Jasmine Knows IT

It is time to focus on the technologies used by anti-spam vendors when developing their software. Below you get a brief analysis of the general categories of technologies used in modern anti-spam software.

What makes an anti-spam work?

Creating an effective anti-spam is beyond any doubt a difficult task. The main problem is that spammers are constantly devising new ways to avoid the solutions that are put forth. Every single technique can be overcame, it is just the matter of time. This is why anti-spam software vendors have been implementing multiple techniques to be working simultaneously.

What are the technologies used in anti-spam software?

Vendors have been introducing their own technological approach. It is vital to understand how their work because some of them may be completely useless, some may work only when used with others. I will give brief explanation of the most general spam blocking technologies.

Heuristics

These are the anti-spam solutions that use computer-driven methods to fight spam. The system tries to detect patterns in the messages, which are associated with spam. Anti-spam software that uses these can be very effective, and the effectiveness should improve with time. Main drawback is that it takes time for the system to adapt and when used alone, it may lead to disputable results.

Checksum Database

Anti-spam using these methods assigns a unique identifier to each spam message it comes across. This way a database of such identifiers is created and each new email is compared with the records. Main drawback is that there are already many spam tactics developed to fool anti-spam software using this method, and it needs a huge network to work at an optimal level.

Three more coming up soon.

Anti-Spam False Positive rate.

False positive is the percentage of legitimate messages blocked by an anti-spam to the total number of blocked messages. In other words it is a measure of effectiveness of a given anti-spam engine in differentiating spam from normal messages.

False positive rate is inseparably connected with catch rate. High catch rate means nothing without low false positive rate, and vice versa. Every anti-spam solution is able to block 100% of spam, but to do it without blocking any legitimate message is what we want.

What false positive rate should a good anti-spam have.

In general, the smaller the false positive rate, the better anti-spam you’ve got. It is hard to say what false positive rate is good enough, basically it should be somewhere around 0,04%, and everything below that value should work. You can try to estimate the value of this factor as I suggested with catch rate, but this may only give a very general impression.

To be continued…

What is a catch rate?

It is a rather simple factor. Catch rate (or a percentage of spam blocked) is a number that describes the sheer efficiency of an anti-spam at identifying and blocking spam. In other words, a percentage of spam that has been stopped, with respect to total number of spam messages that were sent to a given mailbox or mail server.

What catch rate should good anti-spam have?

Basically, the higher the catch rate the better. If you are not interested in freeware anti-spam you may as well filter out all the solutions that offer less than 90% catch rate.

If you already have an anti-spam and are looking for a better one, you should first find out your current anti-spam engine catch rate. Simply divide the number of spam blocked by the number of total spam (blocked and missed) and multiply by 100%. Still looking for a new anti-spam?

How to value catch rate? In other words, is one percentage point higher catch rate worth additional $10 a month? Perhaps it is worth much more? There is no easy answer to this. You could measure the cost of time wasted on processing spam (cumulative of all employees / mail users) then try to estimate how much time each pp of catch rate more would save. Compare the cost with potential gain….

You can see why it is not truly measurable. But perhaps it’s worth to try?

Come back for more of my anti-spam buyer’s guide.

Spam is the most common and most annoying email threat. It is no surprise then, that the number of solutions to this problem is constantly growing. With the current fuss about the spam prevention and new software solutions being released with increasing frequency how can a potential buyer decide which of them is the best choice for him?

I want to write a guide for those who wish to understand all the metrics given to us by anti-spam software vendors.

The sole purpose of this series of posts is to help you make informed decision. Show you which parameters and features are most important for your needs.

Over the next few weeks I shall be writing about how to interpret all the parameters and how to value additional features, both the most basic ones as well as more complicated.

Come back for more of my anti-spam buyer’s guide.