Spam Filtering Software

Does it block legitimate email?

Spam has become as common in email as junk mail used to be in your mailbox (remember junk mail?). The costs of printing have driven many mass marketers to use email. It is simple, fast, lower cost and can be sent, albeit illegally, completely anonymously. As email users, we have begun to use SPAM blocking software to weed out the hundreds, even thousands of unsolicited emails that we receive weekly. Ever wonder if all the emails you want are making it through the filtering you have enabled? The answer to that question is that it depends on the software you are using and how it was configured. Let me explain.

All Anti-SPAM Software Are Not Created Equal
Just as there are different solutions for email, so are there different solutions for SPAM blocking. Some work at a very rudimentary level; if there is a graphic or HTML content in the email, block it. Others require your email address be registered before email is allowed through. While both of these methods can be effective in blocking unwanted emails, they have the highest potential for false positives on email that is received. More sophisticated software solutions use rules that:

1) Analyze keywords and phrases
2) Look for specific subject lines
3) Run complex algorithms to determine the likelihood that the picture embedded is pornographic in nature and not just a picture at the beach, based on the colors in the graphic
4) Black Lists and White Lists

The unfortunate part is that the more sophisticated software requires more administration to run and is more expensive to purchase and implement.

False Positives
An example of a false positive is a newsletter you subscribe to. It may have content that you want or desire. Unfortunately, many unscrupulous SPAMMERS will include “Newsletter” in their subject line or content to get around filters. This then results in your getting an email for a pill or a cream that increases the size of a select body part or cheap meds from outside of the country instead of the technical information, recipes or whatever you wanted to arrive. Just as SPAM arriving costs money and time, so too do false positives and email that never arrives that you wanted.

How to be Safe and Not Sorry
Unfortunately, as with anything else, the solution you choose is very important. The cheap solutions provide the worst results, so the adage is true; you do get what you pay for. Just as you will be more likely to get SPAM by using email from one of the ‘free’ services rather than having a legitimate domain for your company, the free or low cost solutions do a very basic job, but they do not have the intelligence to make a decision about what is real email and what is not. We at Hagerman & Company, Inc. find that many companies we do business with have implemented solutions that the end users do not even know about. Oftentimes, they block all addresses unless they have been added to a white list. While this does solve the inbound problem of SPAM, it results in a number of emails blocked for no good reason. Even worse, users at these companies can send us (in this example) emails but will not get our replies, and they often believe the problem is at our end. In truth, the best solution is a multilayered one; that is, one with some user control at the desktop (such as with Outlook 2003, etc.), a server based solution (McAfee, Symantec, Surf Control, etc.) and a network based solution, one that blocks the IP addresses of known SPAMMERS, their servers and domains. Even then, you must remain diligent to make certain real emails you want to receive are not blocked!

How can I get more information on this subject?
Check out the products offered by any of the big anti-virus / anti-spam vendors. Look at the features and compare the $15 and up solutions with the enterprise ones. Ask for a list of their false positive detections. If they cannot give you one, it is probably too high and you should look for another solution. If you have questions or comments about this article, contact me.

 

All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2005 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden.