How Spammers Fool Spam Filters

Written by CipherTrust

Continued from page 1

Bayesian Filters

Named after Thomas Bayes, an English mathematician, Bayesian Logic is used in decision making and inferential statistics. Bayesian Filers maintain a database of known spam and ham, or legitimate e-mail. Oncerepparttar database is large enough,repparttar 109510 system ranksrepparttar 109511 words according torepparttar 109512 probability they will appear in a spam message.

Words more likely to appear in spam are given a high score (between 51 and 100), and words likely to appear in legitimate e-mail are given a low score (between 1 and 50). For example,repparttar 109513 words “free” and “sex” generally have values between 95 and 98, whereasrepparttar 109514 words “emphasis” or “disadvantage” may have a score between 1 and 4.

Commonly used words such as “the” and “that”, and words new torepparttar 109515 Bayesian filters are given a neutral score between 40 and 50 and would not be used inrepparttar 109516 system’s algorithm.

Whenrepparttar 109517 system receives an e-mail, it breaksrepparttar 109518 message down into tokens, or words with values assigned to them. The system utilizesrepparttar 109519 tokens with scores onrepparttar 109520 high and low end ofrepparttar 109521 range and develops a score forrepparttar 109522 e-mail as a whole. Ifrepparttar 109523 e-mail has more spam tokens than ham tokens,repparttar 109524 e-mail will have a high spam score. The e-mail administrator determines a threshold scorerepparttar 109525 system uses to allow e-mail to pass through to users.

Bayesian filters are effective at filtering spam and minimizing false positives. Because they adapt and learn based on user feedback, Bayesian Filers produce better results as they are used within an organization over time.

Bayesian filters are not, however, foolproof. Spammers have learned which words Bayesian Filters consider spammy and have developed ways to insert non-spammy words into e-mails to lowerrepparttar 109526 message’s overall spam score. By adding in paragraphs of text from novels or news stories, spammers can diluterepparttar 109527 effects of high-ranking words. Text insertion has also caused normally legitimate words that are found in novels or news stories to have an inflated spam score. This may potentially render Bayesian filters less effective over time.

Another approach spammers use to fool Bayesian filters is to create less spammy e-mails. For example, a spammer may send an e-mail containing onlyrepparttar 109528 phrase, “Here’srepparttar 109529 link…”. This approach can neutralizerepparttar 109530 spam score and entice users to click on a link to a Web site containingrepparttar 109531 spammer’s message. To block this type of spam,repparttar 109532 filter would have to be designed to followrepparttar 109533 link and scanrepparttar 109534 content ofrepparttar 109535 Web site users are asked to visit. This type of filtering is not currently employed by Bayesian filters because it would be prohibitively expensive in terms of server resources and could potentially be used as a method of launching denial of service attacks against commercial servers.

As with all single-method spam filtering methodologies, Bayesian filters are effective against certain techniques spammers use to fool spam filters, but are not a magic bullet to solvingrepparttar 109536 spam problem. Bayesian filters are most effective when combined with other methods of spam detection.

The Solution

When used alone, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to ridrepparttar 109537 world of spam, such as like charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage ofrepparttar 109538 population to adoptrepparttar 109539 same spam eradication method in order to be effective.

Working alone, each individual spam-blocking technique works with varying degrees of effectiveness and is susceptible to a certain number of false positives. Fortunately,repparttar 109540 solution is already at hand. IronMail®,repparttar 109541 secure e-mail gateway appliance from CipherTrust®, provides a highly accurate solution by correlatingrepparttar 109542 results of single-detection techniques with its industry-leading correlation engine,repparttar 109543 Spam Profiler™.

Learn more about stopping spam by requesting CipherTrust’s free whitepaper, “Controlling Spam: The IronMail Way”.

The core of IronMail’s spam capabilities,repparttar 109544 Spam Profiler analyzes, inspects and scores e-mail on over one thousand different message characteristics. Each method is weighed based on historical accuracy rates and analysis by CipherTrust’s experienced research team.

Optimizingrepparttar 109545 Spam Profiler requires precise calibration and testing thousands of combinations of values associated with various message characteristics. To automate this process, CipherTrust developed Genetic Optimization™, an advanced analysis technique that replicates cutting-edge DNA matching models. Genetic Optimization identifiesrepparttar 109546 best possible combination of values for all characteristics examined byrepparttar 109547 Spam Profiler and automatically tunesrepparttar 109548 IronMail appliance, reducing administrator intervention and assuring optimum protection against spam and spam-born threats.

Take The Next Step

Learn more about how IronMail can secure enterprise e-mail systems by visiting or requesting CipherTrust’s free whitepaper, “Controlling Spam: The IronMail Way”. This resource will providerepparttar 109549 information you need to make an informed decision about eliminating spam and securing your e-mail systems.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Controlling Spam: The IronMail Way” or by visiting

Detecting and Eliminating Computer Viruses at the Gateway

Written by CipherTrust

Continued from page 1

Computer Virus Risks

Recent attacks from various types of computer viruses and worms have had profound effects on computer systems aroundrepparttar world. Enterprises have been brought to their knees and forced to spend billions of dollars cleaning uprepparttar 109509 mess and rebuilding their infrastructures. Whilerepparttar 109510 increased IT costs are clear, there are other risks corporations face with regard to e-mail borne viruses.

System Downtime

E-mail has evolved to berepparttar 109511 primary communication tool for most organizations andrepparttar 109512 loss of e-mail due to attack can severely affect enterprise operations. Beyondrepparttar 109513 immediate expenses involved in restoringrepparttar 109514 network, an attack on your enterprise e-mail system can also result in lost hours and days for employees who have come to rely on it to accomplish their daily tasks.

Resource Depletion

The costs of cleaning up after an attack are significant. IT teams are forced to spend considerable time and money repairing virus damage. The damage, however, is rarely contained to network servers. Once insiderepparttar 109515 network, viruses can quickly infect large numbers of relatively exposed client machines - all of which must be individually cleaned, patched and repaired.


Inrepparttar 109516 past, when a new vulnerability was discovered, network administrators scrambled to apply security patches fromrepparttar 109517 makers of their anti-virus software and manually reviewed quarantine lists for virus-infected messages. Software manufacturers release patches so frequently that network administrators cannot reasonably be expected to keep up with them all. As stated by Gartner Research, “Enterprises will never be able to patch quickly enough. After all, attackers have nothing else to do.” The staggering damage caused by recent computer viruses and malware attacks is clear evidence that manual intervention to institute emergency measures or review quarantined messages is rarely effective against rapidly propagating threats.

Compliance and Liability

Recent Federal regulations such asrepparttar 109518 Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) and Sarbanes-Oxley Act (SoX), require enterprises to protect data residing in mail servers and other internal systems. Security breaches violate these regulations, exposing sensitive data and openingrepparttar 109519 door to serious sanctions and costly litigation.


Falling victim to a virus attack can also result in lost trust from business partners and customers. According to Gartner, “Enterprises that spread viruses, worms, spam and denial-of-service attacks will find not only that malicious software can hinder their profitability, but also that other businesses will disconnect from them if they are considered to be risky.” While an attack may not be your fault, it is most certainly your problem.

The Solution

Although signature-based anti-virus systems are inadequate to preventing virus attacks inrepparttar 109520 first few hours or days of an outbreak, it is possible to identify outbreaks before they infiltrate your organization’s network and become a problem. In fact, doing so successfully requires tight integration of several different technologies designed to analyze mail based on many different characteristics. One ofrepparttar 109521 most innovative and important technologies for meeting these threats is known as Anomaly Detection.

Large-scale virus outbreaks create anomalies in mail flow which are identifiable byrepparttar 109522 message content, source, volume, attachment or any of a number of other indicators. When a particular message appears to be a part of a sudden surge of anomalous messages moving acrossrepparttar 109523 internet,repparttar 109524 message can be quarantined until virus definitions can be developed to addressrepparttar 109525 new threat.

Anomaly Detection

CipherTrust’s IronMail utilizes a unique Anomaly Detection Engine (ADE), which dynamically identifies and responds to abnormal behavior in mail flow. By monitoring “normal” e-mail traffic rates acrossrepparttar 109526 Internet,repparttar 109527 ADE allows IronMail to identify spikes in traffic that are oftenrepparttar 109528 first signal of a malicious attack. Once these spikes are recognized, IronMail units take appropriate action to prevent infiltration ofrepparttar 109529 network.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Next Generation Virus Protection: An Overview of IronMail Zero Day Virus Protection” or by visiting

    <Back to Page 1 © 2005
Terms of Use