Antispam Engine at 100%

Antispam Engine at 100%

We have been closely monitoring the Antispam engine since the upgrade took place on Tuesday and so far the performance is quite impressive. We are blocking more messages than ever before and the false positive ratio has gone down as well. What that means is that ExchangeDefender classifies far less legitimate messages as SPAM incorrectly once in every 800,000 messages processed.

Our SPAM training will now resume, please accept our apologies if you happened to receive more SPAM than usual over the last few days. ExchangeDefender uses automated processes to classify messages as SPAM or legitimate mail based on hundreds of thousands of rules, sender reputation, message contents and more. No message is ever screened by a human being. We do monitor honeypots (our mailboxes placed on the Internet for the sole purpose of collecting junk mail) and build message filters accordingly, so if you wish to help by anything that ended up in your inbox that looks like SPAM, forward it to spam@ownwebnow.com (if you can also include the headers that would help a lot as well)

We have already built a set of rules for SPAM that has been emerging lately, mostly Regions Bank forgeries, graffiti.net scatter, Treasury Department Circular 230 and the massive amounts of URI SPAM being distributed through Google – google.com, google.co.uk, google.co.tw and more.

“I am still receiving far too much SPAM”

First, “too much SPAM” is a relative term. If your message has been online since 1993 and is on every mailing list available, you are likely receiving thousands and thousands of messages a day. If a few slip through it is simply due to the volume of mail sent to you – SPAM arrives to you before it does to us, there is no rule to filter for it, and the message gets delivered as legitimate. As the SPAM becomes more prevalent, it starts getting blocked by ExchangeDefender. If you would like to help us filter it faster, forward the message to spam@ownwebnow.com

Second, we only guarantee SPAM filtering efficiency of 99.99% if you have IP restrictions in place. If you are accepting messages from anyone that connects to your mail server than you take ExchangeDefender out of the mail flow and we are unable to protect you. Please ask your system administrator to enforce the IP restrictions and other helpful deployment strategies described at ExchangeDefender Support.

Finally, there is a difference between SPAM and the SPAM you subscribed to. If you subscribed to many stock newsletters, mailing lists, etc, we will not consider them for a SPAM rule. These are legitimate messages and you should address the issues with the sender, not with ExchangeDefender. If that is absolutely beyond consideration, contact your system administrator and request that they put the senders domain (Constant Contact, MarketWatch, Yahoo Finance, Wall Street Journal, etc) on your domain blacklist.

“How much SPAM is too much SPAM?”

On average, a small business organization (5-30 people) receives approximately 20-50,000 messages a day. Of that ExchangeDefender automatically discards roughly 70% just on the sender reputation, multiple blacklists, address book exploits, address harvesting, etc. Of the remaining messages, SPAM tends to compromise 10% and SureSPAM traditionally takes between 80 and 90% of messages, depending on whether there are viruses or worms being spread at the moment.

Overall, ExchangeDefender keeps 96-98% of inbound mail from your mailbox. That means that the combination of legitimate mail and SPAM that is falsely classified as legitimate, accounts for 4-2% of all mail. It is normal to receive a few messages a day, for some of the older addresses and generic addresses (info@, sales@, contact@, bob@) it can be towards a dozen. Anything more than that gets investigated. Anything below that, honestly, is within the fault tolerance of the filters. Remember that these are not screened out by a third party or a live human being, and that these cannot be guaranteed in any way because there is no way to predict what is SPAM before it actually gets sent enough times. SPAM filtering and Virus filtering are not the same thing and the protection does not work the same way. For example, if we blindly filtered every “Viagra” reference no legitimate email containing that word would ever pass through. Same for word fragments, say we filtered every instance of “ass” as SPAM? How many words in the English language contain the letters “ass” in them? Pass? Class? 

Thank you for your business, thank you for your patience with the new engine rollout and we hope this blog post helps explain how the SPAM filtering works and how we can all get rid of more SPAM.