VB calls for collaboration amongst anti-spam vendors

Posted by   Virus Bulletin on   Nov 30, 2009

VB finds that, when it comes to spam filtering, a combined effort outperforms individual products.

Virus Bulletin has discovered that running several spam filters in combination could be key to getting the best performance out of them.

Following the last VBSpam comparative review of anti-spam products, the VB test team established that if the efforts of several filters were to be combined, the performance would be significantly better than that of any of the products on their own.

In the test, almost 200,000 emails were sent to 14 different anti-spam solutions which were required to classify them as either ham or spam. The test revealed that no legitimate mail was blocked by more than four products. After the test, VB's anti-spam team decided to look into this further and considered a hypothetical filter that marked an email as spam if at least five of the 14 products did so.

Unlike any of the individual products, the hypothetical filter generated no false positives at all, and combined this 0% false positive rate with an impressive overall spam catch rate of 99.89% (higher than any of the individual products VB has tested).

VB's Anti-Spam Test Director, Martijn Grooten said: 'Anyone who has ever worked with an anti-spam solution will know that some spam emails are notoriously hard to filter, while some legitimate messages end up being marked as spam. It's therefore no surprise that no spam filter is faultless. However, the results of VB's test demonstrate that what is easy to filter for one product may cause trouble for another and vice versa.'

Grooten continued, 'For end-users this means that if spam filtering is business-critical, the use of more than one spam filter may be a good option. The anti-spam industry, meanwhile, should consider the benefits of collaboration and information sharing - and might be better able to protect our inboxes as a result.'

The next VBSpam test will be run in December, with the results to be published in January.

Posted on 30 November 2009 by Virus Bulletin



Latest posts:

In memoriam: Yonathan Klijnsma

We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.

VB2020 localhost videos available on YouTube

VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2020 presentation & paper: 2030: backcasting the potential rise and fall of cyber threat intelligence

At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.

VB2020 presentation: Behind the Black Mirror: simulating attacks with mock C2 servers

At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.

VB2020 presentation & paper: Advanced Pasta Threat: mapping threat actor usage of open-source offensive security tools

At VB2020, researcher Paul Litvak revealed how he put together a comprehensive map of threat actor use of open-source offensive security tools.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.