Installation manual
118
5.2.4.1 Rules
In the context of Antispam solutions and email clients, rules are tools for manipulating email functions. They
consist of two logical parts:
1) Condition (e.g., an incoming message from a certain address)
2) Action (e.g., deletion of the message, moving it to a specified folder)
The number and combination of rules varies with the Antispam solution. These rules serve as measures against
spam (unsolicited email). Typical examples:
Condition: An incoming email message contains some of the words typically seen in spam messages 2. Action:
Delete the message
Condition: An incoming email message contains an attachment with an .exe extension 2. Action: Delete the
attachment and deliver the message to the mailbox
Condition: An incoming email message arrives from your employer 2. Action: Move the message to the “Work”
folder
We recommend that you use a combination of rules in Antispam programs in order to facilitate administration and
to more effectively filter spam.
5.2.4.2 Bayesian filter
Bayesian spam filtering is an effective form of email filtering used by almost all Antispam products. It is able to
identify unsolicited email with high accuracy and can work on a per-user basis.
The functionality is based on the following principle: The learning process takes place in the first phase. The user
manually marks a sufficient number of messages as legitimate messages or as spam (normally 200/200). The filter
analyzes both categories and learns, for example, that spam usually contains the words “rolex” or “viagra”, and
legitimate messages are sent by family members or from addresses in the user’s contact list. Provided that a
sufficient number of messages are processed, the Bayesian filter is able to assign a specific “spam index” to each
message in order to determine whether it is spam or not.
The main advantage of a Baysesian filter is its flexibility. For example, if a user is a biologist, all incoming emails
concerning biology or relative fields of study will generally receive a lower probability index. If a message includes
words that would normally qualify it as unsolicited, but it is sent by someone from the user’s contact list, it will be
marked as legitimate, because senders from a contact list decrease overall spam probability.
5.2.4.3 Whitelist
In general, a whitelist is a list of items or persons who are accepted, or have been granted permission. The term
“email whitelist“ defines a list of contacts from whom the user wishes to receive messages. Such whitelists are
based on keywords searched for in email addresses, domain names, or IP addresses.
If a whitelist works in “exclusivity mode“, then messages from any other address, domain, or IP address will not be
received. If a whitelist is not exclusive, such messages will not be deleted, but filtered in some other way.
A whitelist is based on the opposite principle to that of a blacklist . Whitelists are relatively easy to maintain,
more so than blacklists. We recommend that you use both the Whitelist and Blacklist to filter spam more
effectively.
5.2.4.4 Blacklist
Generally, a blacklist is a list of unaccepted or forbidden items or persons. In the virtual world, it is a technique
enabling acceptance of messages from all users not present on such a list.
There are two types of blacklist. Those created by users within their Antispam application, and a professional,
regularly updated blacklists which are created by specialized institutions and can be found on the Internet.
It is essential to use blacklists to successfully block spam, but they are difficult to maintain, since new items to be
blocked appear every day. We recommended you use both a whitelist and a blacklist to most effectively filter
spam.
118
118