Anti-spam protection

The smart filtering technology of Dr.Web Security Space based on several thousands of rules recognizes spam messages in any language with the industry highest probability.

Key features Real-time check of incoming and outgoing e-mail. The client independent anti-spam doesn’t cause a notable receipt delay. The anti-spam springs into action without training as soon as the first message arrives. Specific language-independent detection technologies for spam, scams, phishing, pharming messages and bounces provide a strong detection probability. Anti-spam check of outgoing e-mail may also give you a clue if your system has been compromised and joined a botnet while the prompt blocking of outbound spam shall mean that you won’t have your computer disconnected from the Internet as a spam bot. Spam messages are sorted to a specified folder where you can review them any time to make sure that no false detections have occurred. The stand-alone spam analyzer doesn’t communicate with any server or a database which also contributes to the lower use of traffic.

Advanced settings

Experienced users can take advantage of the advanced settings of the anti-spam.

Use white and black lists to keep your personal record of trusted and blocked addresses. Check encoding settings to make sure messages in your language are not labeled as spam. Make sure that messages with certain encodings are always sorted out as spam. Sift out bounces – message delivery failure notifications sent by a server because of its configuration errors or due to activity of a mass mailing worm.

Training

Unlike anti-spam solutions based on the Bayesian spam filtering and other similar techniques, the Dr.Web anti-spam doesn’t need to be trained in advance and springs into action as the first message arrives!

If a legitimate message has been detected as spam, don’t hesitate to report the false detection at a specified e-mail address to improve the spam-filter.

• False-detections are reported at vrnonspam@drweb.com
• Failed detections are reported at vrspam@drweb.com.

Forward your reports as attachments but not inline!!!

Filtering technologies

Dr.Web anti-spam technologies consist of several thousand rules that can be divided into several groups.

• Heuristic analysis – a highly intelligent technology that empirically analyzes all parts of a message: header, message body, and attachments, if any.



• Detection of evasion techniques – this advanced anti-spam technology allows detecting evasion techniques adopted by spammers to bypass anti-spam filters.
• HTML-signature analysis – messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with the data on sizes of images typically used by spammers, helps protect users against spam messages with HTML-code linked to online content.



• Semantic analysis – the words and phrases of a message – both visible to the human eye and hidden – are compared with words and phrases typical of spam using a special dictionary.



• Anti-scamming – scam (as well as pharming messages) is the most dangerous type of spam including so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.



• Technical spam – bounces are delivery-failure messages sent by a mail server.Such messages are also sent by a mail worm. Therefore bounces are as unwanted as spam.

Glossary

Pharming is an Internet fraud based on redirection of victims to bogus web-sites looking legitimate to users. Such sites typically copy design of web-sites of banks and are used by scammers to collect personal information of customers.

Phishing is an Internet fraud aiming to steal personal data including passwords, credit card and social security numbers. A spam mailing or a mail worm can be used to deliver a fake message from an financial institution instructing a victim to visit a bogus web-site and submit personal information that is later used by criminals for identity theft.

Phisher tricks

• Replacement of a sender address with an address related to a respected company showing that a vulnerability of the SMTP has been exploited.
• Using botnet computers all over the world to make sure that messages look legitimate.
• Using data obtained by malware from address books of e-mail clients.
• Making a link provided in a message look similar to a link to the supposed legitimate site.
• Copying look and feel of original web-sites.
• Adding excessive fields in a submitted form to distract user’s attention.
• Prompting users to follow instructions provided by phishing e-mails by urgent warnings about supposed closure of a bank or a user account.

Scamming is another type of an Internet crime based on a confidence trick aiming to obtain money of a victim. Well-known Nigerian scams and dating fraud are typical examples of scamming.

Vishing (voice phishing) is an Internet fraudulent process aiming to obtain personal and financial information. using war dialer software supporting VoIP. A victim receives a phone call informing a user about supposed unauthorized use of a credit card or a bank account and instructing to call a specified number. The very number related to a trusted financial institution is typically displayed in the spoofed caller ID and a user is prompted to enter his credit card number or other personal information with a key pad of the phone. Later this information is used by criminals to withdraw money from the victim account or for an identity theft.