Filtering the garden of good and evil
Heuristic analysis could help fight spam
Follow @infoworldDandelions might look pretty, but they can kill an otherwise healthy lawn. The same is true of the spam that plants itself in your inbox. But heuristic analysis, an e-mail scanning technique that sifts through e-mail messages for the characteristics and behaviors that are unique to spam messages, may help.
Doug McLean, vice president of marketing at Postini, a spam filtering service, describes the spam characteristics as the "fingerprints" of spammers. They include information buried in the e-mail message header that is invisible to most e-mail recipients -- information such as the path the e-mail took to reach its destination and the content of the message. Picking out spamlike qualities in e-mail messages is not hard to do, according to Dave Strickler, CEO of antispam service provider MailWise. "The biggest thing that people don't realize is the amount of mistakes spammers make in the header of an e-mail message," he says. Multiple sender addresses, grossly inaccurate time stamps and nonexistent time zone settings are just a few of the aberrations that are common in spam messages, Strickler says.
Spam signatures work the same way virus signatures do, according to
Blacklists and keywords, the other common methods of screening e-mail for spam, only give administrators the ability to block messages coming from specific addresses or domains, or containing certain words. As a result, they are less deft at picking out spam messages from legitimate e-mail traffic.
So, how can a CSO know which product and approach is best? CSOswho are looking into antispam products and services would be well served by conferring with companies that are already using the technology. For managed service providers,
