Anti-Spam

Anti-Spam Strategy

There are several factors that should be kept in mind when designing anti-spam software.

(1) The spammers buy the major anti-spam products so that they can test their spamming strategies against them. Further, the spammers can react quickly to new releases of anti-spam software.

(2) The spammers are increasing the use of spam embedded within graphics files so that phrase searches are not possible. Their graphics attachments often follow "normal text" so that the entire body of the email must be read in order to detect if there are any attachments.

There are two basic strategy categories for detecting spam. They are the "Delete If Match" strategy and the "Delete Unless Match" strategy.

"Delete If Match" Strategy

Delete email that matches certain predefined phrases in the header (usually "Subject:" & "From:" headers) and/or body. This strategy will catch many spam email if an appropriate set of phrases is defined. Unfortunately, it will also miss quite a few.

The major advantage of this strategy is that you will rarely get a false positive. That is, you won't delete an email that is really OK.

This "Delete If Match" antispam strategy is very good as a first pass at thinning the amount of spam.

"Delete Unless Match" Strategy

Delete email unless some predefined phrases is found in the header (usually "Subject:" & "From:" headers) and/or body.

The major advantage of this strategy is that you will detect almost all spam. The disadvantage is that it is very easy to delete a good email.

One variation of the strategy that works well for those who want to limit their email to be just from certain friends is to delete all email with a "From:" header not in the pre-approved list.

Another variation of this strategy is to pass through email that contains certain key phrases in the subject line. In our case, we list all of our products and common phrases.

Optimal Strategy

In our opinion, the optimal strategy is as follows:

(1) Using lists of phrases for the major headers ("Subject:", "From:", "Reply-To:"), delete all email that matches one of the phrases. Put the email addresses from whom you want to receive email into a "friend list". Their email will thus always get through.

(2) Using lists of phrases for the body, delete all email the matches one of the phrases.

The above two strategies will significantly thin the quantity of spam.

(3) Pass through all of the remaining email that matches a list of acceptable phrases for "Subject:" and "From:" If done well, this will allow to pass through the vast majority of good email.

(4) What are left are the "not sure" email messages. There are several ways in which they can be handled.

(4.1) Retain the email ("keep if not sure" policy) This allows the recipient of the email to decide whether it should be retained or deleted.
(4.2) Delete the email ("delete if not sure" policy) This policy is clearly the most stringent. Nevertheless, it can work well if some provision is made to review deleted email on a regular basis.
(4.3) Challenge the sender ("challenge if not sure" policy) Send a challenge email to the sender. If the sender responds within some specified period of time, allow their original email (and make note of the email address so that they will be passed through in the future).

In all cases, one should make a record of the "From:", "Reply-To:" and "Subject:" headers (and perhaps the first 50 lines or so of the body) of all email that is deleted. In the worst case scenario of a good email being deleted, one could send a "please resend" email to the sender.

Anti-Apam Products

Our "Client/Server Communications Library for C/C++" (CSC4C) contains a bare-bones example anti-spam program. See the example program AntiSpam.c in the APPS sub-directory from CSC4C that can be downloaded from http://www.marshallsoft.com/csc4c.htm

We also have the "Client/Server Communications Library for Visual Basic" (CSC4VB) and "Client/Server Communications Library for Delphi" (CSC4D) client/server libraries. They can be found at http://www.marshallsoft.com/csc4vb.htm and http://www.marshallsoft.com/csc4d.htm

[ HOME ]