The Best Ways To Stop Spam
No service or application will ever stop all spam all the time. The mark of a great antispam app is one that comes close to stopping all the spam from coming in without blocking any of the e-mail you actually want to receive.
Source: PC Mag, April 2008, Neil Rubenking
Hardly a week goes by that I don't find some valuable message "eaten" by our corporate spam filter. I'll be drumming my fingers, anxiously waiting for vital information to complete a review, and then find that the spam filter snagged it hours before. Frustrating! It's worse than getting unwanted spam messages in the inbox. When you're considering an antispam product or service for yourself, this is a valuable lesson: While your choice should block as much spam as possible, it's critical that an antispam product keep false positives (good mail marked as spam) to a bare minimum. And, of course, it should do both without slowing or interfering with your usual e-mail habits.
There are three main approaches to filtering out spam. Content-filtering products use their own proprietary algorithms to distinguish spam from valid mail. Challenge/response products block all mail from addresses other than trusted ones but allow new correspondents who respond to an e-mailed challenge. And community-based products use the collective intelligence of their users to decide what is and isn't spam. Each approach has its own plusses and minuses.
Algorithmic Analysis
Most of the spam filters built into security suites take the content-filtering approach. They scrutinize various elements of each message to determine whether it's spam or valid mail. Some add "learning engines" that try to improve accuracy by analyzing your outgoing messages or by taking note when you manually correct their mistakes. Many include an option to whitelist regular contacts, so they'll never be blocked. Content-based filters often have a tough time distinguishing newsletters and other valid bulk mail from unsolicited bulk mail (that is, spam). And their accuracy is all over the map. Some, like the spam filter in
Outpost Security Suite Pro 2008
, generate zero false positives but let a ton of spam into the inbox—more than half in Outpost's case. Others, like
BullGuard Internet Security 8.0
, trap more spam at the expense of throwing away more valid mail. Content-based spam filters that handle both sides of the equation well are rare.
ZoneAlarm Internet Security Suite 7
is the suite that currently strikes the best balance between restricting the bad and preserving the good.
Content-based filters also have to deal with the constantly changing spam landscape. Spammers keep trying new tricks, and the filters don't always keep up. A couple years ago "image spam" was all the rage, and the filters took quite a while to catch up with the trend. Who knows what nefarious trick will be next. Whatever it is, content-based filters will probably need an update.
Trusted Senders Only
Challenge/response products take a completely different approach. Like the bouncer at a fancy club, they bounce anybody who's not on the list. Typically these products will import your address book to the whitelist of trusted senders. The better ones automate the process further with options like whitelisting people to whom you send mail, or whitelisting people CC'ed on messages from trusted senders. But they all stiff-arm any mail from an unrecognized address. Specifically, they send an automated message with some kind of challenge that the sender must pass before the sender's original message can go through. It may be as simple as sending a reply to the challenge message, since a spammer won't do that. Or it may require logging onto a Web site and filling in one of those annoying CAPTCHA screens with twisty letters. Of course, there have been reports of CAPTCHA. You'll never get spam if you use a challenge/response product, but there's every chance you'll miss some valid mail. If Uncle Fred switches from Yahoo! to Gmail, he'll be challenged again; if he's flustered by the challenge you may not hear about cousin Viola's wedding. Worse, if the representative from Ryberg Instrument Corp. can't be bothered to respond to the challenge, you may miss the sales opportunity of a lifetime. It's the chance you take with a challenge/response system.
We Say It's Spam!
Here's a novel idea: identify spam using that ultrasensitive organ of discrimination, the human brain. Community-based filters rely on a huge community of users to detect spam. On receiving a spam message, community members hit a button to report it. The spam filter boils down the message into a unique fingerprint and sends it to a central database. Spam messages go out by the thousands or millions, so many members will see the same message. As soon as the number of reports reaches a certain threshold, the product blocks that message for all other community members. And a built-in trust rating system prevents spammers from abusing the community system.
Because a community-based filter needs reports from multiple users before it will block a message, it never erroneously blocks a unique message from an individual—it just can't! Sloppy community members may mark valid bulk e-mail like newsletters as spam rather than simply unsubscribing. But even if they do, other members can undo the damage by marking the newsletter as Not Spam. Yes, by the very nature of the system, members must receive and rate a certain amount of spam, but, by observation, it's less than the amount of spam missed by most content-based filters.
There's one more factor to consider: compatibility. Just about any antispam program will handle a standard POP3 e-mail account or a webmail account that you access via POP3. If you use an IMAP or Exchange account, your options are limited. Also, most antispam products will integrate with Microsoft Outlook and Outlook Express / Windows Mail. If you use a different e-mail client, some products won't work at all and others may offer limited or no integration with the client. Keep these factors in mind when choosing an antispam product, especially if you use a less-common e-mail client or have a non-POP3 e-mail account. |
