About Resume Contact Technology Portfolio Links

Description and configuration of a personal anti-spam solution

Introduction

Actually, the number of spams sended on the Internet is in constant progression.

A study published by Spam Filter Review indicate than 31 billions messages are sent every days, 12,4 billions (40 %) of those are Spam messages (www.spamfilterreview.com/spam-statistics.html).

Many solutions are available in order to fight against this issue. Several are dedicated to company and others are proposed to the final user.

This document presents a solution I have tested on my own computer. This solution remove more than 95% of the Spams I receive without removing any regular email (false positive).

Solution description

This solution is based on the Spamihilator filter (www.spamihilator.com) developed by Michel Krämer. This free software present many advantages:

  • The installation is very easy and the software runs on every Windows version (Microsoft Windows 95/98 or NT4/2000/XP).
  • An assistant is available in order to configure the user mail client software (tested with Microsoft Outlook Express/2000/XP/2003, Opera, Eudora, Pegasus Mail, Phoenix Mail, Netscape/Mozilla and IncrediMail), the software works with every mail client that support the POP3 protocol.
  • User interface may be localised according to several languages (21 languages are currently available).
  • Friend and enemy list are managed.
  • Spam detection is based upon a multi scheme method using several filters executing in sequential order.
  • An API is available to develop customized filter embeddable into the software as plug-in. Many plug-in are available on the Spamihilator web site (www.spamihilator.com/plugins/?category=1).

In the following, you will find the filter I have used in my configuration and I will give you some hints about their configuration.

Filter configuration

Spamihilator parameters are available through the "Settings" dialog box (see picture 1).

It is possible to modify the execution order of the selected filters.

In our configuration, the order is as follow:

  • Newsletter Plugin,
  • Empty Mail Filter,
  • Domain Filter,
  • Substring Filter,
  • AlphabetSoup Filter,
  • Learning Filter,
  • Spam Word Filter,
  • Attachment Filter,
  • Image Filter.
filter configuration screen

Hereafter, you will find a short description of the chosen filters and some information's about their configuration.

Newsletter plugin

This filter is used in order to identify the newsletter you have subscribed. This will ensure that Spamihilator will not block any newsletter message. You can enter the receiver address (many time the newsletter use the same address for every member) and a selected signature that appear in the message subject.

Empty Mail Filter

Some spam messages are empty. This filter can block message that contains very few words. It is possible to indicate the number of words upon which a message is considered as a spam.

Actual configuration is fixed to 2 words.

configuration (follow)

Domain Filter

This filter is based on the following: Spams messages contain very often some links to selected web site. Many time, domain name, which are linked, are unusual.

With this, I have developed a filter that extract all domain names from a message and use dedicated rules in order to identify spam message. This filter block many spams (more than 40%) and don't generate false positive.

There is no configuration for the actual version. You can download the last version of this filter (Windows installer, 82 Kb).

Substring Filter

This filter search for selected string into the source of the mail and block it if any string is found. This must be used with care as it may easily generate false positive. It may be utilised to block spams that pass through all other filters.

AlphabetSoup Filter

This filter search (in the subject and the body of the message) for useless string following some rules (not published by the author). A coefficient factor is computed and a threshold is achieved, the message is blocked.

There is no configuration option.

Learning Filter

This filter, which is directly integrated into Spamihilator, is a Bayesian filter. Following a learning stage, probability that a message is a spam is computed according to its words content. It is necessary to use the Learning zone in order to train this filter. Spamihilator author indicate that 98% of the spams messages may be blocked using this filter.

As many spams messages contains random words in order to defeat words based filters. It is better to use this filter later in the chain as many spams are already removed by the preceding filters.

Spam Word Filter

This filter search for "Spam Words" keywords and compute a spam probability according to a number associated with every "Spam Words". The mail is blocked if it contains keywords whose total spam probability exceeds the defined threshold.

The default installation use a dictionary with many common spam words pre-defined. It is possible to add custom spam words using the configuration screen.

configuration (follow)

Attachment Filter

This filter may block a message when it contains suspicious attachment. It look for document with the following extension: .com, .scr, .pif, .bat, .exe, .vbs, .bas, .cmd, .cpl, .lnk, .reg, .vb, .vbe and .wsh.

It is possible to customize the extension list.

Image Filter

This filter searches mails for images that are saved on external servers.