The problem of unsolicited e-mail has been increasing for years, but help has arrived. In this article, David discusses and compares several broad approaches to the automatic elimination of unwanted e-mail while introducing and testing some popular tools that follow these approaches.

Unethical e-mail senders bear little or no cost for mass distribution of messages, yet normal e-mail users are forced to spend time and effort purging fraudulent and otherwise unwanted mail from their mailboxes. In this article, I describe ways that computer code can help eliminate unsolicited commercial e-mail, viruses,
trojans, and worms, as well as frauds perpetrated electronically and other undesired and troublesome e-mail. In some sense, the final and best solution for eliminating spam will probably take place on a legal level. In the meantime, however, you can do some things from a code perspective that can serve as an interim solution
to the problem, until (if ever) the laws begin to evolve at the same rate as public frustration.

Considering matters technically ? but also with common sense ? what is generally called “spam” is somewhat broader than the category “unsolicited commercial e-mail”; spam encompasses all the e-mail that we do not want and that is only very loosely directed at us. Such messages are not always commercial per se, and some push the limits of what it means to be solicited. For example, we do
not want to get viruses (even from our unwary friends); nor do we generally want chain letters, even if they don’t ask for money; nor proselytizing messages from strangers; nor outright attempts to defraud us. In any case, it is usually unambiguous whether a message is spam, and many, many people get the same such e-mails.

The problem of unsolicited e-mail has been increasing for years, but help has arrived. In this article, David discusses and compares several broad approaches to the automatic elimination of unwanted e-mail while introducing and testing some popular tools that follow these approaches.

Unethical e-mail senders bear little or no cost for mass distribution of messages,yet normal e-mail users are forced to spend time and effort purging fraudulent and otherwise unwanted mail from their mailboxes. In this article, I describe ways that computer code can help eliminate unsolicited commercial e-mail, viruses,
trojans, and worms, as well as frauds perpetrated electronically and other undesired and troublesome e-mail. In some sense, the final and best solution for eliminating spam will probably take place on a legal level. In the meantime, however, you can do some things from a code perspective that can serve as an interim solution
to the problem, until (if ever) the laws begin to evolve at the same rate as public frustration.

Considering matters technically ? but also with common sense ? what is generally called “spam” is somewhat broader than the category “unsolicited commercial e-mail”; spam encompasses all the e-mail that we do not want and that is only very loosely directed at us. Such messages are not always commercial per se,and some push the limits of what it means to be solicited. For example, we do not want to get viruses (even from our unwary friends); nor do we generally want chain letters, even if they don’t ask for money; nor proselytizing messages from strangers; nor outright attempts to defraud us. In any case, it is usually
unambiguous whether a message is spam, and many, many people get the same such e-mails.

The problem with spam is that it tends to sware spams than I did legitimate correspondences. On average, I probably get 10 spams for every appropriate e-mail. In some ways I am unusual ? as a public writer, I maintain a widely published e-mail address; moreover, I both welcome and receive frequent correspondence
from strangers related to my published writing and to my software libraries. Unfortunately, a letter from a stranger ? with who-knows-which e-mail application, OS, native natural language, and so on, is not immediately obvious in its purpose; and spammers try to slip their messages underneath such ambiguities. My seconds are valuable to me, especially when they are claimed many times during every
hour of a day.

Hiding contact information:

For some e-mail users, a reasonable, sufficient, and very simple approach to avoiding spam is simply to guard e-mail addresses closely. For these people, an e-mail address is something to be revealed only to selected, trusted parties. As extra precautions, an e-mail address can be chosen to avoid easily guessed
names and dictionary words, and addresses can be disguised when posting to public areas. We have all seen e-mail addresses cutely encoded in forms like “echo zregm@tabfvf.pk | tr A-Za-z N-ZA-Mn-za-m”.

In addition to hiding addresses, a secretive e-mailer often uses one or more of the free e-mail services for “throwaway” addresses. If you need to transact e-mail with a semi-trusted party, a temporary address can be used for a few days, then abandoned along with any spam it might thereafter accumulate. The real “confidantes only” address is kept protected.

In my informal survey of discussions of spam on Web-boards, mailing lists, the Usenet, and so on, I’ve found that a category of e-mail users gains sufficient protection from these basic precautions.

Looking at filtering software:

This article looks at filtering software from a particular perspective. I want to know how well different approaches work in correctly identifying spam as spam and desirable messages as legitimate. For purposes of answering this question, I am not particularly interested in the details of configuring filter applications
to work with various Mail Transfer Agents (MTAs). There is certainly a great
deal of arcana surrounding the best configuration of MTAs such as Sendmail,
QMail, Procmail, Fetchmail, and others. Further, many e-mail clients have their
own filtering options and plug-in APIs. Fortunately, most of the filters I look
at come with pretty good documentation covering how to configure them with various
MTAs.

For purposes of my testing, I developed two collections of messages: spam and
legitimate. Both collections were taken from mail I actually received in the
last couple of months, but I added a significant subset of messages up to several
years old to broaden the test. I cannot know exactly what will be contained
in next month’s e-mails, but the past provides the best clue to what the future
holds. That sounds cryptic, but all I mean is that I do not want to limit the
patterns to a few words, phrases, regular expressions, etc. that might characterize
the very latest e-mails but fail to generalize to the two types.

A general comment on testing is worth emphasizing. False negatives in spam filters
just mean that some unwanted messages make it to your inbox. Not a good thing,
but not horrible in itself. False positives are cases where legitimate messages
are misidentified as spam. This can potentially be very bad, as some legitimate
messages are important, even urgent, in nature, and even those that are merely
conversational are ones we do not want to lose. Most filtering software allows
you to save rejected messages in temporary folders pending review ? but if
you need to review a folder full of spam, the usefulness of the software is
thereby reduced.

1. Basic structured text filters

The e-mail client I use has the capability to sort incoming e-mail based on
simple strings found in specific header fields, the header in general, and/or
in the body. Its capability is very simple and does not even include regular
expression matching. Almost all e-mail clients have this much filtering capability.

Over the last few months, I have developed a fairly small number of text filters.
These few simple filters correctly catch about 80% of the spam I receive. Unfortunately,
they also have a relatively high false positive rate ? enough that I need to
manually examine some of the spam folders from time to time. (I sort probable
spam into several different folders, and I save them all to develop message
corpora.) Although exact details will differ among users, a general pattern
will be useful to most readers:

? Set 1: A few people or mailing lists do funny things
with their headers that get them flagged on other rules. I catch something in
the header (usually the From:) and whitelist it (either to INBOX or somewhere
else).

? Set 2: In no particular order, I run the following
spam filters:

o Identify a specific bad sender.

o Look for “<>” as the From: header.

o Look for “@<” in the header. The training sets are about twice as large.

A general comment on testing is worth emphasizing. False negatives in spam filters
just mean that some unwanted messages make it to your inbox. Not a good thing,
but not horrible in itself. False positives are cases where legitimate messages
are misidentified as spam. This can potentially be very bad, as some legitimate
messages are important, even urgent, in nature, and even those that are merely
conversational are ones we do not want to lose. Most filtering software allows
you to save rejected messages in temporary folders pending review ? but if
you need to review a folder full of spam, the usefulness of the software is
thereby reduced.

1. Basic structured text filters:

The e-mail client I use has the capability to sort incoming e-mail based on
simple strings found in specific header fields, the header in general, and/or
in the body. Its capability is very simple and does not even include regular
expression matching. Almost all e-mail clients have this much filtering capability.

Over the last few months, I have developedhis for some reason).

o Look for “Content-Type: audio”. Nothing I want has this, only virii (your
mileage may vary).

o Look for “euc-kr” and “ks_c_5601-1987? in the headers. I can’t read that language,
but for some reason I get a huge volume of Korean spam (of course, for an actual
Korean reader, this isn’t a good rule).

? Set 3: Store messages to known legitimate addresses.
I have several such rules, but they all just match a literal To: field.

? Set 4: Look for messages that have a legit address
in the header, but that weren’t caught by the previous To: filters. I find that
when I am only in the Bcc: field, it’s almost always an unsolicited mailing
to a list of alphabetically sequential addresses (mertz1@…, mertz37@…, etc).

? Set 5: Anything left at this point is probably spam
(it probably has forged headers to avoid identification of the sender).

2. Whitelist/verification filters:

A fairly aggressive technique for spam filtering is what I would call the “whitelist
plus automated verification” approach. There are several tools that implement
a whitelist with verification: TDMA is a popular multi-platform open source
tool; ChoiceMail is a commercial tool for Windows; most others seem more preliminary.
(See Resources later in this article for links.)

A whitelist filter connects to an MTA and passes mail only from explicitly approved
recipients on to the inbox. Other messages generate a special challenge response
to the sender. The whitelist filter’s response contains some kind of unique
code that identifies the original message, such as a hash or sequential ID.
This challenge message contains instructions for the sender to reply in order
to be added to the whitelist (the response message must contain the code generated
by the whitelist filter). When a legitimate sender answers a challenge, her/his
address is added to the whitelist so that any future messages from the same
address are passed through automatically.

Although I have not used any of these tools more than experimentally myself,
I would expect whitelist/verification filters to be very nearly 100% effective
in blocking spam messages. It is conceivable that spammers will start adding
challenge responses to their systems, but this could be countered by making
challenges slightly more sophisticated (for example, by requiring small human
modification to a code). Spammers who respond, moreover, make themselves more
easily traceable for people seeking legal remedies against them.

The problem with whitelist/verification filters is the extra burden they place
on legitimate senders. Inasmuch as some correspondents may fail to respond to
challenges ? for any reason ? this makes for a type of false positive. In
the best case, a slight extra effort is required for legitimate senders. But
senders who have unreliable ISPs, picky firewalls, multiple e-mail addresses,
non-native understanding of English (or whatever language the challenge is written
in), or who simply overlook or cannot be bothered with challenges, may not have
their legitimate messages delivered. Moreover, sometimes legitimate “correspondents”
are not people at all, but automated response systems with no capability of
challenge response. Whitelist/verification filters are likely to require extra
efforts to deal with mailing-list signups, online purchases, Web site registrations,
and other “robot correspondences”.

3. Distributed adaptive blacklists:

Spam is almost by definition delivered to a large number of recipients. And
as a matter of practice, there is little if any customization of spam messages
to individual recipients. Each recipient of a spam, however, in the absence
of prior filtering, must press his own “Delete” button to get rid of the message.

Tools such as Razor and Pyzor (see Resources) operate around servers that store
digests of known spams. When a message is received by an MTA, a distributed
blacklist filter is called to determine whether the message is a known spam.
These tools use clever statistical techniques for creating digests, so that
spams with minor or automated mutations (or just different headers resulting
from transport routes) do not prevent recognition of message identity. In addition,
maintainers of distributed blacklist servers frequently create “honey-pot” addresses
specifically for the purpose of attracting spam (but never for any legitimate
correspondences). In my testing, I found zero false positive spam categorizations
by Pyzor. I would not expect any to occur using other similar tools, such as
Razor.

There is some common sense to this. Even those ill-intentioned enough to taint
legitimate messages would not have samples of my good messages to report to
the servers ? it is generally only the spam messages that are widely distributed.
It is conceivable that a widely sent, but legitimate message such as the developerWorks
newsletter could be misreported, but the maintainers of distributed blacklist
servers would almost certainly detect this and quickly correct such problems.

As the summary table below shows, however, false negatives are far more common
using distributed blacklists than with any of the other techniques I tested.
The authors of Pyzor recommend using the tool in conjunction with other techniques
rather than as a single line of defense. While this seems reasonable, it is
not clear that such combined filtering will actually produce many more spam
identifications than the other techniques by themselves.

In addition, since distributed blacklists require talking to a server to perform
verification, Pyzor performed far more slowly against my test corpora than did
any other techniques.

4. Rule-based rankings:

The most popular tool for rule-based spam filtering, by a good margin, is SpamAssassin.
There are other tools, but they are not as widely used or actively maintained.
SpamAssassin (and similar tools) evaluate a large number of patterns ? mostly
regular expressions ? against a candidate message. Some matched patterns add
to a message score, while others subtract from it. If a message’s score exceeds
a certain threshold, it is filtered as spam; otherwise it is considered legitimate.

Some ranking rules are fairly constant over time ? forged headers and auto-executing
JavaScript, for example, almost timelessly mark spam. Other rules need to be
updated as the products and scams advanced by spammers evolve. Herbal Viagra
and heirs of African dictators might be the rage today, but tomorrow they might
be edged out by some brand new snake-oil drug or pornographic theme. As spam
evolves, SpamAssassin must evolve to keep up with it.

The README for SpamAssassin makes some very strong claims:

In its most recent test, SpamAssassin differentiated between spam and non-spam
mail correctly in 99.94% of cases. Since then, it’s just been getting better
and better!

My testing showed nowhere near this level of success. Against my corpora, SpamAssassin
had about 0.3% false positives and a whopping 19% false negatives. In fairness,
this only evaluated the rule-based filters, not the optional checks against
distributed blacklists. Additionally, my spam corpus is not purely spam ? it
also includes a large collection of what are probably virus attachments (I do
not open them to check for sure, but I know they are not messages I authorized).

SpamAssassin runs much quicker than distributed blacklists, which need to query
network servers. But it also runs much slower than even non-optimized versions
of the below statistical models (written in interpreted Python using naive data
structures).

5. Bayesian word distribution filters:

Paul Graham wrote a provocative essay in August 2002. In “A Plan for Spam” (see
Resources later in this article), Graham suggested building Bayesian probability
models of spam and non-spam words. Graham’s essay, or any general text on statistics
and probability, can provide more mathematical background than I will here.

The general idea is that some words occur more frequently in known spam, and
other words occur more frequently in legitimate messages. Using well-known mathematics,
it is possible to generate a “spam-indicative probability” for each word. Another
simple mathematical formula can be used to determine the overall “spam probability”
of a novel message based on the collection of words it contains.

Graham’s idea has several noteworthy benefits:

1. It can generate a filter automatically from corpora of categorized messages
rather than requiring human effort in rule development.

2. It can be customized to individual users’ characteristic spam and legitimate
messages.

3. It can be implemented in a very small number of lines of code.

4. It works surprisingly well.

At first blush, it would be reasonable to suppose that a set of hand-tuned and
laboriously developed rules like those in SpamAssassin would predict spam more
accurately than a scattershot automated approach. It turns out that this supposition
is dead wrong. A statistical model basically just works better than a rule-based
approach. As a side benefit, a Graham-style Bayesian filter is also simpler
and faster than SpamAssassin.

There are some issues of data structures and storage techniques that will effect
operating speed of different tools. But the actual predictive accuracy depends
on very few factors ? the main significant factor is probably the word-lexing
technique used, and this matters mostly for eliminating spurious random strings.
Barham’s implementation simply looks for relatively short, disjoint sequences
of characters in a small set (alphanumeric plus a few others).

6. Bayesian trigram filters:

Bayesian techniques built on a word model work rather well. One disadvantage
of the word model is that the number of “words” in e-mail is virtually unbounded.
This fact may be counterintuitive ? it seems reasonable to suppose that you
would reach an asymptote once almost all the English words had been included.
From my prior research into full text indexing, I know that this is simply not
true; the number of “word-like” character sequences possible is nearly unlimited,
and new text keeps producing new sequences. This fact is particularly true of
e-mails, which contain random strings in Message-IDs, content separators, UU
and base64 encodings, and so on. There are various ways to throw out words from
the model (the easiest is just to discard the sufficiently infrequent ones).

I decided to look into how well a much more starkly limited model space would
work for a Bayesian spam filter. Specifically, I decided to use trigrams for
my probability model rather than “words”.

There were several decisions I made along the way. The biggest choice was deciding
what a trigram is. While this is somewhat simpler than identifying a “word”,
the completely naive approach of looking at every (overlapping) sequence of
three bytes is non-optimal. In particular, considering high-bit characters ?
although occurring relatively frequently in multi-byte character sets (in other
words, CJK) ? forces a much bigger trigram space on us than does looking only
at the ASCII range. Limiting the trigram space even further than to low-bit
characters produces a smaller space, but not better overall results.

For my trigram analysis, I utilized only the most highly differentiating trigrams
as message categorizers. But I arrived at the chosen numbers of “spam” and “good”
trigrams only by trial and error. I also picked the cutoff probability for spam
rather arbitrarily: I made an interesting discovery that no message in the “good”
corpus was assigned a spam probability above .0071 other than two false positives
in the .99 range. Lowering my cutoff from an initial 0.9 to 0.1, however, allowed
me to catch a few more message in the “spam” corpus. For purposes of speed,
I select no more than 100 “interesting” trigrams from each candidate message
? changing that 100 to something else can produce slight variations in the
results (but not in an obvious direction).

We’ve all seen that comment spam is becoming a serious problem. Particularly on Movable Type weblogs, where the generated pages are all very similar in structure and semantics, spammers are abusing comment systems to increase their rank on Google.

Even more frustrating than the spamming problem is the fact that there isn’t a simple solution that will work for everyone and that all options have their own sets of pros and cons. During the past couple of months, we’ve been throwing around ideas at Six Apart about the best ways to combat spammers.

Readers of your weblog must register before posting to your weblog.
Before someone can post a comment to your weblog, they must register with your site.

For many webloggers, this solution is not ideal. Informal polling of webloggers has revealed that many do not want to require someone to register before posting. It usually discourages conversations from forming and is a barrier for open discussion. Additionally, without federation, logins on multiple weblogs become unmanageable.

While we do plan on integrating comment registration into Movable Type Pro (which we’ll be talking about in more detail very soon), it’s an option that serves a different purpose than just blocking spam. If you want to prevent links to explicit pornography from appearing on your site, you shouldn’t have to be required to turn on comment registration.

Comments require approval before being posted When a comment is posted, you can receive an email that provides a clickable link you must visit before the comment can be posted on your site.

For webloggers with a small amount of readers, this solution may be ideal. However, if you receive a good deal of comments, it’s a solution that doesn’t scale. Additionally, it may ruin the spontaneity of discussion.

Image comprehension technology
Before a comment can be posted on a weblog, human eyes must enter a code that, ideally, is not readable by a computer.

This solution is not feasible because of accessibility issues. Additionally, spammers seem to be searching with bots and entering spam manually.

A possible solution for everyone?
The problem has intensified in the past couple of weeks, but the good news is that as more people have been hit by comment spam, actual solutions are beginning to emerge.

Specifically, Jay Allen’s MT-BlackList is a blacklist-based solution to comment spam for Movable Type weblogs. It checks the comment fields (body, URL, author, etc) for URLs commonly found in spam comments, and rejects the comment if it looks like spam. The core plugin is set to be released today (Monday), but one of its neatest features-in-development is the ability for weblog systems to share blacklist data using XML-RPC. This provides the basis of a collaborative system similar to Razor, with the option for more management over the items in your own system’s blacklist.

We’re deeply committed to finding a way to combat spammers and we’re determined to do it on a core system level so that everyone can take advantage of spam prevention. We’re working on integrating comment spam blocking for MT and TypePad, and the great thing about Jay’s solution is that it could be the start of a distributed spam blocking network for comments, an implementation of which could be included in multiple tools. But, like email, there isn’t one simple solution that can be switched on and end spam completely. Hopefully we’re moving a step closer.

The problem of unsolicited e-mail has been increasing for years, but help has arrived. In this article, David discusses and compares several broad approaches to the automatic elimination of unwanted e-mail while introducing and testing some popular tools that follow these approaches.

Unethical e-mail senders bear little or no cost for mass distribution of messages, yet normal e-mail users are forced to spend time and effort purging fraudulent and otherwise unwanted mail from their mailboxes. In this article, I describe ways that computer code can help eliminate unsolicited commercial e-mail, viruses,
trojans, and worms, as well as frauds perpetrated electronically and other undesired and troublesome e-mail. In some sense, the final and best solution for eliminating spam will probably take place on a legal level. In the meantime, however, you can do some things from a code perspective that can serve as an interim solution to the problem, until (if ever) the laws begin to evolve at the same rate as public frustration.

Considering matters technically ? but also with common sense ? what is generally called “spam” is somewhat broader than the category “unsolicited commercial e-mail”; spam encompasses all the e-mail that we do not want and that is only very loosely directed at us. Such messages are not always commercial per se, and some push the limits of what it means to be solicited. For example, we do not want to get viruses (even from our unwary friends); nor do we generally want chain letters, even if they don’t ask for money; nor proselytizing messages from strangers; nor outright attempts to defraud us. In any case, it is usually
unambiguous whether a message is spam, and many, many people get the same such
e-mails.

The problem of unsolicited e-mail has been increasing for years, but help has arrived. In this article, David discusses and compares several broad approaches to the automatic elimination of unwanted e-mail while introducing and testing some popular tools that follow these approaches.Unethical e-mail senders bear little or no cost for mass distribution of messages, yet normal e-mail users are forced to spend time and effort purging fraudulent and otherwise unwanted mail from their mailboxes. In this article, I describe
ways that computer code can help eliminate unsolicited commercial e-mail, viruses, trojans, and worms, as well as frauds perpetrated electronically and other undesired and troublesome e-mail. In some sense, the final and best solution for eliminating spam will probably take place on a legal level. In the meantime, however, you
can do some things from a code perspective that can serve as an interim solution to the problem, until (if ever) the laws begin to evolve at the same rate as public frustration.

Considering matters technically ? but also with common sense ? what is generally called “spam” is somewhat broader than the category “unsolicited commercial e-mail”; spam encompasses all the e-mail that we do not want and that is only very loosely directed at us. Such messages are not always commercial per se, and some push the limits of what it means to be solicited. For example, we do not want to get viruses (even from our unwary friends); nor do we generally want chain letters, even if they don’t ask for money; nor proselytizing messages from strangers; nor outright attempts to defraud us. In any case, it is usually
unambiguous whether a message is spam, and many, many people get the same such e-mails.

The problem with spam is that it tends to sware spams than I did legitimate correspondences. On average, I probably get 10 spams for every appropriate e-mail. In some ways I am unusual ? as a public writer, I maintain a widely published e-mail address; moreover, I both welcome and receive frequent correspondence
from strangers related to my published writing and to my software libraries. Unfortunately, a letter from a stranger ? with who-knows-which e-mail application, OS, native natural language, and so on, is not immediately obvious in its purpose; and spammers try to slip their messages underneath such ambiguities. My seconds are valuable to me, especially when they are claimed many times during every hour of a day.

Hiding contact information:

For some e-mail users, a reasonable, sufficient, and very simple approach to avoiding spam is simply to guard e-mail addresses closely. For these people, an e-mail address is something to be revealed only to selected, trusted parties. As extra precautions, an e-mail address can be chosen to avoid easily guessed names and dictionary words, and addresses can be disguised when posting to public areas. We have all seen e-mail addresses cutely encoded in forms like “echo zregm@tabfvf.pk | tr A-Za-z N-ZA-Mn-za-m”.

In addition to hiding addresses, a secretive e-mailer often uses one or more of the free e-mail services for “throwaway” addresses. If you need to transact e-mail with a semi-trusted party, a temporary address can be used for a few days, then abandoned along with any spam it might thereafter accumulate. The
real “confidantes only” address is kept protected.

In my informal survey of discussions of spam on Web-boards, mailing lists, the Usenet, and so on, I’ve found that a category of e-mail users gains sufficient protection from these basic precautions.

Looking at filtering software:

This article looks at filtering software from a particular perspective. I want to know how well different approaches work in correctly identifying spam as spam and desirable messages as legitimate. For purposes of answering this question, I am not particularly interested in the details of configuring filter applications
to work with various Mail Transfer Agents (MTAs). There is certainly a great deal of arcana surrounding the best configuration of MTAs such as Sendmail, QMail, Procmail, Fetchmail, and others. Further, many e-mail clients have their own filtering options and plug-in APIs. Fortunately, most of the filters I look at come with pretty good documentation covering how to configure them with various
MTAs.

For purposes of my testing, I developed two collections of messages: spam and legitimate. Both collections were taken from mail I actually received in the last couple of months, but I added a significant subset of messages up to several years old to broaden the test. I cannot know exactly what will be contained
in next month’s e-mails, but the past provides the best clue to what the future holds. That sounds cryptic, but all I mean is that I do not want to limit the patterns to a few words, phrases, regular expressions, etc. that might characterize the very latest e-mails but fail to generalize to the two types.

A general comment on testing is worth emphasizing. False negatives in spam filters just mean that some unwanted messages make it to your inbox. Not a good thing, but not horrible in itself. False positives are cases where legitimate messages are misidentified as spam. This can potentially be very bad, as some legitimate messages are important, even urgent, in nature, and even those that are merely conversational are ones we do not want to lose. Most filtering software allows you to save rejected messages in temporary folders pending review ? but if you need to review a folder full of spam, the usefulness of the software is
thereby reduced.

1. Basic structured text filters

The e-mail client I use has the capability to sort incoming e-mail based on simple strings found in specific header fields, the header in general, and/or in the body. Its capability is very simple and does not even include regular expression matching. Almost all e-mail clients have this much filtering capability.

Over the last few months, I have developed a fairly small number of text filters. These few simple filters correctly catch about 80% of the spam I receive. Unfortunately, they also have a relatively high false positive rate ? enough that I need to manually examine some of the spam folders from time to time. (I sort probable spam into several different folders, and I save them all to develop message corpora.) Although exact details will differ among users, a general pattern will be useful to most readers:

? Set 1: A few people or mailing lists do funny things
with their headers that get them flagged on other rules. I catch something in
the header (usually the From:) and whitelist it (either to INBOX or somewhere
else).

? Set 2: In no particular order, I run the following
spam filters:

o Identify a specific bad sender.

o Look for “<>” as the From: header.

o Look for “@<” in the header. The training sets are about twice as large.

A general comment on testing is worth emphasizing. False negatives in spam filters just mean that some unwanted messages make it to your inbox. Not a good thing, but not horrible in itself. False positives are cases where legitimate messages are misidentified as spam. This can potentially be very bad, as some legitimate messages are important, even urgent, in nature, and even those that are merely conversational are ones we do not want to lose. Most filtering software allows you to save rejected messages in temporary folders pending review — but if you need to review a folder full of spam, the usefulness of the software is
thereby reduced.

1. Basic structured text filters:

The e-mail client I use has the capability to sort incoming e-mail based on
simple strings found in specific header fields, the header in general, and/or
in the body. Its capability is very simple and does not even include regular
expression matching. Almost all e-mail clients have this much filtering capability.

Over the last few months, I have developedhis for some reason).

o Look for “Content-Type: audio”. Nothing I want has this, only virii (your
mileage may vary).

o Look for “euc-kr” and “ks_c_5601-1987? in the headers. I can’t read that language,
but for some reason I get a huge volume of Korean spam (of course, for an actual
Korean reader, this isn’t a good rule).

? Set 3: Store messages to known legitimate addresses.
I have several such rules, but they all just match a literal To: field.

? Set 4: Look for messages that have a legit address
in the header, but that weren’t caught by the previous To: filters. I find that
when I am only in the Bcc: field, it’s almost always an unsolicited mailing
to a list of alphabetically sequential addresses (mertz1@…, mertz37@…, etc).

? Set 5: Anything left at this point is probably spam
(it probably has forged headers to avoid identification of the sender).

2. Whitelist/verification filters:

A fairly aggressive technique for spam filtering is what I would call the “whitelist
plus automated verification” approach. There are several tools that implement
a whitelist with verification: TDMA is a popular multi-platform open source
tool; ChoiceMail is a commercial tool for Windows; most others seem more preliminary.
(See Resources later in this article for links.)

A whitelist filter connects to an MTA and passes mail only from explicitly approved
recipients on to the inbox. Other messages generate a special challenge response
to the sender. The whitelist filter’s response contains some kind of unique
code that identifies the original message, such as a hash or sequential ID.
This challenge message contains instructions for the sender to reply in order
to be added to the whitelist (the response message must contain the code generated
by the whitelist filter). When a legitimate sender answers a challenge, her/his
address is added to the whitelist so that any future messages from the same
address are passed through automatically.

Although I have not used any of these tools more than experimentally myself,
I would expect whitelist/verification filters to be very nearly 100% effective
in blocking spam messages. It is conceivable that spammers will start adding
challenge responses to their systems, but this could be countered by making
challenges slightly more sophisticated (for example, by requiring small human
modification to a code). Spammers who respond, moreover, make themselves more
easily traceable for people seeking legal remedies against them.

The problem with whitelist/verification filters is the extra burden they place
on legitimate senders. Inasmuch as some correspondents may fail to respond to
challenges ? for any reason ? this makes for a type of false positive. In
the best case, a slight extra effort is required for legitimate senders. But
senders who have unreliable ISPs, picky firewalls, multiple e-mail addresses,
non-native understanding of English (or whatever language the challenge is written
in), or who simply overlook or cannot be bothered with challenges, may not have
their legitimate messages delivered. Moreover, sometimes legitimate “correspondents”
are not people at all, but automated response systems with no capability of
challenge response. Whitelist/verification filters are likely to require extra
efforts to deal with mailing-list signups, online purchases, Web site registrations,
and other “robot correspondences”.

3. Distributed adaptive blacklists:

Spam is almost by definition delivered to a large number of recipients. And
as a matter of practice, there is little if any customization of spam messages
to individual recipients. Each recipient of a spam, however, in the absence
of prior filtering, must press his own “Delete” button to get rid of the message.

Tools such as Razor and Pyzor (see Resources) operate around servers that store
digests of known spams. When a message is received by an MTA, a distributed
blacklist filter is called to determine whether the message is a known spam.
These tools use clever statistical techniques for creating digests, so that
spams with minor or automated mutations (or just different headers resulting
from transport routes) do not prevent recognition of message identity. In addition,
maintainers of distributed blacklist servers frequently create “honey-pot” addresses
specifically for the purpose of attracting spam (but never for any legitimate
correspondences). In my testing, I found zero false positive spam categorizations
by Pyzor. I would not expect any to occur using other similar tools, such as
Razor.

There is some common sense to this. Even those ill-intentioned enough to taint
legitimate messages would not have samples of my good messages to report to
the servers ? it is generally only the spam messages that are widely distributed.
It is conceivable that a widely sent, but legitimate message such as the developerWorks
newsletter could be misreported, but the maintainers of distributed blacklist
servers would almost certainly detect this and quickly correct such problems.

As the summary table below shows, however, false negatives are far more common
using distributed blacklists than with any of the other techniques I tested.
The authors of Pyzor recommend using the tool in conjunction with other techniques
rather than as a single line of defense. While this seems reasonable, it is
not clear that such combined filtering will actually produce many more spam
identifications than the other techniques by themselves.

In addition, since distributed blacklists require talking to a server to perform
verification, Pyzor performed far more slowly against my test corpora than did
any other techniques.

4. Rule-based rankings:

The most popular tool for rule-based spam filtering, by a good margin, is SpamAssassin.
There are other tools, but they are not as widely used or actively maintained.
SpamAssassin (and similar tools) evaluate a large number of patterns ? mostly
regular expressions ? against a candidate message. Some matched patterns add
to a message score, while others subtract from it. If a message’s score exceeds
a certain threshold, it is filtered as spam; otherwise it is considered legitimate.

Some ranking rules are fairly constant over time ? forged headers and auto-executing
JavaScript, for example, almost timelessly mark spam. Other rules need to be
updated as the products and scams advanced by spammers evolve. Herbal Viagra
and heirs of African dictators might be the rage today, but tomorrow they might
be edged out by some brand new snake-oil drug or pornographic theme. As spam
evolves, SpamAssassin must evolve to keep up with it.

The README for SpamAssassin makes some very strong claims:

In its most recent test, SpamAssassin differentiated between spam and non-spam
mail correctly in 99.94% of cases. Since then, it’s just been getting better
and better!

My testing showed nowhere near this level of success. Against my corpora, SpamAssassin
had about 0.3% false positives and a whopping 19% false negatives. In fairness,
this only evaluated the rule-based filters, not the optional checks against
distributed blacklists. Additionally, my spam corpus is not purely spam ? it
also includes a large collection of what are probably virus attachments (I do
not open them to check for sure, but I know they are not messages I authorized).

SpamAssassin runs much quicker than distributed blacklists, which need to query
network servers. But it also runs much slower than even non-optimized versions
of the below statistical models (written in interpreted Python using naive data
structures).

5. Bayesian word distribution filters:

Paul Graham wrote a provocative essay in August 2002. In “A Plan for Spam” (see
Resources later in this article), Graham suggested building Bayesian probability
models of spam and non-spam words. Graham’s essay, or any general text on statistics
and probability, can provide more mathematical background than I will here.

The general idea is that some words occur more frequently in known spam, and
other words occur more frequently in legitimate messages. Using well-known mathematics,
it is possible to generate a “spam-indicative probability” for each word. Another
simple mathematical formula can be used to determine the overall “spam probability”
of a novel message based on the collection of words it contains.

Graham’s idea has several noteworthy benefits:

1. It can generate a filter automatically from corpora of categorized messages
rather than requiring human effort in rule development.

2. It can be customized to individual users’ characteristic spam and legitimate
messages.

3. It can be implemented in a very small number of lines of code.

4. It works surprisingly well.

At first blush, it would be reasonable to suppose that a set of hand-tuned and
laboriously developed rules like those in SpamAssassin would predict spam more
accurately than a scattershot automated approach. It turns out that this supposition
is dead wrong. A statistical model basically just works better than a rule-based
approach. As a side benefit, a Graham-style Bayesian filter is also simpler
and faster than SpamAssassin.

There are some issues of data structures and storage techniques that will effect
operating speed of different tools. But the actual predictive accuracy depends
on very few factors ? the main significant factor is probably the word-lexing
technique used, and this matters mostly for eliminating spurious random strings.
Barham’s implementation simply looks for relatively short, disjoint sequences
of characters in a small set (alphanumeric plus a few others).

6. Bayesian trigram filters:

Bayesian techniques built on a word model work rather well. One disadvantage
of the word model is that the number of “words” in e-mail is virtually unbounded.
This fact may be counterintuitive ? it seems reasonable to suppose that you
would reach an asymptote once almost all the English words had been included.
From my prior research into full text indexing, I know that this is simply not
true; the number of “word-like” character sequences possible is nearly unlimited,
and new text keeps producing new sequences. This fact is particularly true of
e-mails, which contain random strings in Message-IDs, content separators, UU
and base64 encodings, and so on. There are various ways to throw out words from
the model (the easiest is just to discard the sufficiently infrequent ones).

I decided to look into how well a much more starkly limited model space would
work for a Bayesian spam filter. Specifically, I decided to use trigrams for
my probability model rather than “words”.

There were several decisions I made along the way. The biggest choice was deciding
what a trigram is. While this is somewhat simpler than identifying a “word”,
the completely naive approach of looking at every (overlapping) sequence of
three bytes is non-optimal. In particular, considering high-bit characters ?
although occurring relatively frequently in multi-byte character sets (in other
words, CJK) ? forces a much bigger trigram space on us than does looking only
at the ASCII range. Limiting the trigram space even further than to low-bit
characters produces a smaller space, but not better overall results.

For my trigram analysis, I utilized only the most highly differentiating trigrams
as message categorizers. But I arrived at the chosen numbers of “spam” and “good”
trigrams only by trial and error. I also picked the cutoff probability for spam
rather arbitrarily: I made an interesting discovery that no message in the “good”
corpus was assigned a spam probability above .0071 other than two false positives
in the .99 range. Lowering my cutoff from an initial 0.9 to 0.1, however, allowed
me to catch a few more message in the “spam” corpus. For purposes of speed,
I select no more than 100 “interesting” trigrams from each candidate message
? changing that 100 to something else can produce slight variations in the
results (but not in an obvious direction).
Posted by: David at 09:08 AM
Spam: The Plague of the Internet

“Spam” is the term for unsolicited commercial bulk email, this which started out a very small nuisance on the internet has grown to become something that plagues people every time they check their inbox. This spam fills up inboxes with unsolicited mail for services that no one could ever want. They cost time and money to those that receive them and the cost to the email servers and internet service providers (ISP’s) in then passed on to the consumers in the form of higher bills. Measures have been taken to put and end to this scourge and to prevent future spammers from arising.

Spam is an ineffective way to advertise as it provides people with information about products and services that likely are of use to no one. Many spammers are unaware of what they are doing and have probably been duped into some kind of “Get-Rich-Quick” scheme. In a article about the commercial uses of spam (from Alchemy Mindworks) it was explained the reason that people spam and how they might be unaware of the damage they are causing:

The most prevalent sort of junk e-mail is commercial advertising. Judging by the content of most of these messages, their perpetrators have all just signed up with an Internet access provider, and were given complimentary copies of one of the many “How to Make Lots of Money on the Internet” books. Some of them are genuinely inconsiderate of the rights of other users of the net ? the bulk of them, however, are merely confused, deluded and ignorant.

These unsolicited emails take time out of someone busy day to either read or get rid off; they become a constant hassle to your everyday routine. Another way that people get on the spam lists in the first place is when spammers get a hold of mailing list for an organization or forum:

One particularly nasty variant of email spam is sending spam to mailing lists (public or private email discussion forums.) Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks.

Spam can come from anywhere and internet users should be very careful about who they give their email address too.

Ways to get rid of spam are ever rising and slowing down the amount of junk mail that email users receive. For those who use programs to read their emails there are solutions such as SpamCop a highly rated program and the slightly over zealous Spam Hater, both programs not only stop spam but report complaints to the senders of the spam. Online email such as Hotmail also have taken measure to prevent spam in a help file one can learn,
In MSN Hotmail, you have several ways to protect yourself from junk mail: On the page, set up the Junk Mail Filter to redirect spam to your Junk Mail folder.
You can set the Junk Mail Filter to High or Exclusive, and then create a Safe List of addresses that should always send messages to your Inbox… If an offending message still gets into your Inbox, click the check box to the left of the message, and then click Block to stop future messages from that sender from entering your Inbox.

Other measures should be taken as checking out a website or forum for a privacy policy before giving away your email address and when signing up for a service be sure not to check anything that says that you would like to receive “special offers” or “important information” these can be a red flag that the service is linked to potential spammers.

Spam is a nuisance and will hopefully be eliminated or at least slowed down over time. More people learn how to stop or prevent it everyday and hopefully one day it will no longer be in existence. Until then, everyone must take measures to protect their inbox from being crammed full of emails about something no one could ever want.

Blog comment spam can´t be comprared yet with his big brother “email” but there is enough presence to be considered as a danger. MT doesn´t help too much cleaning your articles from spamming post so if you don´t want to spend an hour each day doing blog cleaning I recommend you to take action right now. They use bots to kill your blog but you don´t have a cleaning bot, remewmber this!. We must hit asap before this becomes a major problem. Some blacklists are ready to use and other methods are a good starting point. I have collected here some methods and solutions that blog owner are developing. I´ll add a brief description of each method and a link to the author´s website where you ca find more info. I don´t want to infright copyrighted material so you must get the original content from the authore´s website.

Spam prevention is easy, some quick solutions can save your Movable Type blog from the spam plague. All the solutions I have posted here are specific for MT, I´ll try to add stuff for other blog types, sorry!. With one of this methods you can avoid most of blog spamm comments, and is very simple in case of bots, let´s go!

Email spamming is much easier than blog spamming, this is our first advantage. If a spammer wants to get an email in your inbox, he only needs your email address but if a spammer wants to get inside your blog he needs some extra effort: visit your blog and find the comment script page, then submit a post. As they use bots specifically designed for base MT installations we must change this structure as much a possible in order to increase the difficult of posting.

I recommend you to start with the easiest ones, and if they don’t keep the spammers away then try to add the advanced solutions, the reward worth the effort, so take action.

It is clear that spam brings economic benefits to its customers. This means that users, despite the dislike of spam, does enjoy the services advertised through spam. Until the impact of spam exceeds the cost of overcoming protection, spam will not disappear. Thus, the surest way to fight a denial of service advertised through spam. There are proposals on the use of public condemnation, until the end of communication, against those who buy spam advertised goods and services.

Other methods are aimed at inhibiting the spammers access to users.

Preventive measures to protect

The surest way to fight spam ? do not let spammers get e-mail address. This is a difficult task, but some precautions can be taken.
Do not publish your email address on public websites.
If for some reason the email account to publish, it can be coded like ?u_s_e_r_ (a) _d_o_m_a_i_n_._n_e_t?. Spammers use special programs to scan websites and collect email addresses, so even a masking addresses can help. It should be remembered, however, that in the simplest cases ?encoded? will be able to recognize and address of the program. In addition, it is an inconvenience not only for spammers, but also for ordinary users.

Many services to provide addresses for non-registered users can send a message to the nick. The real address is substituted service of a user profile and not visible to other users.
Address can be represented in the form of pictures. There are online services that make it automatically , you can also do it in a graphics editor , or simply write the email address of your hands and take pictures.
On the web-pages, e-mail addresses can be protected with the help of Java Script, which is not recognized by the software to collect e-mail addresses.

There is no need to without full guarantees of non-register at the web sites. You can make a special box for these cases and do not use it for regular work. There are even services, issuing disposable addresses specifically to identify them in case of doubt. The most famous of them ? mailinator.com.
Never respond to spam or pass on the reference therein. Such action will confirm that the e-mail address is actively used and would increase the amount of spam.

By downloading the images included in the letter, when read, can be used to test the activity of postal address. It is therefore recommended that they request a mail client for permission to prohibit the effect of loading the image, if you are unsure of the sender.
When choosing an e-mail address should, if possible, stay in a long and uncomfortable for guessing the name. Thus, there is less than 12 million names, consisting of no more than 5 Latin letters. Even if you add numbers and symbols underlined, the number of nicknames, less than 70 million. The spammers can send mails to all such names and weed out those with whom he came to answer ?recipient does not exist?. Thus, it is desirable that the name was not shorter than 6 characters, and if there are no numbers ? not shorter than 7 characters. It is also desirable that the name was not a word in any language, including common names, as well as recorded in Latin Russian words. In this case the address can be guessed by the crowding of words and combinations of the dictionary.

You may from time to time change its address, but this is due to the obvious difficulty: you need to communicate the new address to people who would like to receive e-mails.
Companies often do not publish your address, instead of using CGI to communicate with users.

All methods of hiding the address is a fundamental flaw: they create an inconvenience, not only the alleged spammers, but the real addressees. Besides, often just need to publish the address ? for example, if a contact address.

Ownership, use, efficiency
These include:
lists of IP-addresses of computers that are known to them being spam.
(widely used) lists of computers that can be used for distribution ? ?relei open? and ?open proxy?, and also ? lists ?dial? ? client addresses to which there can be no mail servers
(possible use), a local list or the list maintained by someone else.
(widely distributed through the simplicity of implementation), black lists, a request that is carried out via DNS. They are called DNSBL (DNS B lack L ist). Currently this method is not very efficient. Spammers find new computers to their goals faster than they manage to enter in the black lists. In addition, several computers, send spam, can compromise the entire email domain, or subnet, and thousands of law-abiding users for an indefinite period will be denied the opportunity to send e-mail servers, using a black list.
(found) lists rather preach radical theory (eg, equating to a viral malicious spam messages, etc.).

Misuse
Often, the irresponsible and improper use of black lists of administrators of resources, leading to blockage of the large number of innocent users.

Example: the use of lists with accurate representations of what the address and how it incorporated the use of email black lists for web-resources, etc.

The irresponsible use of

Example: the failure of a user (or administrator) blocked addresses on the list (because they are there a great many), or rukovodstvovanie in their actions the principle of presumption of guilt.

Example: (the most striking example of the irresponsible attitude last time), the blocking of domain registrar GoDaddy thousands of domain names registered by the hosting company Majordomo [17], based on single and unverified complaints from a group Spamhaus [18] [19].

Racket on the part of administrators blacklists

Recently, the network appears more and more complaints against administrators blacklists which blackmailed Internet providers and hosting providers failure to remove IP addresses from which spam was once perhaps was sent (the addresses are in the black lists of anonymous complaints that are often impossible to verify) . In addition, many require “donations” from the owners of IP addresses for the removal of records from the blacklists.

Authorization Server

Have been proposed various methods to confirm that the computer that sends the message, actually has the right to do so (Sender ID, SPF, Caller ID, Yahoo DomainKeys, MessageLevel [1]), but they are not yet widely available. In addition, these technologies limit the functionality of some common types of mail servers: becomes impossible to automatically redirect your mail from one mailbox to another server (SMTP Forwarding).

Among the providers of extended policy, under which customers are allowed to install SMTP-connection with server. In this case, becomes impossible to use some of the mechanisms of authentication.

Gray lists

The method of gray lists based on the fact that ?behavior? software designed to send spam, different from that of an ordinary e-mail servers, namely, spam programs are not trying to re-send the letter in the event of a temporary error, as required by the protocol SMTP. More precisely, an attempt to circumvent the protection, in subsequent attempts, they use a different relay, another return address, etc., so it looks for the host as part of attempts to send different messages.

The simplest version of the gray lists works as follows. All previously unknown SMTP-servers rely in a ?gray? list. Mail from such servers is not accepted, nor rejected entirely ? he returns a temporary error code ( ?come later?). If the server-sender repeats its attempt to at least some time tg (this time called the delay), the server is entered in the whitelist, and the mail was adopted. Therefore, standard mail (not spam) are not lost, just delayed delivery (they remain in the queue at the sender’s server and delivered after one or more unsuccessful attempts). Program-spammers, or do not know how to re-send messages or use their servers will actually delay time to get on blacklists DNSBL.

This method currently allows the filter to 90% of spam with virtually no risk of losing important messages. However, it also was not perfect.

May mistakenly filter out messages from servers who do not meet the recommendations of the protocol SMTP, for example, the distribution of news sites. Servers with this behavior, if possible, be recorded in the whitelists.
Delay in delivery of the letter can be as high as half (or even more), which may be unacceptable in the case of urgent correspondence. This disadvantage is offset by the fact that the delay is introduced only when making the first letter from a previously unknown sender. Also, many of the implementation of gray lists automatically after a period of ?friendship?, making a SMTP-server in the whitelist. There are ways of sharing such mezhservernogo white lists. As a result, after an initial period ?remember?, in fact, been delayed less than 20% of the letters.
Major postal services using multiple servers with different IP-addresses, moreover, possible that a few servers in turn are trying to send the same message. This can lead to great delays in the delivery of letters. Pools of servers such behavior is also possible to put in the white lists.
Spam programs can be improved. Support for re-sending the message is implemented fairly easily and in large part ?????????? this kind of protection. A key figure in this struggle is the ratio of the characteristic time getting to the spammer blacklists tb and a typical time-delay ?gray? lists tg. When the gray list of potentially futile, with formidable gray lists for spammers.

Sort the letters on the contents of the letter header fields allows to get rid of a certain amount of spam. Some clients (eg, Mozilla Thunderbird or The Bat!) Provide an opportunity to examine the headers without downloading from the server all the email as well, and thus save bandwidth.
System type ?a challenge-response? to verify that the sender ? the person, not the robot software. Using this method requires the sender of the fulfillment of certain additional actions, often it may be desirable. Many such systems pose an additional burden on the postal system, in many cases, they send requests to fake addresses, it is in professional circles, such decisions are not respected. In addition, the system can not distinguish a robot spammers from any other, for example those that send news.

Systems to measure signs of mass communication, such as Razor and Distributed Checksum Clearinghouse. Built-in mail server software modules count checksums of each passing through them and check their email on the servers of Razor, or DCC, which reported the number of appearances letter on the Internet. If a letter appears, for example, tens of thousands of times ? perhaps this is spam. On the other hand, mass communication can be a legitimate mailing list. In addition, spammers can vary the text message, for example, by adding at the end of random characters.

Legal aspects of the problem
In some countries, legislative action against spammers. Attempts by outlawing or limiting the activities of spammers face a number of difficulties. Is not easy to define in law what is a legitimate mailing list, and what not. Worst of all, that the company (or person), spammers can be located in another country. To ensure that such laws were effective, it is necessary to develop a coherent legislation, which would be operated in most countries, which seems elusive for the foreseeable future.

In Russia, spam is prohibited by ?the Law on Advertising? (Article 18, Clause 1)
The proliferation of advertising on the networks of telecommunications, including through the use of telephone, facsimile, mobile radio communication is permitted only with prior consent of the caller or recipient to receive advertising. At the same time recognizes the widespread advertising without the prior consent of the caller or recipient, if reklamorasprostranitel not prove that such consent was obtained.

In formal comments, the Federal Antimonopoly Service, entrusted with the responsibilities for monitoring compliance with this Act, referred to the applicability of the rule for Internet delivery. For violation of Article 18 reklamorasprostranitel is responsible under the law on Administrative Violations. However, FAS has no authority to carry out operational search activities of the person responsible for the spam, and authorized to do so their bodies can not hold in the absence of the Russian administrative and criminal law responsibility for the delivery of spam. Therefore, despite the periodic publication of materials to bring the perpetrators to justice [21], currently, the legislative rule ineffective.

From 1 January 2004 in the U.S. the federal law, known as the Can-Spam Act. Attempts to bring spammers to court, and sometimes these attempts are successful.

American Robert Solouey lost to the process in federal court against a small company oklahomskoy provider of Internet services, the operator which has accused him of sending spam. The sentence the court included damages of $ 10 075 000 .

The first case, when the user has won a case against a company involved in the visual occurred in December 2005, when businessman Nigel Roberts from the island of Alderney (Channel Islands) has won court against Media Logistics UK, receiving as compensation for 270 ?

First solution to dry up the spam at the source, set up SpamPal. This software will Prevent your solution (Outlook, Outlook Express or Thunderbird) to download the spam, Which will save you time to sort the mail left.

This type of spam filter is effective Particularly in the case of a mailbox heavily spammedFor Which the time spent sorting and deleting spam becomes a problem. Ultimately, the user will not mind one or two good messages deleted by accident a few thousand well understood.

Alternatively, methods of logical analysis of the spam, using software like SpamBayes working on the source of the e-mail to Detect Whether or not it is spam. Advantage of this technique: the filter is sometimes more intelligent, since it will be able to detect if you tell him several times to type emails casino spam, any content of this type should be redirected to your Deleted Items. If you delete all content in foreign languages, it will adopt the same attitude to handle spam …

Moreover, it is important to Ensure that its anti-spam solution has advanced functions overlap to detect spam The message contains links to external relatively unsafe formatted text, the sender is attached to a nonexistent domain name makes heavy use of certain HTML tags … All of which allow you to automate much of the processing of spam.