Report: 15 solutions achieve VBSpam award

Posted by   Virus Bulletin on   Oct 15, 2014

Surprisingly, the presence of more URLs doesn't necessarily make spam easier to block.

Yet again, we have good news for those who need to run a spam filter (in other words: everyone who runs a mail server). 15 of the full solutions participating in our comparative anti-spam tests achieved a VBSpam award. They all blocked a large percentage of spam, while blocking very few legitimate emails. Only one product (the open source solution Scrollout F1) failed to achieve such an award this time.

Seven of the products - Bitdefender, ESET, GFI, Libra Esva, Mailshell, Netmail Secure, OnlyMyEmail and ZEROSPAM - achieved a VBSpam+ award for blocking more than 99.5% of spam, while generating no false positives at all in the 'ham' corpus, and very few false positives in a separate corpus of newsletters.


  VBSpam quadrant - click here to view a larger version of the chart.

Compared to the last test, most products saw an increase in their spam catch rates, showing that the decrease we saw then was temporary. Of course, spam is a problem of volume, so while the catch rates are pretty high, you shouldn't expect anything less from your email security solution.

This month, we also looked at a possible correlation between the number of domains present in spam and the likeliness of such an email being blocked. After all, many spam filters make use of URL- or domain-based blocklists, and spammers are known to use compromised domains or URL shorteners to prevent their emails from being caught out this way.


Somewhat surprisingly, on this month's spam feed we didn't notice such a correlation. This is a likely consequence of the fact that spam filters use a combination of many tools to determine whether an email is spam; hence one single factor, though contributing, does not necessarily have an impact that can be measured.

Again, this month's report has been split in two. A summary of the results with a focus on the state of spam can be viewed here in HTML format, or downloaded here as a PDF. The full report, with performance details of all participating products, can be viewed here in HTML format, or downloaded here as a PDF.

As of this summer, all content published through Virus Bulletin is available free of charge, and the test reviews are no exception. We encourage readers to make use of this and read the full report, if not for the performance details of the various products, then at least for the 'state of spam' overview these bi-monthly reports provide.

Posted on 15 October 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

We are more ready for IPv6 email than we may think

Though IPv6 is gradually replacing IPv4 on the Internet's network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.

Paper: EternalBlue: a prominent threat actor of 2017–2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.

'North Korea' a hot subject among VB2018 talks

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.