| With flourishing development of Internet, provide the fast information transmission for the humanity the email becomes more and more important in communication of people. Because of free, many problems come with convenience while email becomes widespread popularization. More and more people pay attention to mail security audit, and the correlated work is carrying on.The email is regarded as the most belt-tightening way in the most of marketing method; The spam interception is the hotspot in the research work of the mail security audit at all times, because the correlative technology is unceasingly adapted by the spam dispatchers, thus the spam interception is always faced with the challenge.This paper studied the essence of the spam and the characteristic of the transmission behavior firstly, and put forward two kind of spam interception way which is based on the behavior recognition.At one time, a majority of existing technology which aims at mail itself can effectively reduce the quantity and frequency of the mail server to receive spam. But it always need much effective preparatory work, also it can be avoided very easily by the spam transmission.Through the analysis of spam essence, we find that the characteristic of spam is by no means of its content, but in the greed and the immoderation of its transmission behavior. We define the spam that always contains the large numbers of mails, as a category, but not aims at a single mail, so we also need analyze them as a category.After analysis, I summarized two behaviors characteristics; one is that the transmission is usually one-off, because it needs achieve the goal of mass and fast. Another is that it is impossible to change all contents of mail frequently in the way of fast sending out the massive mails,the mails which is sent out by a spam must have some kind of redundant pattern. This article proposes the corresponding spam interception way that separately aimed at two kinds of behaviors characteristic mentioned hereinbefore. One way is based on the responding error message for SMTP; another way is based on the digital signature of MD5. |
PDF Full Text Request