Anti-spam

Top  Previous  Next

Dr.Web Anti-spam technologies consist of several thousand rules that can be divided into several groups:

Heuristic analysis—a highly intelligent technology that empirically analyzes all parts of a message: header, message body, and attachments, if any.

Detection of evasion techniques—this advanced anti-spam technology allows detecting evasion techniques adopted by spammers to bypass anti-spam filters.

HTML signature analysis—messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with the data on sizes of images typically used by spammers, helps to protect users against spam messages with HTML code linked to online content.

Semantic analysis—the words and phrases of a message (both visible to the human eye and hidden) are compared with words and phrases typical of spam using a special dictionary.

Anti-scamming—scam and pharming messages include so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module is used to filter scams.

Technical spam—Bounces are delivery-failure messages sent by a mail server. Such messages are also sent by a mail worm. Therefore, bounces are as unwanted as spam.

You can configure the following Anti-spam options:

Option

Description

Allow Cyrillic text

This option is enabled by default.

Select this check box to prevent SpIDer Mail from marking Cyrillic emails as spam without prior analysis. Otherwise, such emails are most likely to be marked as spam.

Allow Asian text

This option is enabled by default.

Select this check box to prevent SpIDer Mail from marking Asian emails as spam without prior analysis. Otherwise, such emails are most likely to be marked as spam.

Add the prefix to subjects of spam messages

By default, this option is enabled, and SpIDer Mail adds the [SPAM] prefix to the Subject field of all spam messages.

Instructs SpIDer Mail to add a special prefix to subjects of spam messages.

Using a prefix allows you to create filter rules for spam in those mail clients (for example, Microsoft Outlook Express) where it is not possible to enable filtering by headers.

Processing mail by spam filter

SpIDer Mail adds the following header to the processed messages:

X-DrWeb-SpamState: <value>, where <value> indicates whether the message is considered by SpIDer Mail as spam (Yes) or not (No).

X-DrWeb-SpamVersion: <version>, where <version> indicates Dr.Web Anti-spam version.

X-DrWeb-SpamReason: <spam rate>, where <spam rate> includes a list of evaluations on various spam criteria.

You can use these headers and the prefix in the Subject field, if selected, to configure email filtering for your mail client.

Note

If you use IMAP/NNTP protocols, configure your mail client to download complete messages from mail server at once, i.e. without previewing their headers. This is required for correct operation of the spam filter.

To improve performance of the spam filter, you can report errors in spam detection.

Note

Spam filter processes email messages composed in accordance with the MIME RFC 822 standard.

To report spam detection errors

1.Create a new email and attach the message that was processed incorrectly by the spam filter. Messages included within the email body are not analyzed.

2.Send the message with the attachment to the anti-virus network administrator.