During spam filtration, there are several spam filtering methods and procedures applied. In that case, to both inbound email (email entering the network) and outbound email (email leaving the network). And in that case, ISPs use both methods to protect their customers. Whereas, SMBs typically focus on inbound filters.
While new computer security threats may come and go, spam remains a constant nuisance for nonprofits. At a minimum, spam can interrupt your busy days. Forcing you to spend time opening and deleting emails. Hawking herbal remedies or once-in-a-lifetime investment opportunities.
In a more serious scenario, spam could unleash a nasty virus on your organization’s network. Crippling your servers and desktop machines. Experts and anti-spam services tend to peg the rate of spam at anywhere from 50 to 90 percent of all emails on the Internet.
Although preventing tenacious spammers from sending junk mail may never be possible, installing an anti-spam application can greatly help. Especially, on your organization’s mail server or individual computers. Vastly reducing the amount of spam your staffers have to deal with.
What is Spam Filtering?
Spam Filtering is a process where spam filters detect unsolicited, unwanted, and virus-infested email (called spam). Stopping them from getting into our general email inboxes.
As an example, Internet Service Providers (ISPs) use spam filters to make sure they aren’t distributing spam. Small- to medium-sized businesses (SMBs) also use spam filters to protect their employees and networks.
There are many spam filtering solutions available. Not forgetting, they can be hosted in the “cloud,” on computer servers, or integrated into email software such as Microsoft Outlook.
Read More: How does Spam Filter work?
How are Spam Filtering Methods applied?
Anti-spam applications typically use one or more spam filtering methods to identify spam and stop it from reaching a user’s inbox. But just because anti-spam programs are designed to do the same job doesn’t mean they all go about it in the same way.
For instance, some spam-filtering methods run a series of checks on each message to determine the likelihood that it is spam. Other spam-filtering techniques simply block all email transmissions from known spammers or only allow emails from certain senders. And while some spam-filtering methods are completely transparent to both the sender and recipient, others require some degree of user interaction.
Whether your nonprofit plans to implement its first anti-spam solution or simply seeks a more effective application than the one you currently use, familiarizing yourself with common spam filtering methods can help you.
Especially, on deciding which products to investigate more closely. To help you in your research, I’ll explain how 10 popular anti-spam methods work and briefly outline some of their pros and cons. As you read the descriptions of the spam filtering methods below, start thinking about which techniques you want — or don’t want — your anti-spam application to use.
Consider factors such as the scope of your current spam problem. And how much work users at your nonprofit are willing to do to stop unwanted emails. You may find it helpful to print this article and circle methods that interest you with a pen. In that way, when you actually start to research particular products, you’ll have a shortlist of desired filtering techniques.
List-Based Spam Filtering Methods
List-based filters attempt to stop spam by categorizing senders as spammers or trusted users, and blocking or allowing their messages accordingly.
This popular spam-filtering method attempts to stop unwanted email by blocking messages from a preset list of senders that you or your organization’s system administrator create.
Blacklists are records of email addresses or Internet Protocol (IP) addresses that have been previously used to send spam. When an incoming message arrives, the spam filter checks to see if its IP or email address is on the blacklist; if so, the message is considered spam and rejected.
Though blacklists ensure that known spammers cannot reach users’ inboxes, they can also misidentify legitimate senders as spammers. Also, since many clever spammers routinely switch IP addresses and email addresses to cover their tracks, a blacklist may not immediately catch the newest outbreaks.
Real-Time Blackhole List
This spam-filtering method works almost identically to a traditional blacklist but requires less hands-on maintenance.
That’s because most realtime blackhole lists are maintained by third parties, who take the time to build comprehensive blacklists on the behalf of their subscribers. Your filter simply has to connect to the third-party system each time an email comes in, to compare the sender’s IP address against the list.
Since blackhole lists are large and frequently maintained, your organization’s IT staff won’t have to spend time manually adding new IP addresses to the list, increasing the chances that the filter will catch the newest junk-mail outbreaks.
But, like blacklists, real-time blackhole lists can also generate false positives if spammers happen to use a legitimate IP address as a conduit for junk mail. Also, since the list is likely to be maintained by a third party, you have less control over what addresses are on — or not on — the list.
A whitelist blocks spam using a system almost exactly opposite to that of a blacklist. Rather than letting you specify which senders to block mail from, a whitelist lets you specify which senders to allow mail from; these addresses are placed on a trusted-users list.
Most spam filters let you use a whitelist in addition to another spam-fighting feature as a way to cut down on the number of legitimate messages that accidentally get flagged as spam. However, using a very strict filter that only uses a whitelist would mean that anyone who was not approved would automatically be blocked.
Some anti-spam applications use a variation of this system known as an automatic whitelist. In this system, an unknown sender’s email address is checked against a database; if they have no history of spamming, their message is sent to the recipient’s inbox and they are added to the whitelist.
A relatively new spam-filtering technique, greylists take advantage of the fact that many spammers only attempt to send a batch of junk mail once. Under the greylisting system, the receiving mail server initially rejects messages from unknown users. Sending a failure message to the originating server.
If the mail server attempts to send the message a second time — a step most legitimate servers will take — the greylist assumes the message is not spam. Letting it proceed to the recipient’s inbox. At this point, the greylist filter will add the recipient’s email or IP address to a list of allowed senders.
Though greylist filters require fewer system resources than some other types of spam filters, they also may delay mail delivery. Not to mention, which could be inconvenient when you are expecting time-sensitive messages.
Content-Based Spam Filtering Methods
Rather than enforcing across-the-board policies for all messages from a particular email or IP address, content-based filters evaluate words. Or even phrases found in each individual message to determine whether an email is spam or legitimate.
A word-based spam filter is the simplest type of content-based filter. Generally speaking, word-based filters simply block any email that contains certain terms. Since many spam messages contain terms not often found in personal or business communications, word filters can be simple. Yet capable technique for fighting junk email.
However, if configured to block messages containing more common words, these types of filters may generate false positives. Also note that since spammers often purposefully misspell keywords in order to evade word-based filters, your IT staff will need to make time to routinely update the filter’s list of blocked words.
Heuristic (or rule-based) filters take things a step beyond simple word-based filters. Rather than blocking messages that contain a suspicious word, heuristic filters take multiple terms found in an email into consideration.
Heuristic filters scan the contents of incoming emails and assigning points to words or phrases. Suspicious words that are commonly found in spam messages, such as “Rolex” or “Viagra,” receive higher points, while terms frequently found in normal emails receive lower scores.
The filter then adds up all the points and calculates a total score. If the message receives a certain score or higher (determined by the anti-spam application’s administrator), the filter identifies it as spam and blocks it. Heuristic filters work fast — minimizing email delay — and are quite effective as soon as they have been installed and configured.
However, heuristic filters configured to be aggressive may generate false positives. That is if a legitimate contact happens to send an email containing a certain combination of words. Similarly, some savvy spammers might learn which words to avoid including, thereby fooling the heuristic filter into believing they are benign senders.
Bayesian filters considered the most advanced form of content-based filtering. By employing the laws of mathematical probability to determine which messages are legitimate and which are spam. In order for a Bayesian filter to effectively block spam, the end-user must initially “train” it by manually. Flagging each message as either junk or legitimate.
Over time, the filter takes words and phrases found in legitimate emails and adds them to a list; it does the same with terms found in spam. To determine which incoming messages are classified as spam, the Bayesian filter scans the contents of the email. And then compares the text against its two-word lists to calculate the probability that the message is spam.
For instance, if the word “valium” has appeared 62 times in spam messages list but only three times in legitimate emails, there is a 95 percent chance that an incoming email containing the word “valium” is junk.
Because a Bayesian filter is constantly building its word list based on the messages that an individual user receives, it theoretically becomes more effective the longer it’s used. However, since this method does require a training period before it starts working well, you will need to exercise patience. Also, you’ll probably have to manually delete a few junk messages, at least at first.
Other Common Filters & Fighting Techniques
In addition to the list- and content-based filtering techniques, some anti-spam applications employ one or more additional methods.
Filters that use a challenge/response system block undesirable emails. Particularly, by forcing the sender to perform a task before their message can be delivered. For instance, if you send an email to someone who’s using a challenge/response filter, you’ll likely receive an email right back. That obviously, asks you to visit a Web page and enter the code displayed there into a form.
Spammers usually rely on automated mailing programs to send out millions of emails at once. By the same fashion, they rarely check to see what emails come back in response. And even if they did see a challenge message, they aren’t likely to respond. For one thing, they’d be risking revealing themselves as a spammer.
Another downside is that some of your organization’s constituents may not take the time to complete the challenge. Or may not understand the challenge email, meaning that their messages will not reach the recipient.
And there’s always the slight chance that if both the sender and recipient are using challenge/response systems, their anti-spam applications will continue to challenge each other. Locking the email in an undeliverable loop.
Collaborative content filtering takes a community-based approach to fight spam. By collecting input from the millions of email users around the globe. Users of these systems can flag incoming emails as legitimate or spam.
After a certain number of users mark a particular email as junk, the filter automatically blocks it from reaching the rest of the community’s inboxes. When a collaborative content filtering system involves a large, active user base, it can quickly quell a spam outbreak, sometimes within a matter of minutes.
One potential downside to the collaborative-content method is that if a group of spammers mobilize in large numbers and pretend to be legitimate users of the system, they could skew results by falsely labeling spam emails as legitimate messages.
DNS Lookup Systems
While not a particularly reliable method on its own, several anti-spam methods use the domain name system (DNS). After all, which all mail servers on the Internet use to identify themselves. Or even to identify and foil spammers.
DNS Mail Exchange (MX) attempts to verify that the domain name in the email address of the sender — the part after the at symbol (@) — exists. It does this by searching the domain name system to see whether the domain name has a valid MX record.
At the end, which indicates the presence of a real mail server; if there’s no match, the anti-spam program assumes that the message is junk. A filter will also perform a reverse DNS lookup. Using the IP address of the mail server that sent the questionable message. This lookup will reveal the domain name associated with the server.
While DNS lookups can be useful in weeding out emails from spammers attempting to disguise themselves, they are not as effective or reliable on their own. When compared to other spam filtering methods in stopping general junk mail.
Since none of the aforementioned anti-spam methods are 100 percent foolproof, you may want to more vigilant. In that case, seek out a product that uses several different spam-fighting methods. Furthermore, doing so decreases the amount of junk mail your organization will have to deal with.
I hope you have gathered enough information in regards to the above-revised guide about Spam Filtering Methods. But, if you have additional information, contributions or even suggestions, please Contact Us.
You can also share some or more of your thoughts in the comments box below this post. Below are more additional and related to the topic links.
You must log in to post a comment.