This is a printer-friendly version of http://www.thevirtualworkforce.co.uk/newsletters/content-filter.

How effective is a content filter to fight spam?

The number of  junk emails which reach our server is higher than the legitimate emails we and our clients get all together. That's the bad news. It's annoying that many of those emails slip through the spam filter and end up in the users inbox. I can become a real problem if there are inexperienced users at the other end checking their inbox in good faith. It's so easy and quick to click on a link and regret it later.

To at least reduce the spam delivered to the users inbox we investigated hundreds of spam emails in order to find unique data which we could include in our mail servers content filter. We still check every spam email coming into our inbox or junk-email folder in Outlook. It got much, much less. Spam coming through to the inbox has probably been reduced by 90% and we are still getting better.

We found some data, which might help you to contain the problem a little bit. As none of our clients has business in Korea, we found it quite safe to enter the following in our content filter:

charset="koi8-r"

This alone reduced the spam delivered to users inboxes.

Often you see only an image file and you do wonder how this email couldn't be recognised as spam. The answer: Spammers use invisible text to trick the spam filter.

As I couldn't think of any reason why any of our customers should get a legitimate email with hidden content we decided to add the following line into our content filter:

visibility: hidden; display:none;

This again helped to reduce the delivered spam.

The main idea of this investigation was to find something a spammer has to use in order to get his spam email delivered. Words are changed very easily and often and numbers are used as a substitute. It would be almost impossible to catch up with those changes and update the content filter. We tried including URL's, which we could indentify that they are the destination for a link within a spam email. This also turned out to be to time consuming as there are too many of them.

Another approach we took, as a lot of unsolicited emails are using URL's from Hong Kong in their message, and none of our clients has any business relationship with Hong Kong we are testing now the following:

We created a list which has 1 letter of the alphabet followed by a dot and then the letters hk. This is supposed to treat any email which contains for example a.hk as a spam email and treats it accordingly. Up until now we haven't had one complain that a legitimate email bounced because of the content filter. This too helped us to reduce spam delivered to the users inbox.

Disclaimer - This newsletter is a free service providing information only. While we use reasonable care to see that this information is correct, we do not guarantee it for accuracy, completeness or fitness for a particular purpose. The Virtual Workforce Company Ltd. shall not be liable for damages of any kind in connection with the use or misuse of this information.