Spam is a scourge that causes several problems for most organizations and therefore needs to be stopped before it reaches the users’ mailboxes. Luckily, there are various types of anti-spam filters to suit different types of organizations; however, it is important to understand that spam detection can be quite tricky. If the configuration is wrong, valuable emails will be incorrectly classified as spam. You therefore need to ensure your anti-spam filter is configured correctly to avoid as many false negatives as possible and without creating false negatives as well.
1. Bayesian Filtering:
Bayesian filtering is a system that through training can “learn” to distinguish between spam and legitimate emails. It does this through a statistical analysis of what words one expects to find in a legitimate email and not in spam. To do this, Bayesian filters need to be trained using legitimate emails and spam. Some products offer automated updates and allow the customer to do their own training. It is hard to gauge the rate of false positives and false negatives this method can cause. The strength of this method is based entirely on the quality of the training and how typical the spam or legitimate email being checked is.
2. Databases:
Some anti-spam filters include databases of known spammers, open relays and spam emails. These databases have a variety of uses – from recognizing spam email, to recognizing other harmful content in emails such as links to malicious and phishing sites.
3. DNSBL:
DNSBL (DNS BlackList) is a service offered by some organizations that provide a database of known spammers, open relays and zombies sending spam. Accuracy is dependent on the classification systems used by the service provider.
4. Email Analysis:
Some software might check that the headers are crafted correctly, for example if the emails are being addressed to whoever the email is claiming to be addressed to, while others might look for specific keywords. Accuracy can vary but you can expect that keyword-based anti-spam detection will have a higher than normal rate of false positives.
5. Greylisting:
Greylisting is a process whereby an email that arrives at your mail server from an unknown sender, is initially rejected. This will make a legitimate mail server retry again after a delay; if legitimate, the email will be accepted. In many cases the software used by spammers will not try again if the first attempt failed. Provided the mail server sending the email is properly configured, there is no chance of false positives with this method and a minor chance of false negatives should a spammer specifically cater for such scenarios.
6. Sender Policy Framework (SPF):
SPF works by having domain owners specifying what hosts are authorized to send email from the specific domain. If the host sending the email is an unauthorized source, it is marked as spam. This method can cause false positives if a legitimate user sends an email from an unauthorized location, such as a mobile phone.
Knowing what the major spam detection mechanisms are and to what extent they may create false positives are, will help you take an informed decision on how to choose and configure an anti-spam filtering solution.
Copied from here......
1. Bayesian Filtering:
Bayesian filtering is a system that through training can “learn” to distinguish between spam and legitimate emails. It does this through a statistical analysis of what words one expects to find in a legitimate email and not in spam. To do this, Bayesian filters need to be trained using legitimate emails and spam. Some products offer automated updates and allow the customer to do their own training. It is hard to gauge the rate of false positives and false negatives this method can cause. The strength of this method is based entirely on the quality of the training and how typical the spam or legitimate email being checked is.
2. Databases:
Some anti-spam filters include databases of known spammers, open relays and spam emails. These databases have a variety of uses – from recognizing spam email, to recognizing other harmful content in emails such as links to malicious and phishing sites.
3. DNSBL:
DNSBL (DNS BlackList) is a service offered by some organizations that provide a database of known spammers, open relays and zombies sending spam. Accuracy is dependent on the classification systems used by the service provider.
4. Email Analysis:
Some software might check that the headers are crafted correctly, for example if the emails are being addressed to whoever the email is claiming to be addressed to, while others might look for specific keywords. Accuracy can vary but you can expect that keyword-based anti-spam detection will have a higher than normal rate of false positives.
5. Greylisting:
Greylisting is a process whereby an email that arrives at your mail server from an unknown sender, is initially rejected. This will make a legitimate mail server retry again after a delay; if legitimate, the email will be accepted. In many cases the software used by spammers will not try again if the first attempt failed. Provided the mail server sending the email is properly configured, there is no chance of false positives with this method and a minor chance of false negatives should a spammer specifically cater for such scenarios.
6. Sender Policy Framework (SPF):
SPF works by having domain owners specifying what hosts are authorized to send email from the specific domain. If the host sending the email is an unauthorized source, it is marked as spam. This method can cause false positives if a legitimate user sends an email from an unauthorized location, such as a mobile phone.
Knowing what the major spam detection mechanisms are and to what extent they may create false positives are, will help you take an informed decision on how to choose and configure an anti-spam filtering solution.
Copied from here......
0 comments:
Post a Comment