User Guide
Kaspersky Anti-Spam Operation and Filtering Philosophy 37
• Spam Detection Standard (no RBL & DNS check) (the detect-standard-no-
rbl.xml file);
•
Spam Detection Soft (the detect-soft.xml file);
• Spam Detection Soft (no RBL & DNS check) (the detect-soft-no-bl.xml file);
• Spam Detection Hard (the detect-hard.xml file);
•
Spam Detection Hard (no RBL & DNS check) (the detect-hard-no-rbl.xml
file).
These profiles differ in:
• The "severity level" of spam attributes evaluation (the
Soft profiles identify
fewer and the
Hard profiles identify more messages as spam);
• Usage of the RBL checks (as well as the availability of the sending server
in DNS).
For more details on the differences in various common profiles included in the kit
see para 4.4.2.3, page 43.
At this stage the message is first of all checked against the local black and white
e-mail lists and IP addresses. These lists should be compiled and updated by the
user via the WebConfigurator (see para 5.2.5, page 73).
Then an estimation is performed to decide if the results of the earlier message
header analysis are sufficient to identify this message as spam.
The checks executed in the first stage and taken into account at the
current stage may include checks for unreadable "oriental" encodings,
e.g. Chinese.
If some users receive mails encoded in this way, you should find and
delete the corresponding rules from the applied common profile.
If the checks performed are not sufficient to identify a message as "spam", the
following additional checks will be executed in sequence:
• check against three different RBL service lists (DNS-based real time black
hole lists) starting with the most reliable list;
• check for presence of the sending server in DNS;
• content filtering (analysis of the message content).
The message is evaluated again after each check. The checks stop if the
message is identified as spam. Content filtering is the most important, but the
most resource-consuming check. That is why it is performed last.