Portal Home > Knowledgebase > McAfee Email Protection > How does the spam filter test work?


How does the spam filter test work?




How does the spam filter test work?
Working out why a particular campaign is getting caught by a filter can be really tricky. Even with two installations of the same filter, they can behave differently because of they way they are setup, or the email they have previously filtered.

I failed a filter, but there is no reason showing!
In some cases, the email filter does not actually provide a reason for the message failing, it just gives us a pass or fail grade for the campaign. Any time we do get back a reason, it will be shown on the results page for you.

Why the different reason formats?
There are different reason formats due to the way each filter company goes about identifying issues with a message. For those spam filters that provide reason information, we display them in their native form. For those filters that don't provide reason information, we employ a Bayesian filter that identifies words in your message that may affect your pass/fail status with these filters. The output is a word and a weight value e.g. herbal (weight: 0.8).

Why do I see warnings even when my message passes a filter?
We provide warnings even if you pass the filter since there's value in knowing what spammy words or content structure have an affect on the filters. This allows you to optimize content to avoid triggering spam filters in the future.

How can I fix my campaign so it passes?
If there is a reason shown, then you'll have a good idea of what is getting caught. If not, then unfortunately trial and error is the way to go. Try cutting out half of your content, and sending the other half.

If that half gets through ok, then the problem content is probably in the remaining section, and you can keep narrowing down from there. Don't forget that filters also look at the subject line, and the balance of text and images, so you can try changing those too.

Norton AntiSpam
Norton AntiSpam uses a pattern-matching engine that automatically compares the contents of incoming email messages to a list of spam characteristics. If the message contains many spam characteristics, it is more likely to be spam than a message that contains few spam characteristics. Based on this analysis, Norton AntiSpam estimates the likelihood that the message is spam.

Although Norton AntiSpam does not provide reason information in its interface about why it filters messages as spam, we have installed our own artificial intelligence spam filter which approximates Norton results and provides suggested keywords that cause messages to fail Norton. We will display up to 45 keywords with a weight greater than 0.6, in descending order from highest to lowest weight. Keywords that are weighted more highly are more closely correlated with keywords that cause to fail Norton AntiSpam.

McAfee SpamKiller
McAfee says that SpamKiller's "enhanced, self-learning Bayes filtering engine automatically scans, identifies and removes most junk email from your inbox." McAfee does provide reason information on why fail its filter, although its reasons can be a bit enigmatic at times, e.g. a reason that is often given is that "The message looks like spam".

Microsoft Outlook 2003 and 2007
Beginning with Outlook 2003, Microsoft offered a built-in spam filter its mail client, but has provided little documentation as to how messages get filtered. A company called MAPILab reverse engineered the spam filter in Outlook 2003 and believes that its spam filter gives different weights to different emails depending on several categories. According to MAPILab, the following steps are taken by Outlook to consider whether email is junk or not:

message sending time check--messages sent on a Saturday or Sunday are more closely correlated with spam than messages sent on a Wednesday)
check of the message subject for words in uppercase--if words in uppercase make 25% or more of the total number of words, then the email is more correlated with spam
check of the sign number in the message subject--this test calculates the ratio of signs (symbols which are neither letters nor numbers) to the number of signs, letters, and numbers. If the ratio exceeds 8%, email is more closely correlated with spam
check of duplicate character number--this test counts the maximum number of duplicate characters in the message subject. In many spam messages there is a sequence of meaningless (to recipients) symbols separated by several dozens of spaces
As with Norton AntiSpam, Outlook does not provide reason information. In some cases we can provide a list of keywords that may have contributed to the problem, and if they are available you will see them in your report.

McAfee 2008
McAfee says that Security Center 2008's "enhanced, self-learning Bayes filtering engine automatically scans, identifies and removes most junk email from your inbox." McAfee does provide reason information on why fail its filter, although its reasons can be a bit enigmatic at times, e.g. a reason that is often given is that "The message looks like spam".

Norton 2008
Norton Internet Security 2008 uses a pattern-matching engine that automatically compares the contents of incoming email messages to a list of spam characteristics. If the message contains many spam characteristics, it is more likely to be spam than a message that contains few spam characteristics. Based on this analysis, Norton Internet Security 2008 estimates the likelihood that the message is spam.

Although Norton Internet Security 2008 does not provide reason information in its interface about why it filters messages as spam, we have installed our own artificial intelligence spam filter which approximates Norton results and provides suggested keywords that cause messages to fail Norton. We will display up to 45 keywords with a weight greater than 0.6, in descending order from highest to lowest weight. Keywords that are weighted more highly are more closely correlated with keywords that cause to fail Norton Internet Security 2008.

SpamAssassin
SpamAssassin is an open-source mail filter used mainly by system administrators and ISPs at the mail server level. Using its rule base, it applies a wide range of heuristic tests on mail headers and body text to identify spam, such as:

Header analysis: spammers use a number of tricks to mask their identities, fool you into thinking they've sent a valid mail, or fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.
Text analysis: again, spam mails often have a characteristic style, and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.
Click here for a full explanation and suggested workarounds for the popular filtering rules in SpamAssassin.

Postini
Postini has created what they call preEMPT - Postini Preemptive Email Protection Technology.

preEMPT filters out spam, viruses and phishing, protects email systems from a wide range of attacks, and provides IT organizations with tools to secure email connections and regulate email delivery without the need for software or hardware. Postini’s pass-through architecture processes all Internet based email bound for a company's email server. preEMPT, which includes heuristics-based anti-spam and virus engines, separates junk email and viruses from legitimate messages.

Legitimate email messages pass through to the addressee, while junk email is quarantined in a web-based, password-protected Postini Message Center. If a company chooses, employees can have access to their quarantined email and the ability to adjust filters to their personal preferences.

Brightmail
Symantec Brightmail AntiSpam combines effective spam catching with a high accuracy rate that prevents false positives. Some of the filters are reputation-based, examining the source of the email. Others sift through the message content, applying signatures or heuristics technology. Attachment signatures and spam URL filters provide protection against the latest MIME and HTML-based filter evasion techniques used by spammers. Updated filters are automatically deployed to customer sites, requiring no administrator intervention.

MessageLabs
Operating at Internet level, MessageLabs offers industry-leading protection for thousands of organizations worldwide, against threats such as spam, viruses and other unwanted content. MessageLabs’ managed services are backed by a multi-million dollar infrastructure spanning four continents, which proactively protects your business from global threats on a local level.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article


Powered by WHMCompleteSolution