php kim tra ngi gi Phng php kim tra a ch ca ngi gi v ngi nhn. u tin l kim tra a ch ca ngi gi trc khi email c ti xung, nh vy tit kim c bng thng ng truyn cho h thng.

K thut SPF (Sender Policy Framework) c p dng kim tra a ch ngi gi. SPF cho php ngi s hu mt tn min trn Internet s dng cc bn ghi DNS c bit (bn ghi SPF), ch r nhng my c gi email ti min ca h. Khi mt email c gi ti, SPF s kim tra trng From hoc trng Sender xc nh a ch ngi gi, sau i chiu vi cc bn ghi SPF to dng. Nu a ch ngi gi n t mt server khng c trong cc bn SPF m min cng b th b coi l a ch gi mo. 2.2.2.13. B lc Bayessian Filtering B lc Bayesian c xy dng da trn nh l Bayes, tnh xc sut th gi ti c phi l mt th rc hay khng. Trc khi s dng b lc Bayesian, ngi s dng phi nhp c s d liu t kha nhn din v du hiu so snh (v d : $, a ch IP, min,) thu gom li t cc th khng mong mun. Mi t kha hay du hiu ny c nh gi bi cc gi tr xc sut xut hin. Gi tr ny c tnh da trn vic tnh ton c bao nhiu t thng hay c s dng trong cc loi th rc. Cng vic tnh ton ny da vo vic phn tch cc th email gi i ca ngi dng v cc kiu th rc bit. Chnh v vy c s d liu c np ph thuc vo mc ch s dng. 2.2.2.14. Phng php kim tra Header B lc s kim tra cc trng trong phn Header ca email. Phng php ny xc nh mt email c phi l th rc hay khng da trn cc tiu ch sau: - Trng From hoc trng To trng - Trng From cha a ch khng tun theo chun RFC - Cc URL trong phn header v phn thn ca message c cha a ch IP c m ha di dng h hex/oct hoc c s kt hp theo dng username /password (v d a ch: http://00722353892/hello.com, ) - Gi ti mt s lng ln cc ngi nhn khc nhau. - S dng cc ngn ng khc vi ngn ng ca ngi nhn ang s dng.

2.2.2.15. Challenge/Response System (C/R System) H thng yu cu ngi gi th ln u tin xc nhn li email u m h gi. Nu ngi gi tr li li hoc n gin tr li bng cch click vo ng link xc nhn th a ch ngi gi s c a vo danh sch White list. c im ca cc spammer l s dng ch t ng gi, do vy chng khng th xc nhn li, v a ch ca cc spammer s c a vo danh sch Black list. Mt form xc nhn c th l nh sau : Lu : ch nn p dng cho cc email nghi ng l th rc. 2.2.2.16. Digital Signature K thut s dng xc nh mt email c phi l mt ham hay khng. K thut ny da trn ch k s m ngi gi to ra, v n c lu li trong Header ca email. Bn nhn kim tra ch k c trng khp vi ch k ban u hay khng, vic ny lm gim thiu kh nng gi ch k. 2.2.3. Cng ngh chng th rc 2.2.3.1. Cng ngh SPF (Sender Policy Framework) SPF (Sender Policy Framework) l mt trong nhng k thut ngn chn th rc theo chun ca t chc chng th rc quc t. SPF l phn mm nhn din message gi ti, s dng kim tra a ch ngi gi. SPF s dng cc cu lnh SMTP HELO v MAIL FROM v da vo cc thng tin c cng b cc chnh sch m ngi s hu Domain thit t xc nhn message gi n. SMTP cho php gi email t bt k my tnh no v t bt k mt ngi no. Chnh v vy vic Spammer s dng nhng a ch gi cng tr nn d dng. SPF v c bn cng tng t nh s dng DNS Blacklist, tuy nhin iu khc cn bn v c bit nht chnh l SPF cho php y quyn mnh m. SPF c p dng vi mc ch xc nh a ch email c quy nh cho php gi. SPF phn ra 2 loi bn ghi chnh l SPF PASS (nhng a ch cho php gi) v SPF FAIL (nhng a ch b chn gi). K thut ny cho php ngi s hu tn min yu cu nh cung cp dch v to cc bn ghi DNS c bit (bn ghi SPF). Cc bn ghi SPF ny chnh l c s d liu cha nhng a ch my tnh c php gi email ti min ca h. Cc thng tin ca ngi gi c ghi trng From hoc Sender ca th in t, b lc SPF kim tra cc trng thng tin trn, so

snh vi bn ghi SPF trong c s d liu ca mnh. Khi mt email bt k c gi ti, nu gi tr cc trng thng tin trng vi gi tr cc bn ghi th email xut pht t mt Server c php gi ti min ny. Cn nu khng email s b ngn chn v b nghi l gi mo.

Hnh 2.2: H thng lc th vi SPF Spammer c th gi message vt qua SPF nu nh chng s hu mt ti khon trong Domain m chnh sch thit lp cho php gi ti. Tuy nhin vic ny li li du vt r rng v s b truy t. Cc bc thc thi c th ca h thng SPF : - Cng b chnh sch : Domain nhn dng my gi email bng cch kim tra thng tin cc bn ghi Host A hoc bn ghi MX trong DNS. - Kim tra v s dng thng tin SPF : Ni nhn s dng cc cu truy vn DNS tng tc x l thng tin da vo kh nng Cached ca DNS. Sau dch cc thng tin SPF v da vo kt qu nhn c hnh ng. - Duyt li mail c chuyn tip : SPF khng chuyn tip cc message b trng. Cc bn ghi c cu trc tng t nh v d sau : thanglong.vn. IN TXT v=spf1 a mx all

trong v : l Version ca SPF ang s dng. a, mx : ch nh r mt h thng c cho php gi email ti Domain. -all : la chn rng buc mc nh phi c i vi mi message, nu khng thm all th message khng c chp nhn. C th c 8 la chn trong vic to lp bn ghi SPF : - ALL: i s mc nh cho mi message - A: Bn ghi A (hoc AAAA i vi IPv6) s tng ng vi a ch ca ngi gi. (y l trng hp message ti trc tip t mt Domain). - IP4: Nu ngi gi c a ch thuc IPv4. - IP6: Nu ngi gi c a ch thuc IPv6. - MX: Bn ghi MX phn gii c a ch ngi gi. (Trng hp message ti t mt Mail Server ca Domain). - PTR: Bn ghi DNS ngc (chuyn i t a ch IP sang tn min Domain) - EXISTS: t khi c s dng. - INCLUDE: If the included (a misnomer) policy passes the test this mechanism matches. This is typically used to include policies of more than one ISP.

Hnh 2.3: M phng truy vn bn ghi SPF 2.2.3.2. Cng ngh SIDF (Sender ID Framework) Sender ID Framework SIDF l mt cng ngh c pht trin bi Microsoft v c IETF h tr nhm tng kh nng pht hin cc loi th la phnh, ng thi ci thin kh nng phn phi v xc nhn email. SIDF l mt giao thc xc thc email c thit k pht hin nhng a ch th in t khng c gi tr v SIDF khng ph thuc vo kin trc email. Vic s dng SIDF tr nn ph bin trn th gii khi ti hn 12 triu Domain p dng, v ti gn 50% th gi trn Internet s dng c ch xc thc ny. SIDF t ra rt hu hiu khi ngn chn c cc ngun th n t cc cng ty hay ISP khng ng k tn min vi h thng SIDF. Mc d SIDF khng ngn chn c hon ton th rc gi ti, tuy nhin SIDF lun cung ng trc tuyn v s dng c s d liu c nng cao dn chng Spam bng phng php lc Heuristics , tng kh nng tin tng ca ngi s dng. SIDF s yu cu xc thc i vi mi message c gi ti. H thng s kim tra a ch ca Server gi email da vo danh sch cc Server c ng k cho php gi. H thng s yu cu cc nh cung cp dch v, cng ty, v cc nh qun l tn min ng k danh sch a ch s duy nht ca cc my ch qun l. Vic kim tra din ra mt cch t ng bi cc ISP hoc bi cc MTA ca ngi nhn trc khi email c gi ti ngi nhn. pha u nhn, SIDF s thc hin cng vic xc nhn trn Mail Server xem ngun gi i c nm trong c s d liu tn min c ng k hay khng. Nu c trong danh sch th c xc nhn th c gi t mt Server m bo. s dng SIDF, ngi gi email v ngi s hu tn min bt buc phi cng b a ch IP ca interface giao tip vi bn ngoi ca Mail Server hoc a ch IP ca my trung gian c y quyn gi message.

Hnh 2.4: H thng lc th vi Sender ID Cc bc thc hin c th nh sau : - Ngi gi s dng phn mm th in t (MUA) hoc s dng giao din Web gi message. - Server (MTA) ni nhn s nhn v message ny, sau s dng SIDF bng vic gi ti Purported Responsible Domain's (PRA) DNS tra cu DNS bn ghi SPF. - MTA nhn s so snh a ch outbound cng b ca bn gi vi a ch ghi nhn trong bn ghi SPF xem c trng khp hay khng. - Ty thuc vo qu trnh xc thc MTA ni nhn s c nhng x l i vi message. SIDF lm gim i s lng ln cc th in t khng mong mun. Vic ng k a ch s duy nht gy rt nhiu kh khn cho cc Spammer khi mun lm gi phn Header hoc lm gi a ch ngi gi. Tuy vy SIDF cng cha th c hon thin. N c th khin 10% th hp php b nh du thnh th rc v l do Server cha ng k a ch s vi h thng SIDF. 2.2.3.3. Cng ngh Domain Key Spammer thng s dng phng php gi mo a ch ngi gi bng cch gi mo phn Header ca email. Mt email c th c xut pht t mt tn min hp l, tuy nhin domain li khng cha a ch hm th c khai bo trong trng From ca bc th. Mt trong nhng bin php kim tra, xc thc ngun gc a ch email l s dng cng ngh DomainKey.

Hnh 2.5: H thng lc th vi Domain Key K thut chng th Domain Key c Yahoo! nghin cu u tin. Cch nhn bit mt bc th c xc thc Domain Key l trong mi bc th xc thc c cha biu tng xc thc Domain Key c hnh phong b v chic cha kha. Domain Key Identified Mail (DKIM xc nh kha tn min) l mt giao thc m da trn vic xc nh tn thc ca ngi ang gi email. Khng ging nh cc phng thc khc, DKIM cung ng cho nhng im u cui xc minh s tn ti a ch hm th trong mt Domain. DKIM c tc dng ngn cc th cha ni dung qung co, th rc, DKIM thay v s dng a ch IP truyn thng xc thc ngi gi email th h thng dng ch k s c m ha nhn dng a ch ngi gi. DKIM cung cp cho ngi s dng mt ch k nhn dng duy nht. Server s dng phng php DKIM s c ng k vi ISP kha private key v public key. Cc private key c Mail Server s dng m ha cc th gi ra ngoi. D liu ca ch k c lu tr trong trng DKIM-Signature ca Header ca bc th. Ch k s cha ng Header v phn thn ca message gi ti. DKIM s dng kt hp thut ton hm bm SHA-5 v s dng RSA nh l mt public key, sau s dng Base64 m ha. SMTP Server nhn s kim tra trng DKIM-Signature ca th gi n bng public key xc nhn th. SMTP Server nhn s ly tn Domain t phn From ca th gi n, phn chui _domainkey, v phn tn a ch t Header ca th t thc hin cng vic tra cu DNS lookup. D liu tr v sau khi tra cu s bao gm c public key ca

Domain gi th ti. Bn nhn s s dng public key ny gii m gi tr ca Header, cng lc tnh ton li gi tr Header ca message nhn c. Nu nh hai gi tr ny tng ng nhau, th gi ti c xc nhn v c cho php gi ti ngi nhn. Thng thng th rc gi thng qua mt a ch trung gian v a ch ny khng c xc nh, do Server nhn s ngn chn c th rc. Nhng u im ca DKIM l : - Kh nng xc nhn c Domain, t to c s cho vic xc lp danh sch Whitelist v Blacklist nhanh chng v hiu qu hn, v nh vy cng pht hin c cc v tn cng Phishing d dng hn. - Loi b c cc th gi mo a ch, xc thc c MTA v MUA. - Cho php ch s hu cc domain b lm dng pht hin c vic b lm dng mt cch d dng hn. - Khng cn thit phi to nhng b lc rc ri cho mt h thng. 2.2.3.4. Cng ngh CAPTCHA a. Gii thiu cng ngh CAPTCHA

Hnh 2.6: M phng mt kiu CAPTCHA CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart Php th Turing cng cng hon ton t ng phn bit my tnh vi ngi) l mt loi cng c kim th dng hi p c dng trn cc my tnh xc nh xem ngi dng l ngi hay l my. CAPTCHA l mt qu trnh my ch yu cu ngi dng hon tt mt php kim tra n gin my tnh c th xc minh ngi dng l ngi hay l my, trong php kim tra ny c my tnh to, v nh gi d dng, nhng khng t gii c n. My tnh khng gii quyt vn gii bi ton

n to ra, m my tnh mang vai tr xc nh c ngi dng l con ngi nu nh li gii l chnh xc. Vic phn bit my tnh c t ra t nhng nm 1950 khi Alan Turing m t v php th Turing. CAPTCHA nguyn thy c pht trin vo nm 1997 ti AltaVista, do Andrey Broder v cc ng nghip sng to ngn nga bot thm URL vo b my tm kim ca h. khin hnh nh chng li c OCR (Nhn dng k t quang hc), nhm m phng nhng tnh hung cho rng s dn n kt qu OCR sai. Vo nm 2000, Von Ahn v Blum pht trin v cng khai khi nim CAPTCHA, bao gm bt k chng trnh no c th phn bit con ngi vi my tnh. H sng ch ra nhiu mu CAPTCHA, gm c nhng CAPTCHA u tin c s dng rng ri, v cng chnh l nhng loi c Yahoo! s dng Thut ng CAPTCHA xut hin t nm 2000 do Louis Von Ahn, J.Hopper (thuc i hc Carnegie Mellon) v John Landford (thuc IBM) t ra. Mt loi CAPTCHA ph bin cho ngi dng l dng ch mo m hin ln trn mn hnh yu cu ngi dng nhp vo chnh xc, mi nh cung cp dch v h tr CAPTCHA c nhng cch th hin khc nhau. CAPTCHA c m t nh l mt php th Turing ngc, v n c my to ra v hng ti con ngi, cn php th Turing chun trc kia li l do con ngi to ra v hng vo my tnh . b. c im CAPTCHA L m sinh th thch t ng do my tnh to ra. My tnh khng c kh nng gii chnh xc, a phn con ngi c th gii c. c. ng dng CAPTCHA trong tin hc

CAPTCHA c dng ngn chn phn mm t ng thc hin nhng tc v c th lm gim i cht lng dch v ca mt h thng c sn, c th bng cch lm dng hoc lm hao tn ti nguyn. CAPTCHA c th c dng bo v h thng chng li spam e-mail, nh cc dch v webmail ca Gmail, Hotmail, v Yahoo!. CAPTCHA cng c dng nhiu trong vic ngn chn ng bi t ng trong blog hoc din n, c th vi mc ch qung co thng mi, hoc quy ri v ph hoi. CAPTCHA cng c chc nng quan trng trong hn ch qu ti, v vic s dng t ng mt dch v l iu mong mun cho n khi cch dng bt u vt qu gii hn, v lm tn hi n nhng ngi dng l con ngi. Trong trng hp , mt CAPTCHA c th thc thi quy nh s dng t ng do ngi qun tr t ra khi gi tr o lng mc s dng vt qu mt ngng cho trc. H thng xp hng bi vit c nhiu trang web tin tc s dng cng l mt v d v c ch trc tuyn chng li s tnh ton ca phn mm t ng.

Kt lun
Ngoi vic s dng cc phng php hng chng spam mail, ngi s dng cng cn ng vai tr quan trng trong vic phng chng th rc. Bi vy ngi dng cn tun theo mt s nguyn tc sau: Lun cp nht cc bn v ca h iu hnh, phin bn update ca cc phn mm chng virus v chng spam. S dng firewall bo v h thng. Khng tr li cc email l khng r ngun gc. Khng gi cc thng tin c nhn ca bn trong th in t. Khng bao gi nhn vo cc lin kt URL hoc a ch trang web c ghi trong mail spam. S dng 2 a ch email khc nhau, 1 email dng cho cng vic, lin lc1 email dng ng k thnh vin ca cc din n, cc trang web ni m a ch email ca bn d b li dng. Khng ng a ch email ca bn ti nhng ni cng cng. S dng cc dch v email c cung cp cng c chng spam. Khi nhn c mail spam khng c chuyn tip n ngi khc.