The Anti Spam Challenge - Minimizing False Positives

Email is the quintessential business communication tool, so when it doesn't work like it's supposed to, business suffers. Anti spam software is designed to protect your inbox from unwanted messages, but unless your system is properly trained even the best software misses the mark and flags legitimate messages as spam. These messages are referred to as "false positives."

While consumer and ISP anti spam products focus on blocking messages and even consider some false positives acceptable, businesses require anti spam solutions that treat their messages as very valuable. Failing to receive critical messages in a timely fashion can do irreparable damage to customer and partner relationships and cause important orders to be missed, so eliminating false positives while maintaining high anti spam accuracy is paramount to any enterprise anti spam solution.

What causes false positives?

Different anti spam solutions utilize different methods of detecting and blocking spam. Anti spam software typically uses content filtering or Bayesian Logic, an advanced content filtering method, to score each email, looking for certain tell-tale signs of spammer habits such as frequently used terms like "Viagra" or "click here." Other anti spam solutions reference blacklists and whitelists to determine whether the sender has shown spammer tendencies in the past. A false positive can occur when a legitimate sender raises enough red flags, either by using too many "spam terms" or sending from an IP address that has been used by spammers in the past.

Minimizing False Positives

Although it takes a person only a moment to process a message and identify it as spam, it is difficult to automate that human process because no single message characteristic consistently identifies spam. In fact, there are hundreds of different message characteristics that may indicate an email is spam, and an effective anti spam solution must be capable of employing multiple spam detection techniques to effectively cover all bases.

A comprehensive anti spam approach involves examining both message content and sender history in tandem. By using a reputation system to evaluate senders based on their past behavior, a more accurate picture of their intentions and legitimacy can be discerned, and a solution's false positive rate can be further lowered. Has the sender engaged in spamming, virus distribution or phishing attacks in the past? If not, the likelihood of their message getting past the email gateway just went up, and the chances of a false positive declined accordingly. If they have, an effective reputation system knows and flags the message.

Self-Optimization

In order to be most effective, anti spam solutions must learn based on a recipient's preferences. While most of us prefer not to receive emails containing the term Viagra, some medical organizations might need to receive these emails in order to process patient data. In order to best learn your organizational preferences, anti spam solutions should put filtered emails into a quarantine that allows users to review and make decisions as to whether a particular message is spam. Making this quarantine available to the end-user lowers the administration costs and increases the accuracy of the anti spam system.

Each time a user makes a decision about whether a particular email is or is not spam, the system becomes more personalized and intelligent about filtering email for that individual in the future. Over time, users find that they rarely need to review their quarantines anymore because the system has learned how to identify messages that are important to that user.

Don't throw the baby out with the bathwater

In conclusion, it is imperative that false positives be kept to an absolute minimum for business users. Although consumers may have more patience with incorrectly blocked email, businesses cannot afford these types of problems. An effective, accurate anti spam solution aggregates multiple spam detection technologies, combining the benefits of each individual technique to stop spam while minimizing false positives. It also puts suspected spam into a quarantine that is available to end-users, and learns how to better identify spam in the future.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com/products/spam_and_fraud_protection/ today.

When 'Viagra' Comments on Your Blog, and Other Spam Red Flags PCWorld Matt Mullenweg, the creator of WordPress, actually created a spam blocker for WordPress called Akismet in 2005, partially so his mom wouldn't be assaulted by Viagra ads while writing her blog. Today, spam blockers do a good job of nabbing most spam, ... and more »

Trend Micro Titanium Maximum Security 2012 review PC Advisor Trend Micro Titanium Maximum Security 2012 starts out with traditional modules, including AV protection, an improved firewall, a spam blocker, parental control, a system tuner, protection against data theft and 10GB of online storage.

WatchGuard Breaks Quarterly Billings, Profit and Units Shipped Records MarketWatch (press release) Currently, WatchGuard offers seven add on security services for XTM appliances, including: Application Control, WebBlocker, Gateway Antivirus, Reputation Enabled Defense, spamBlocker, Intrusion Prevention and LiveSecurity. and more »

NEWS ROUND-UP: The latest from WatchGuard, Compuware, and Island Pacific ARNnet WatchGuard currently offers seven add-on security services for XTM appliances: Application Control, WebBlocker, Gateway Antivirus, Reputation Enabled Defence, spamBlocker, Intrusion Prevention, and LiveSecurity. Technology performance company ... and more »

Tucson victim stalked for nearly 2 decades Tucson Citizen ... in consequence of which she tells numerous falsehoods to create the illusion of danger, purely to get someone incarcerated for up to 10 years merely because she doesn't want to use the spam blocker of her e-mail address account,” Shepard wrote. and more »

When 'Viagra' comments on your blog, and other spam red flags Computerworld New Zealand Matt Mullenweg, the creator of WordPress, actually created a spam blocker for WordPress called Akismet in 2005, partially so his mom wouldn't be assaulted by Viagra ads while writing her blog. Today, spam blockers do a good job of nabbing most spam, ... and more »

Gothamist

After Stalking Woman For 18 Years, Man Faces Five Year Sentence Gothamist ... conscience or both, in consequence of which she tells numerous falsehoods to create the illusion of danger, purely to get someone incarcerated for up to 10 years merely because she doesn't want to use the spam blocker of her e-mail address account. and more »

Demand for business security 'at an all-time high' TechDay.co.nz ... core SMB market is 'solid', the company is experiencing 'accelerated demand' among mid-market and enterprise organisations, Robertson adds. Users are also increasingly taking up add-on services, such as Application Control, WebBlocker and spamBlocker.

ITespresso.fr

Sécurité IT : l'éditeur WatchGuard veut séduire les TPE et les PME ITespresso.fr ... sécurité spécifiques comme le WebBlocker de WatchGuard (blocage des sites Web malveillants et des contenus Web inappropriés), le spamBlocker ou encore le Reputation Enabledd Defense, un service cloud de protection contextuelle contre les menaces.

Anti-Spam-Lösung für Unternehmen erhält Update IT-Business ... das Reporting und Backups für geschützte Exchange-Cluster zentralisieren. Die Anti-Spam-Lösung ist Teil der Unternehmenslösung Kaspersky Open Space Security. Neben dem reinen Spam-Blocker gehören auch Antivirus-Funktionen mit zum Lieferumfang. and more »