Spam is a growing problem where the net is concerned. Some 40 trillion spam messages are expected to be sent in 2008. However, we've rounded up 8 tips that will help your combat spam more effectively, ensuring you get the message you want, not the ones you don't.
Recurrent pattern detection
This proprietary technique relies on the fact that a spam outbreak, by definition, involves widespread distribution of email. The RPD system, developed and maintained by security vendor Commtouch, monitors the internet for such outbreaks and determines the patterns they contain, then updates a central database of spam patterns. (Commtouch both sells its own antispam products and licenses the RPD technology to other antispam vendors.) Company email systems using RPD query the database, and email identified as spam is discarded or quarantined.
Tips for combating false positives
On both the sending and the receiving end, minimising false positives is critical for your organisation. The real challenge comes from the fact that any or all of the spam-filtering techniques listed above may be employed on your own systems and on the systems of your recipients. Here are some steps you can take.
1. Do use a spam filter
The occurrence of false positives can leave you wondering if you should simply toss your spam filter - don't.
False positives can occur even without using a filter, such as when a user, seeing multiple spam subjects in an inbox, manually hits 'delete' multiple times, not realising that buried within that list is a 'good' email. A state-of-the-art spam filter, on the other hand, will catch 97 to 99 percent of spam, according to Ferris Research's Jennings, thus preventing the indiscriminate manual deleting scenario. And although spam filters can incur false positives, their rate of doing so is far lower (as low as .01 percent) than is incurred through pure human action, says Jennings.
2. Locate your filter at the network DMZ
A demilitarised zone (DMZ) in the context of a computer network refers to a portion of that network that buffers the private internal network from the public internet. The systems in the DMZ are vulnerable to attacks from the outside, but their presence protects the internal network from outside attacks.
Putting your spam filter at the DMZ, according to Jennings, allows it to monitor the characteristics of the connection and acquire more information about incoming email messages, which can be critical to determining whether the message is spam or not. "If the sender is a Windows ME box," he says, "why would it be sending me email directly, rather than going through a legitimate email server? In that case, it's almost certainly a zombie, so the message is going to be spam."
NEXT PAGE: Move away from older filtering technologies and enlist users to help maintain your whitelist