VB calls for collaboration amongst anti-spam vendors

Posted by   Virus Bulletin on   Nov 30, 2009

VB finds that, when it comes to spam filtering, a combined effort outperforms individual products.

Virus Bulletin has discovered that running several spam filters in combination could be key to getting the best performance out of them.

Following the last VBSpam comparative review of anti-spam products, the VB test team established that if the efforts of several filters were to be combined, the performance would be significantly better than that of any of the products on their own.

In the test, almost 200,000 emails were sent to 14 different anti-spam solutions which were required to classify them as either ham or spam. The test revealed that no legitimate mail was blocked by more than four products. After the test, VB's anti-spam team decided to look into this further and considered a hypothetical filter that marked an email as spam if at least five of the 14 products did so.

Unlike any of the individual products, the hypothetical filter generated no false positives at all, and combined this 0% false positive rate with an impressive overall spam catch rate of 99.89% (higher than any of the individual products VB has tested).

VB's Anti-Spam Test Director, Martijn Grooten said: 'Anyone who has ever worked with an anti-spam solution will know that some spam emails are notoriously hard to filter, while some legitimate messages end up being marked as spam. It's therefore no surprise that no spam filter is faultless. However, the results of VB's test demonstrate that what is easy to filter for one product may cause trouble for another and vice versa.'

Grooten continued, 'For end-users this means that if spam filtering is business-critical, the use of more than one spam filter may be a good option. The anti-spam industry, meanwhile, should consider the benefits of collaboration and information sharing - and might be better able to protect our inboxes as a result.'

The next VBSpam test will be run in December, with the results to be published in January.

Posted on 30 November 2009 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.