Essential Features to Look for in Spam Filtering Technology

by Christopher on November 12, 2010


Traditionally, spam filters depend largely on text analysis. While effective much of the time, content analysis filtering is not nearly reliable enough to stand on its own. Spammers are smart enough to alter their words in ways that bypass most text analysis.

IP address reputation filters, when used as a first line of defense before content analysis, can provide far more effective email protection, with up to 98 to 99 percent of spam blocked at the connection level.

Reputation filters have access to an enormous, constantly refreshed database that monitors the email behavior of IP addresses. Most follow a wide variety of IP characteristics, including, but not limited to, quantity and frequency of email sent, whether the address employs crawlers to locate email addresses, whether it sends messages to “spamtraps,” the ratio of return correspondence to the address, how often spamming complaints are registered against the address, whether those complaints are answered, and the physical location and the age of the IP address’ Domain Name System (DNS).

This allows IP address reputation-based filters to shed the majority of spam at the connection level, meaning that Unsolicited Bulk Email (UBE) never has the chance to fool the text analysis-based filter.

At the same time, senders from an address with a good reputation won’t end up having their messages mistakenly identified as spam. Such “false positives” can be disastrous in business. Reputation-based filtering provides the best guarantee available that emails important to your company don’t get bounced or redirected to a junk mail folder.


No business can afford to have their email down. Email is by far the most important means of communication between a business and most everyone it interacts with, sometimes even internally. And email, unlike phone calls and snail mail, comes in around the clock.

Of course, there are no guarantees that email servers will be functioning constantly, especially at maximum efficiency. Glitches can slow or crash servers, and spammers too have been responsible for doing the same with the use of viruses, directory harvest attacks, and denial of service attacks.

If your email security system provides geographic redundancy, however, you don’t have to worry about your email accounts ever being unavailable. Geographic redundancy provides a second server in another location that will continue to receive your incoming messages in the event that yours is experiencing down time. The messages will be stored for you until your problems are resolved.

Geographic redundancy also provides load balancing. Should your email server become overloaded with requests at any given time by an exceptional volume of incoming communication (including by denial of service or directory harvest attacks), the redundant server can share the load. This keeps your server functioning efficiently.

Failover capabilities are an essential companion to geographic redundancy. These mechanisms ensure that when the switch between servers becomes necessary, it happens automatically and instantaneously.

In essence, geographic redundancy with failover capabilities is an insurance policy for your email server. Should it ever experience lag or become unavailable, your messages won’t be lost or delayed.


According to the International Computer Security Association, spam is by far the biggest culprit when it comes to infecting computers and networks with viruses. Viruses originating in spam can be used to bring your business to a stop, or to use your network as a base for further spam and virus propagation activity.

But perhaps the most frightening use of spam-originated viruses is to gain access to private data about the company, its customers or clients, or anyone else the company deals with. Such breaches in security can be financially ruinous, can end public trust, and can expose the company to liability.

Businesses need email security that guarantees ahead-of-the-curve information on the latest threats. Without the most recent information, spam filters are useless when new virus outbreaks surface.

The most important characteristic of cutting-edge virus protection from a spam filter is that it can analyze incoming messages and assess threats based on multidimensional considerations. There are several ways to identify a virus, even new ones and variations, and all must be employed for maximum security.

A multidimensional approach to security would use heuristic methods to identify certain distinct features that most virus-containing emails have in common. These malicious files are generally programmed to undertake certain behaviors, and such programming is detectable. Also, many virus files share specific coding sequences that must also be sought by an email security system. Another layer of protection should include the ability to execute suspect files in a quarantined area to determine what they do.

As spam, viruses, and other malware continue to increase, this sort of thorough protection is an essential investment in any company’s security and future.

Posted in: Spam Filtering

Next post: