Home
>
Spam Blocking
>
How Spammers Fool Bayesian Filters - And How to Stop Them

How Spammers Fool Bayesian Filters - And How to Stop Them

Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient, effective communication tool it was intended to be.

One method used to combat spam is Bayesian Filtering. Named after Thomas Bayes, an English mathematician, Bayesian Logic is used in decision making and inferential statistics. Bayesian Filers maintain a database of known spam and ham, or legitimate email. Once the database is large enough, the system ranks the words according to the probability they will appear in a spam message.

Words more likely to appear in spam are given a high score (between 51 and 100), and words likely to appear in legitimate email are given a low score (between 1 and 50). For example, the words "free" and "sex" generally have values between 95 and 98, whereas the words "emphasis" or "disadvantage" may have a score between 1 and 4. Commonly used words such as "the" and "that", and words new to the Bayesian filters are given a neutral score between 40 and 50 and would not be used in the system's algorithm.

When the system receives an email, it breaks the message down into tokens, or words with values assigned to them. The system utilizes the tokens with scores on the high and low end of the range and develops a score for the email as a whole. If the email has more spam tokens than ham tokens, the email will have a high spam score. The email administrator determines a threshold score the system uses to allow email to pass through to users.

Bayesian filters are effective at filtering spam and minimizing false positives. Because they adapt and learn based on user feedback, Bayesian Filers produce better results as they are used within an organization over time. They are not, however, foolproof. Spammers have learned which words Bayesian Filters consider spammy and have developed ways to insert non-spammy words into emails to lower the message's overall spam score. By adding in paragraphs of text from novels or news stories, spammers can dilute the effects of high-ranking words. Text insertion has also caused normally legitimate words that are found in novels or news stories to have an inflated spam score. This may potentially render Bayesian filters less effective over time.

Another approach spammers use to fool Bayesian filters is to create less spammy emails. For example, a spammer may send an email containing only the phrase, "Here's the link?". This approach can neutralize the spam score and entice users to click on a link to a Web site containing the spammer's message. To block this type of spam, the filter would have to be designed to follow the link and scan the content of the Web site users are asked to visit. This type of filtering is not currently employed by Bayesian filters because it would be prohibitively expensive in terms of server resources and could potentially be used as a method of launching denial of service attacks against commercial servers.

As with all single-method spam filtering methodologies, Bayesian filters are effective against certain techniques spammers use to fool spam filters, but are not a magic bullet to solving the spam problem. Bayesian filters are most effective when combined with other methods of spam detection.

The Solution

When used individually, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of the population to adopt the same anti-spam method in order to be effective. You can learn more about the fight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting enterprise anti spam solution today.

elite cleaning services Des Plaines ..

In The News:

New survey reveals 78% of parents fear AI scams targeting their kids, yet nearly half haven't discussed these threats. Learn why this dangerous gap exists.

Chrome now autofills passport and driver's license info automatically. Google's latest browser update adds official document support with encryption and user control.

Scammers impersonate Department of Veterans Affairs employees claiming veterans owe money, but real VA communications only direct to VA.gov or official channels.

The AltoVolo Sigma hybrid-electric aircraft flies 500 miles at 220 mph while operating 80% quieter than helicopters, featuring safety systems and compact design.

Google search scam alert: fake customer service numbers can give scammers remote control of your phone. Learn how to spot these traps and protect yourself.

Electric vehicles overtake gas cars in total CO2 savings after just two years of driving, with emissions benefits growing over time as power grids get cleaner.

Louvre Museum reportedly used "Louvre" as password for surveillance system during $100M jewel heist. Learn how weak passwords put even famous institutions at risk.

Bipartisan AI jobs bill from Sens. Hawley and Warner would require companies to report AI-related layoffs and hiring to Department of Labor quarterly.

Joe A. from Shelton, Connecticut, lost $228,000 to a ZAP Solutions cryptocurrency investment scam after his divorce, highlighting rising online fraud.

AI-powered autonomous trucks from Waabi and Volvo target U.S. freight driver shortage with Level 4 self-driving technology and NVIDIA computing platform integration.

Survive flight disruptions with expert travel tips: Book early morning flights, download airline apps and know your refund rights during service cuts.

Apple's iOS 26.1 update delivers major security fixes, performance boosts and enhanced privacy controls for your iPhone. Discover why updating now protects your data.

Russian hackers use fake CAPTCHA tests to spread dangerous malware targeting governments and journalists. Learn how to protect yourself from these deceptive attacks.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Miami-Dade debuts America's first autonomous police SUV with AI cameras, drone deployment and real-time crime detection in groundbreaking law enforcement pilot.

Bank impostor scams cost Americans $2.9 billion as criminals use AI voices and caller ID spoofing to steal life savings. Learn nine essential fraud protection tips.

Foreign-owned apps secretly harvest personal data from seniors, making them prime targets for scams. Learn how to protect your privacy and stop data brokers today.

Sens. Josh Hawley and Richard Blumenthal introduce bipartisan GUARD Act to protect minors from AI chatbots through mandatory age verification and disclosure requirements.

Ghost-tapping scammers exploit wireless technology to drain accounts through small transactions, but RFID-blocking wallets and transaction alerts can protect you.

French pilot project demonstrates wireless charging roads that can deliver over 300 kilowatts of power to EVs while driving, potentially eliminating range anxiety.

YouTube's Ghost Network spreads information-stealing malware through thousands of fake videos offering cracked software, using compromised accounts and fake engagement.

Protect your privacy by disabling your smart TV microphone. Most TVs have hidden mics that listen even when voice commands are off. Learn quick steps to stop unwanted audio capture.

SessionReaper vulnerability hits Magento and Adobe Commerce stores, compromising 250+ sites in one day. Hackers steal data and hijack shopping sessions.

Master essential parental controls and digital safety tools to protect your kids online. Learn screen time limits, location settings and privacy controls every parent needs.

Cybersecurity expert shares six essential steps to protect against dark web threats, including data removal services, password managers and antivirus software.

How Spammers Fool Bayesian Filters - And How to Stop Them

Spam Blocking