General 4min de Leitura - 25 de August de 2020

Antispam, to reduce incoming unsolicited messages

open notebook on a table

This post is also available in: Português English Español

The amount of unsolicited messages accounted for approximately 61.25% of the number of emails in the world in September 2016, according to Statista. This number ranges from advertising messages, phishing attacksand other extremely sophisticated threats.

These attacks cause direct damage to users and businesses, both because of the attack itself and the time it takes to get the device ready for use again. Preventing these threats from reaching the inbox of users is a constant challenge for antispam solutions, since many end up interacting with such content and infecting their devices.

The volume of other messages classified as spam are very much related to advertising, which constantly change its format and techniques, in order to try to circumvent antispamrules. Currently, it is very common for legitimate email accounts to be compromised through weak passwords used to send spam, bringing a series of inconveniences to users and organizations.

The detection of this type of submission combines analysis criteria that legitimize the message, such as the presence of SPF, DKIM and other elements of e-mail service, with content that may not be considered as usual. In some cases, depending on the solution, this email can be delivered to the end user.

The amount of these messages passing through the solutions represents a productivity impact for users, especially because they waste time sorting messages that are not spam, and in the middle of that process, one can miss some legitimate email.

Whether it is to prevent an attack, or to increase productivity, an antispammust have some fundamental resources to guarantee greater flexibility for administrators and, consequently, a greater result for users.

Custom rules management

It is impossible for an antispamsolution to guarantee 100% efficiency, since techniques used change constantly, and not always, the rules are prepared to make the appropriate filter. What matters in this case is the response time, whether this depends only on the vendor, or whether the administrator can act directly, intervening in the solution settings.

Managing custom rules means having control over the entire structure of an email, including headers, attachments, email content, sender, recipients and subject, among others. Since antispam allows creating these rules, it is then possible, in the face of an abnormality, to define a rule in order to predict future receipts related to the characteristics of that message.

Blacklist-based filters, working by sender or recipient, whether by domain, regular expression, and others, are no longer sufficient to ensure adequate antispam. This is because different senders can send the same type of email. In this case, the rules must be created with the same behavior of the e-mail content, not the sender.

The power to manage custom rules is very interesting for organizations that want to have high efficiency rates in antispam, knowing that the standard rules offered by the suppliers of this type of solution do not always meet the specifics of a business, therefore causing problems for other businesses.

The great solution and weapon used for this purpose is to allow parameterization of certain occurrences through custom rules, which specifically meet that business need.

Rule Score Management

Much of the antispamframeworks are made up of a set of rules that detect behaviors in a message and assign scores, either positive or negative. If the sum reaches a certain configured score, the message is classified as spam, possible spam, or other solution facilities.

There are many spam detection rules and modules that are standard solutions and cannot be changed, or when they can, access is limited. This is a point to be analyzed as a strategy to reduce SPAM, because by allowing the client to define certain scores, the solution may be more parameterized to their experience, which is positive.

It is important to emphasize in this case that the standard values ​​offered are derived from studies and evaluations, so the changes must be conscious not to bring problems, both false positives and negative ones.

Either way, combining the ability to assign custom punctuation to manufacturer-defined rules, and creating custom rules with high flexibility and control over email as a whole, substantially increase the efficiency of antispam.

Antispam training

An antispamshould have training capability; this ensures greater adaptation and efficiency of the solution over time. It is natural that at the beginning of deployments some messages are not filtered by the solution, however, as they are trained as spam, or not spam, the efficiency increases in an incredible way.

This model allows users themselves to interact over time by fostering the antispamknowledge base, and respecting exactly the e-mail profile associated with the company’s business, which can vary considerably depending on the industry.

The training framework should be as simple as possible, just allowing people to mark the message, and this can be integrated with the email backend used, be it Zimbra, Exchange, Lotus, or other solutions suite. Users, on the other hand, need to be trained to perform the classification.

Quarantine and reports

For an antispamto have efficiency, it must also serve a visibility perspective on the part of the users. It is common, in some businesses, after the deployment or change of antispam, that user feels slightly insecure, driven by the possibility of not receiving important emails.

This sensation can be quickly resolved by quarantine access and by receiving daily (or more per day) individual reporting of what is in the quarantine, allowing users to release any retained emails, and mark it as not spam for future occurrences.

With the ability to create custom rules, assign scores to standard antispamfeatures, provide learning/training features and transparency to content users of their quarantines, the chances of success in reducing the number of unsolicited messages is too great.

When your company demands an antispam solution, in addition to technical aspects and conformities, it tries to understand what characteristics will facilitate the solution management, by administrators and users; this is certainly a very important point to be evaluated.

This post is also available in: Português English Español