Spam Filter Review

Specialized software can reduce spam levels

Internet security experts say that most email -- estimates range from 70 and 95 percent -- is actually spam. A typical inbox doesn't contain anywhere near that level, though, because most spam is blocked further upstream. ISPs and large companies use expensive hardware spam filters, while large web-based email services like Gmail have had good results with collaborative filtering. Bill Gates also posits that the integrated spam filters in Microsoft's recent releases deserve some of the credit for a reduction in received spam.

As anti-spam technology evolves, spammers continue to develop new distribution tactics and profit angles. Scott Petry of email security firm Postini says spam is evolving into new forms. It is hidden in email attachments such as PDFs, MP3s, Microsoft Office documents and JPEGs.

The simplest spam promotes illegal or grey-market products (drugs marketed as sexual performance enhancers are popular with spammers). More complex schemes are designed to trick users into revealing sensitive personal or financial information. (This technique is broadly known as phishing.) Tax time sees a surge of IRS-themed spam designed to mislead users through phony rebate or refund offers. Spam can also be used to distribute viruses and other types of malware.

Spam filters, also called spam blockers or anti-spam software, attempt to separate your legitimate email from spam. Reviews say spam filters vary in their ability to detect and remove spam. More important, the products are controversial because they can falsely identify legitimate email as spam (called a false positive). The best reviewers evaluate the accuracy and effectiveness of spam filters, along with features, ease of use and potential drain on your system resources.

We found lots of worthwhile and helpful reviews of spam filters. Though its coverage is a little older, PCMag.com provides the most comprehensive review of standalone spam blockers. Choice, Australia's answer to Consumer Reports, includes seven standalone products in its recent spam-filtering report, and looks at the spam-fighting abilities built into some email clients. But while testing is comprehensive and balanced, discussion could be deeper. The recent spam-filter coverage at Consumer Reports and Britain's Which? magazine has the same positives and negatives, but fewer spam filters are tested. Gizmo's Freeware has recently updated reviews naming the best free spam filters for experienced and average users. While authoritative, we'd like those better if testing was explained. About.com's coverage is similarly helpful, but similarly flawed. The write-ups at TopTenReviews.com seem balanced for this category, but the marketing-driven nature of the site gives us pause. Download.com is a good destination for user reviews.

Those looking for information on the effectiveness of anti-spam software may soon have another highly reliable resource at their disposal. Virus Bulletin -- a well regarded independent tester of security software, and one that many major reviewers use for actual testing of security products -- recently completed a trial run of its new anti-spam testing program. Except for an open-source program (SpamAssassin), results are presented anonymously. That's probably a good thing for the vendors, because while almost all do a good job blocking spam, Virus Bulletin found "false positive rates were surprisingly high almost across the board." The first live test of Virus Bulletin's anti-spam certification program was set to run as this report was written, with results -- this time naming names -- scheduled to be published in the near future.

Differences between types of spam blockers

Many technologies are used to filter spam. Each program or service uses one or more (sometimes all). You can also choose between a software filter, which is installed on your computer, and web-based filters that filter your mail, then forward legitimate messages.

Rules-based filters require users to train the software. Most programs start with a set of default rules that label incoming mail as definitely spam, not spam or undecided. You sort through initial batches of undecided mail and determine which are unwanted. The anti-spam software then learns to create new rules so that you don't get similar spam in the future. Experts say this method can work very well, but users do need to spend time training the software. An example of when a rules-based filter might not work is when a friend writes, "I was delighted to find your message hiding among the offers for Viagra, weight-loss products and credit cards." Experts say that the best rules-based anti-spam programs use Bayesian spam filtering, a rules-based statistical method that classifies messages into categories based on probability.

Content-based filtering is a basic rules-based method that has been outsmarted by spammers. The method simply blocks keywords or phrases. Spammers use misspelling and similar tricks to evade content filters.

Whitelist filters use an approved-senders list (usually the contacts in your address book) to sort the good from bad. You can add more contacts to your approved list anytime. This method's inflexibility is both its strength and its weakness. New correspondents, business proposals or responses to classified ads will be classified as junk. Whitelist filters are best for those who don't get email from people they don't know. Many anti-spam programs offer the option of a whitelist in addition to other types of spam filtering. That assures you will always receive mail from the email addresses in your contacts folder. Security expert Michael Cobb, writing at SearchSecurity.com (a security information website for IT professionals), says, "A major drawback of whitelists, however, is their inordinate number of false positives." A whitelist filter can be expected to block 100 percent of spam, but it will also block all legitimate mail from unknown addresses.

Challenge/response filters respond to messages from unknown senders. The sender must enter a code, go to the software vendor's website or go through some other hoop. In a study by Brockmann and Company, a specialty market research firm, challenge/response filters produced the highest level of satisfaction by far for business customers. However, they are not without some drawbacks. For example, spammers often use forged addresses, which means that the challenge might be returned to the inbox of someone not responsible for sending the original message -- essentially becoming spam itself. There's also the nuisance factor for legitimate email senders, who could easily decide being asked to go through additional steps just to send an email isn't worth the bother. Challenge/response filters are usually used in conjunction with whitelist filters.

Blacklist filters block specific email addresses. Most blacklist filters rely on web-based databases of known spammers. You can add addresses to the blacklist.

Community-based filters depend on user contributions to assemble a list of known spammers. Once a handful of established users submit spam as junk to the software company, it's added to the database of known offenders, and no users will receive messages from that email address (and sometimes that computer's IP address). This technique requires little user intervention, and legitimate mail is unlikely to be tagged as spam.