Reviews   ::        

Articles   ::        

Home   ::        

Links   ::        

Archives   ::        

Search   ::        

About Us   ::        
HDTV Costs     

HDTV Guide     

Diskeeper 9     

Stor n Go PRO     

Blade SSD Server     


  Evaluating Spam Costs and Filtering Techniques

The first technique used against early spam involved simple pattern matching and is generally still employed today. The concept here is simple - when a message is received it is scanned for keywords and phrases commonly associated with spam. For instance, the phrase ??Make money fast!? can be recognized by a simple pattern matcher and discarded. But there are two major problems arising from this technique. The first is the issue of ??false positives?, meaning the discarding of legitimate messages that used the key phrase innocently. Spammers caught on to this technique quickly and adapted by randomizing or ??munging? their messages. For instance the phrase may now appear as ??M-a-k-e M@n3Y F^a*s-T!?. Humans can pick out the message easily, but generic pattern matchers cannot.

Frequently, the extraneous characters (like the example shown above in quotes) are randomly generated, so even if the phrase was added to the pattern matcher, the next spam could contain the same basic message but with totally different random characters.

Another technique involves using dynamic ??blacklists? where the source of an incoming message is compared to a database of known spammers and discarded if there is a match. A similar method searches for known ??open relays? (insecure email servers known to be open for public relaying of spam.) and messages originating from a known open relay is simply discarded. While combining both techniques can block a significant portion of spam, invariably it will result in the blocking of legitimate email as well.

A more recent development in blocking spam involves the data warehousing of actual spam messages, specifically for the purpose of ??fingerprint matching? of incoming mail against known spam messages. This technique is highly accurate with few false positives, but the drawback is the requirement of proactive user participation. The system can only be as effective as the reporters of the spam messages. One of the more successful companies providing this service is called Cloudmark. They boast around 50%-60% effectiveness with their database alone with very few false positives.


One of the earlier methods of defeating spam was to simply ignore the sender. This technique involves placing an email address or an entire domain on an "ignore" or "black" list which would be compared against inbound email. If an address or domain matches, the message would either be bounced back to the sender or merely discarded. In the early days, spammers used consistent addresses. However, as enforcement became tougher, they began transmitting from multiple addresses simultaneously. Between changing addresses and the increase of the number of new spammers, maintaining any kind of blacklist simply became impossible. Blacklisting an entire domain can block a considerable amount of legitimate mail and is therefore used rarely.

Previous Page    Next Page
Table of Contents
Page 1: The Cost of Spam
Page 2: Simple Techniques
Page 3: Complex Techniques
Page 4: Integrated Techniques
Page 5: The Future
Page 6: Final Thoughts

      Posted by: , August 25, 2004, 6:00 pm  

    Cool banner #1
       ::  USB News

       ::  Bjorn 3D

       ::  [H]ardOCP

       ::  BurnOutPC

       ::  I am Not a Geek

Top Products














Sound Cards

Creative Labs



Graphic Cards




Hard Drives







2001 - 2004 Digital Silence
Digital Silence is not responsible for the information or the accuracy of the information above.
All trademarks and copyrights owned by their respective companies.

Graphical Design by Mohsin Ali
Website Layout by Universal Interactive

PHP Programming by Network Innovations
Additional HTML Programming by Moddin.Net