VBSpam testing methodology - pre-DATA filtering

Because products in the VBSpam tests are tested in parallel, they will see all email arrive from the same fixed IP address and with the same EHLO domain. It is thus not possible (and certainly not advisable) to use these for filtering.

Because the MTA that relays all emails to all products adds a Received header, many products use the content of this header. It is also possible to have the original IP address added in an extra header (e.g. X-Original-IP).

A third option is for the MTA to send an extra SMTP command, right after identifying itself using EHLO. This command will contain the sender's IP address, the corresponding reverse DNS domain and the HELO/EHLO domain used. An example of such a command is XCLIENT, which is an extension for the Postfix MTA. While products won't gain any more information, they are encouraged to use XCLIENT (or something equivalent), to emulate a real situation, where most of the spam is blocked before the DATA command has been sent.

VBSpam


	Latest Comparative Recent Test Summary Vendor Test History Compare Vendors Full Test History Methodology The VBSpam tests make use of two live global spam feeds, provided by:

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Virus Bulletin


	In this month's magazine: Living the meme If Svar is the answer... Static analysis of mobile malware And the devil is six: the security consequences of the switch to IPv6 Behind enemy lines: reporting from the CCC 28C3 Congress Subscribe now!

Virus Bulletin currently has 224,238 registered users.

Fighting malware and spam

VBSpam testing methodology - pre-DATA filtering

Latest Comparative

Recent Test Summary

Vendor Test History

Compare Vendors

Full Test History

Methodology