|
Here we will share our experience how to work with SpamCombat to effectively
battle with spam.
From the beginning we think it is rather prudent to remind that G-Lock
SpamCombat is standalone spam filtering software that works independently of
one's email client. To maintain your inbox clear from spam, you should run
SpamCombat BEFORE your incoming emails reach your email client. I.e. you start
SpamCombat, which connects to your POP3 server, retrieves the headers of all the
emails and a defined number of lines from the messages bodies, catches spam
emails and deletes them from the server. As soon as the server is cleared from
spam, you run your regular email client and receive only legitimate messages.
Spam messages are permanently removed from the mail server and stored
(optionally) to the Deleted Items folder in SpamCombat. You can then easily
recover an email if it was accidentally marked as spam and moved to trash.
Working with SpamCombat filters
SpamCombat is supplied with an arsenal of anti-spam filters that you can easily
edit
and update to adapt the program to your mail. Let's examine each filter
separately
and find the best way to set them up:
Complex Filters
Complex Filter is a script (or scripts) that uses various functions, procedures,
or
operators to compare any fields from the message headers to the defined value
and
then classifies the email as spam or legitimate depending on the result.
Complex filter is primarily for advanced users who are familiar with VBScript
and
JScript. If you're a novice in script writing, you can just use the Complex
filters
supplied with SpamCombat by default. See
an example of a nice complex filter
Whitelist
For your convenience and saving time, SpamCombat lets you 'whitelist' emails you
receive from known senders: primarily newsletters you subscribed to, messages
from newsgroups, forums, etc.
But we DO NOT recommend that you 'whitelist' your contact emails stored in an
external address book although you know these people. Adding an entire address
book to the whitelist is not quite safe as it seems to be. Nowadays viruses are
known to use the email addresses from various address books to forge the
messages and send out themselves. Just a sample. Let's say you receive 2 emails
sent from a known email address email@address.com that is in your whitelist. One
of these emails is good and another one is forged by a virus. The whitelist
catches both emails and automatically marks them as good whilst there is only
one legitimate email actually. You receive these two messages then and guess
what!... your computer is infected with a virus.
To avoid this situation, let the Bayesian filter handle the emails you receive
from
your friends, colleagues, co-workers, etc. Keep reading this article to the end
and
you'll know how to make SpamCombat properly identify spam and legitimate emails
without adding them either to blacklist or whitelist.
Blacklist
SpamCombat is supplied with a solid blacklist. The blacklist filters (regular
expressions) allow:
- catching all common spam emails that are flooding almost everybody's inbox;
- catching 'short' spam messages including virus emails that do not come under
the
Bayesian filter due to the shortage of significant words.
If in the process of working with SpamCombat, you'll notice that any of the
blacklist
filters (regular expressions) wrongly marks some sort of messages as spam, you
can just de-activate that regular expression.
Surely you can add your own filters/regular expressions to the blacklist. What
is NOT highly recommended is that you blacklist ALL the domains/email addresses
from which you receive spam. No real emails are used to send spam. Today you get
a spam email from this domain and tomorrow you can receive the very same spam
email from an other domain. So, if you add all these domains/email addresses to
the blacklist, your blacklist will be growing and growing, and although there is
no limitation on its size, a very huge blacklist will surely affect the speed of
processing emails.
Only the emails that come with ~ icon should
be either whitelisted or blacklisted as
the Bayesian filter will not work on them due to the shortage of significant
words in
these emails.
HTML Validator
HTML Validator parses the HTML part of an incoming email and checks the HTML
tags for validity. If several dubious HTML tags are found, the message is
considered spam.
Keep this filter ON as it contributes its mite in catching spam as well.
Bayesian filter
The Bayesian filtering is based on the principle that most events are dependent
and
that the probability of an event occurring in the future can be inferred from
the
occurrences of this event in the past. This same approach is used to identify
spam.
If some piece of text occured mostly in spam emails but not in legitimate mail,
then
it would be reasonable to suppose that this email is probably spam. Read more
about the Bayesian filter here.
The Bayesian filter handles the messages, which were not resolved by any other
filter: Complex filter, Whitelist, Blacklist or HTML Validator filter.
During the initial training period the Bayesian filter adapts to your incoming
mail
and helps identify not common spam emails (emails that you personally consider
as
spam) that didn't came under the blacklist filters. In the similar way in the
process
of training the Bayesian filter creates a database of legitimate words that
allows
then an adequate classification of the messages you'll receive from your
friends,
colleagues, etc. as good.
How to train the Bayesian filter
When all the emails are retrieved from the server, preview the messages, which
were processed by the Bayesian filter and check up whether they were adequately
categorized as spam and good. If not, re-classify them by yourself. To do this,
use
Mark Message as Spam and Mark Message as Clean buttons on the Message Control
Toolbar in the SpamCombat. The filter learns from its mistakes and the next time
the emails will be marked properly. Also categorize by yourself 'unknown' emails
marked by a yellow exclamation sign !. The
Bayesian filter learns from these emails as well. The more you train the
Bayesian filter, the more its accuracy increases.
It is important to remember that the training affects only the Bayesian filter.
If an
email was wrongly classified as spam or good by any other filter such as
Complex, Blacklist, Whitelist, or HTML Validator, re-classifying that email
makes no sense. In this case, just edit or de-activate the appropriate filter.
DNSBL filter
DNSBL filter consists in comparing the sender's IP address against Public
Blacklists.
If the IP address is listed within a spam database, the email is flagged as
spam.
SpamCombat is provided with a list of spam databases. You can also update the
SpamCombat DNSBL database by yourself. Here you can view the list of active spam
databases:
http://www.declude.com/junkmail/support/ip4r.htm.
Inactive blacklists can be disabled or removed from the SpamCombat database.
If you have used SpamCombat for a period of time and had a chance to tweak it so
that it doesn't give false negative and/or false positive results, you can
switch
auto-deletion of spam emails on. It would not be out of place, nevertheless, if
you
look through the deleted items from time to time to be sure that no good email
was
trashed. If this happens, SpamCombat provides you the ability to easily recover
the
emails from the trash.
|
