|
|
|
|
|
|
|
|
 |
What is spam?
|
|
|
Spam is unsolicited e-mail, sent either as bulk mail or as personalized advertising mail.
Of the 30 billion e-mails currently sent every day, more than 40 percent are classified as spam, and this figure is likely to rise in the future. For individual companies, however, the actual percentage of received spam can be much higher.
Despite concerted attempts to stem the flood of advertising mail through legislation, the use of professional products such as the iQ.Suite Wall module of iQ.Suite are the most effective method of blocking spam fast and effectively.
"The View" - The Technical Journal for Lotus Notes and Domino:
|
|
|
What damage does spam cause?
|
|
|
The damage caused by spam is not always clearly quantifiable. It falls into the following categories:
Lost productive time
To identify spam mail, users must at least take a quick look at the message. Especially semi-professionally designed ad mail requires a closer look to identify it as spam. Modern mail clients, such as Outlook and Notes, can signal new mail as it arrives, and unwanted messages cause significant distraction and interruption of the workflow on these systems. The weblinks embedded in many ad mails – which cause the contents of a web page to appear in the message body window – are an additional annoyance. They aim to animate the reader to surf the web, try out games, etc.
Utilization of storage capacity
Spam uses up a significant amount of the storage capacity of mail servers and archiving systems. The volume of ad mail, combined with a large number of users, results in a utilization of more than 50 percent of the system’s storage capacity.
Recipient verification
Spam mail with weblinks are used increasingly to verify e-mail addresses. It does this using customized identifiers: when a message of this type is opened or viewed in the preview pane, the embedded weblink is automatically addressed with the identifier to verify the recipient’s address, resulting in a steep increase in unsolicited mail received by this user.
|
|
|
What can I do about spam?
|
|
|
In general, spam mail can be identified and blocked with modern filter products such as iQ.Suite Wall. There are no other protection measures.
You will need to decide whether you want spam to be filtered out on the mail server or on the clients. For medium-sized and large companies, a central server or gateway solution is often the only practical option. Small companies without their own e-mail infrastructure usually opt for client-side solutions or the services offered by their Internet service providers.
|
|
|
What return on investment can I expect?
|
|
|
iQ.Suite Wall for anti-spam protection and content filtering has proven to deliver quantifiable ROI in short order. Filtering and blocking unsolicited e-mail, securiQ.Wall contributes to improved worker productivity and alleviates e-mail storage capacity requirements. Using securiQ.Wall, GROUP customers report disk space savings upwards to 80 percent. While many anti-spam vendors promote a 99.999% spam filter rates, users are cautioned that such rates result in increased false positives (incorrect classification of mail as spam). GROUP, however, stands behind its securiQ.Wall technology that delivers a 95% spam capture rate with near-zero false positives -- all aimed at improving business processes and improved productivity for high ROI.
Our services include a detailed assessment of the ROI you can expect for your environment.
|
|
|
How do anti-spam products work?
|
|
|
State-of-the-art anti-spam products – such as iQ.Suite Wall – provide you with several lines of defense. They can be used separately or in combination and essentially consist of the following:
Blocking by sender IP address and name
This method achieves a below-average effectiveness, since many Internet address lists are not up to date and spam senders frequently change their addresses. In addition, this method may result in a high false positive rate if a communication partner has inadvertently been blacklisted. Used correctly and in combination with other methods, sender blocking can be simple and effective.
Message header analysis
Checking the advanced information in the message header for consistency allows targeted recognition of messages that were not sent from standard Mail systems such as Microsoft Exchange or Lotus Domino. To achieve a good detection rate, his method required a finely tuned rating of the individual characteristics.
Structural analysis of addresses, subject and message body
This step checks whether the To field or the Subject line is blank and whether the message body contains a combination of undesired HTML tags and scripts.
Text analysis through weighted dictionaries in Subject and message body
The effectiveness of this method depends mainly on the dictionaries and the weighting algorithm.
Statistical text analysis using, for example, CORE (Content Recognition Engine)
This is a highly flexible and effective procedure for the systematic detection of contents according to user-definable categories such as spam, newsletter, business, etc. In combination with the above filtering methods, exceptionally high detection rates can be achieved.
|
|
|
Why do anti-spam policies make sense?
|
|
|
To achieve successful spam filtering with a high detection rate, a combination of different methods, such as Address filtering, message header analysis, text analysis, etc. is essential. A centrally managed policy ensures that the individual requirements of departments, teams and users are successfully met. It can be used to ensure, for example, that newsletters – which often have a strong similarity with unsolicited mail – are excluded from spam filtering. The filtering functionality can be further improved by choosing a different threshold value for each user group.
|
|
|
How can I assess filtering performance?
|
|
|
The filter rate achieved by anti-spam products is expressed as the ratio of detected spam messages to the total number of received spam mails. An other important figure is the false positives count, which is the number of messages that are incorrectly filtered as spam. Together, these figures provide an indication of the performance of an anti-spam solution. With their range of filtering criteria and central filtering policies, products such as iQ.Suite achieve a filter rate of up to 95 percent with an extremely small number of false positives.
|
|
|
What are heuristic processes for spam filtering?
|
|
|
The term heuristics is often used for simple text recognition methods, such as weighted dictionaries. Newer products utilize additional text recognition and analysis processes based on a range of mathematical and statistical methods or similarity analyses. Often, methods developed in the 1970s, such as Naive Baysian, are used. iQ.Suite uses the modern Support Vector Machine (SVM) method.
|
|
|
How do weighted dictionaries work?
|
|
|
Weighted dictionaries represent an effective content checking technology: dictionaries and phrases covering a particular subject area are grouped into a category, while a weighting algorithm ensures that a single occurrence of a word does not cause a threshold violation, filtering taking place only when the word occurs several times or a combination of words is found. Special dictionaries for anti-spam functions allow a differentiated configuration with a high degree of filtering. The effectiveness of this method depends to the weighting algorithm used. This is why some providers use the term heuristics in this context.
|
|
|
What does e-mail header analysis mean?
|
|
|
In addition to the visible information, every mail message contains numerous control fields for routing the message through the Internet. This information can be used to retrace the route of a message from its sender to its recipient. To remain anonymous, senders of spam manipulate these control fields. They may, for example, change the information about the originating mail server.
Message header analysis investigates the control information for consistence and completeness. If one or more irregularities are detected, they receive a rating, based on which they can be filtered according to the applicable policies.
|
|
|
What are RBL, MAPS, reverse DNS, DCC, etc.?
|
|
|
The Realtime Blackhole List (RBL) is a blacklist on the Internet, made available under the umbrella of the Mail Abuse Prevention Systems (MAPS). It lists unprotected mail servers that are used by spammers for sending unsolicited mail. Mail servers using the RBL can deny communications with the listed systems. Because spammers are making increasing use of open client systems with changing IP addresses, the effectiveness of RBL has seen a sharp decline recently.
Reverse DNS is part of the Internet’s Domain Name System. It is based on a reverse lookup process that checks the consistency of the name and IP address of the calling mail server by querying a DNS for the IP address and domain name. If any irregularities are detected, a connection is denied. There is a debate about the effectiveness of this method against spam since spammers often either use other peoples’ systems for sending spam or operate their own mail distribution systems.
The Distributed Checksum Clearinghouse (DCC) is a new method. DCC uses its own checksum servers, which contain a database of checksums and details about number of recipients for each message. To check for spam, a DCC client calculates the checksum on the mail server, which is passed to the server together with the determined number of recipients. This results in a cumulative collection of actual recipient information, which the server returns to the client. This number can now be compared with the incoming mail on the mail server. If there is a significant difference in the numbers, a mailspread – and therefore a case of spam – is likely. This principle has a few weaknesses, however:
Newsletters are usually also sent as bulk mailings.Spammers can get around the system with personalized messages.Rapidly spreading messages have no corresponding database entry yet.There is a high degree of dependence on the community and the system’s distribution.
SpamNet presents an alternative, commercial technology. Like DCC, it generates checksums for every message. Unlike DCC, SpamNet receives spam through an individual classification by end users. This can result in a significant delay, since a message is accepted as spam and placed into the database only once it reaches a certain number of notifications.
|
|
|
|
|
|
|
|
|
