Advantages of Dr.Web anti-spam
- The anti-spam doesn’t require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives. Therefore, the anti-spam doesn’t require daily training by the system administrator.
- It detects spam messages regardless of their language
- No email receipt delays
- Real-time email filtering
- High-speed filtering with low consumption of system resources
- Can scan objects at any nesting level
- It can choose a processing technology for the target object depending on the message envelope or the blocking objects detected
- Messages that have been filtered out are placed in a separate folder so they can always be checked to make that sure that no false detection has occurred
- These unique technologies eliminate the need for blacklists. No company will be discredited after it has been deliberately added to such a list
- Stand-alone—requires no constant connection to an external server or access to a database, which saves traffic significantly
Highly effective junk mail filtering is combined with low consumption of system resources. This is the reason why Dr.Web anti-spam is able to operate efficiently on low-end hardware.
Depending on the results of the analysis, each message receives a score from the VadeRetro library – an integer ranging from -10,000 to +10,000. The higher the score is, the more likely the message is to be spam.
The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.
After a message has been analyzed, Vade Secure may add (depending on the plugin settings) corresponding headers to the message.
Spam filtering technologies
The Dr.Web anti-spam analyzes messages using several thousand rules which can be divided into several groups.
- Heuristic Analysis
- A highly intelligent technology that empirically analyzes all parts of a message: the header, body, and attachments. This makes it possible to detect unknown types of spam. The heuristic analyzer is constantly being improved; new rules are frequently added. This allows the next generation of spam messages to be detected even before a corresponding rule is created.
- Counter filtering
- Counteraction filtering is one of the Dr.Web anti-spam’s most advanced and efficient technologies. It recognizes the techniques and tricks spammers use to avoid detection.
- HTML signature analysis
- Messages containing HTML code are compared with HTML patterns from the anti-spam library. Such a comparison, in combination with data on the image sizes typically used by spammers, helps protect users against spam messages featuring HTML code, which often contain online images.
- Detection based on the SMTP envelope
- The detection of fake SMTP server stamps and other forged elements in email headers is a brand new anti-spam technology. A trusted sender address is not enough; criminals can forge it easily. Sometimes unsolicited messages do not merely convey advertisements. Such emails can contain hoaxes and even threats. Special Dr.Web anti-spam technologies can expose spoofed addresses and block such messages. As a consequence, it doesn't merely save traffic but also protects employees from fraudulent emails that can push them to do unpredictable things.
- Semantic analysis
- A message’s words and phrases are compared with words and phrases in the spam dictionary. All words, phrases, and symbols are analyzed – both those visible to the human eye and those hidden by spammer tricks.
- Anti-scam technologies
- Scam emails (as well as pharming messages – a type of scam) are the most dangerous type of spam, the most notorious example being the so-called “Nigerian” scams, loan scams, lottery and casino scams, and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.
- Bounce filtering
- Automatic email notifications or bounces are designed to notify a user if a failure occurs while the mail system is in operation (e.g., a message couldn’t be delivered to a specified address). Similar messages can be used by criminals. For example, a worm or ordinary spam can reach a computer as a notification. A special module of Dr.Web anti-spam detects such unwanted messages.