David Koconis ICSA Labs
download slides (PDF)
Every day for the last several years, ICSA Labs has been collecting, analysing and relaying spam messages through a range of devices offered by some of the leading anti-spam product vendors to evaluate their quality of protection. This paper details insight gained during our extensive anti-spam message analysis and product testing efforts. First, the analysis performed on each spam message will be presented, including tracked characteristics of the daily corpus. Characteristics of the incoming spam corpus (e.g., volume, subject frequency, etc.) will be correlated with events reported to have had some effect on the corresponding characteristic spam on the Internet. Second, store-and-forward anti-spam testing will be contrasted with 'live' testing. Differences in protection quality observed for each device when 'live' testing is conducted will be discussed. Third, the array of detection technologies employed by the devices under test will be presented. Differences in measured effectiveness and false positive rates as a function of the detection technology will be highlighted. Fourth, a comparison of second exposure detection effectiveness as a function of detection technology and delay between initial and subsequent exposure will be reviewed. Finally, a comparison will be made between ICSA Labs anti-spam testing program and other well-known anti-spam testing programs.