Spam Filters

by on Jan 16, 2008 | 0 comments

Using spam filters is one of the most common ways to battle spam. What this means is that the software scans the incoming email, runs it through a series of tests and compares it to known spam criteria, then decides whether it is a good email or a spam message. If it is spam, it will act according to settings.
If it is good, it makes it to your inbox. The perfect spam filter would always get it right, filtering out all spam and letting all valid email through. In real life, however, its a constant battle for accuracy. Filters miss email or falsely flag email all the time. A “false negative” is when the filter does not flag an email as spam when it should have. A “false positive” is when the filter incorrectly flags a legitimate email as spam. For most, a false positive is the worse of the two because perfectly valid email can get removed. This happened to me just the other day when a perfectly valid email contained the word “mortgage” got filtered out. The sender called wondering if I got the email, which of course, I didn’t. The only solution (other than training your filter) is to periodically check your “Deleted Items” folder to see if there are any valid emails in there.

How Filters Work

[hidepost=1]

Filters work primarily by scanning content or scanning the email’s routing information in the headers. When scanning the content, the email is given a score by running it up against the filter’s rules. Based on that score, it is either determines to be spam or allowed to pass. When scanning the headers, it is comparing the origin of the email to a list of known spam hosts, or looking for headers which appear to be altered or bogus. Filters which filter based on the headers tend to be more accurate in many cases. By using network analysis, they identify the source of the spam and then just ban anything from that source. However, the market for spam filters seems to concentrate more on keyword filtering. These filters are complicated because they have to perform complex string scanning of the email. In order to be accurate, they require pretty constant updates. At the same time, though, it is purely a defense operation, whereas the other type of filter helps you identify the source of the spam, allowing you to report the sender.

Filters can be run in two places – locally on your computer or on your ISP’s server. The first option is very common, but it has limited workability. Most of the time, this entails using the built-in filtering capability of your email program to filter spam into your trash folder. In order to be accurate, though, it takes a lot of setup time and training as well as constant updates and re-training. Email programs allow you to setup a series of rules to filter email into specific folders or perform other actions with them. This is a great tool for organizing email automatically. Using this feature to fight spam, though, is limited in workability for the reasons stated above. When you set up rules to organize emails from known sources, it is predictable. But, these filters are not robust enough to handle all the various incarnations of spam message.

There are also third-party software products available which will do the job of spam filtering for you. In this way, you do not need to take the time to set up your own filters in your email client and then complain when they don’t work. These third-party utilities usually come trained to identify much spam. They also come with updates so that you can keep the filters up-to-date based on the latest spammer tricks. This software is still subject to false negatives and false positives, so you will still need to evaluate the product to see how it works for you.

There are also filters which work based on a black-list or a white-list. Basically, a black list is a list of identified spammers. Any spammer which is on the list will automatically have their emails blocked. This technique is limited in workability because it is so easy to spam from sources that are not on the black list. It is also up to you to keep the black list up-to-date by identifying each message as spam from your computer. I personally don’t like this technique because it takes a lot of time to train the system and the job is never-ending. I prefer a solution which needs minimal interaction on my part. After all, the spammers win if I need to waste ANY of my time on their emails. The white-list technique is a list which contains a list of good senders, and any email which is not on that list is blocked. This, too, is slightly dangerous because you could not receive emails from anybody you don’t approve ahead of time. If one of your contacts changes their email address, they will get blocked. If you receive email from people you do not know, this white-list technique simply will not work.

Many ISPs also provide net-based filtering which will filter email before it even arrives in your in-box. SpamAssasin is a popular product used. The way this works is that the email is scanned as soon as it arrives to your ISP’s mail server. The filter commonly uses content analysis filters, but many also use header analysis. If the score is adequate to be labeled as spam, the ISP will put the email into a queue of some kind rather than deliver it to your in-box. On my server, we write all spam messages to a large text file on the server. I never look at it, but the pont is that I could if I wanted to. The advantages of a filter like this are great. My favorite is that the spam is never downloaded to your computer in the first place. With computer-based filtering as discussed above, the email has to be downloaded and then scanned. It takes up your bandwidth, makes you wait for the download, and then uses CPU power to scan the emails, only then to move it to your Deleted Items. With the volume of spam I have gotten in the past, my in-box can be so full of spam after a short vacation that my PC literally took hours to download everything – even on a cable modem. I’ve even had my email program (Outlook) crash under all of the filtering load. The other advantages of net-based filtering are that the filtering is usually much more robust and complex than you will get using your PC. They can also do automatic header analysis, something that your PC-based content filters cannot do. Also, many of these filters can also automatically filter out emails containing viruses.

If you do not have net-based filtering available for your ISP, you can use the SpamCop service. Its a paid subscription service, however they will do the work for you. All your incoming email would be directed to SpamCop. They will filter out the spam and then forward the good emails to your own, secret email address. You can then log in to the SpamCop website to view your filtered messages if you please.

The last type of filter I will mention is the challenge/response filter. The way this works is that an incoming email arrives and is compared against a white-list or other set of rules. If the email passed the test, it proceeds to the in-box. If it does not, an automatic email is sent back to the sender. This email requires that they click on a link in order to verify that they are real, at which point they will be added to the white list. The idea is that spammers won’t take the time to respond to these emails while people who truly want to communicate to you will. The problem is that the assumptions that these filters make are flawed. First, many spammers spoof their return address. Sometimes the return address belongs to some innocent party. So, while the spammer never receives a thing, the innocent party is sitting there receiving email challenges from the filter system. So, even though you might not be getting the spam personally, the truth is that your filter system is contributing to the overall problem of spam on the internet. Another problem is that many times perfectly valid senders are not willing to waste their time dealing with the challenges. In our case, we publish a weekly newsletter and tip of the day here on PC Mechanic. Every time we send an out-going email, we receive email challenges. However, nobody here is going to take the time to respond to challenges. We have better things to do. We are not spamming anyone and everybody on our mailing list signed themselves up for the emails and confirmed themselves using double opt-in. But, they will not receive what they signed up for because we are not going to waste our time with challenges. At the very least, when you sign up for a mailing list, add that sender to your white list.

[/hidepost]

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: