IBM AH0QXML User Guide - Page 108

and compare it with, threshold value

Get IBM AH0QXML - Lotus Domino Messaging PDF manuals and user guides View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals

Page 108 highlights

rating. Positive tests identify characteristics of legitimate messages, while negative tests identify characteristics of spam messages. When combined, they yield extremely efficient spam identification. Following are examples of the types of tests conducted to identify the probability that a message is spam: Basic keywords and phrases in the e-mail message, like AMAZING or casino Malformed headers or addresses in the e-mail message header, such as missing headers, invalid date, suspicious list of recipients, recipients commonality ratio, forged "Received" headers Pornography rules - approximately 40 positive and negative tests to prevent false positives HTML form use in e-mail body Usual spam claims and unsubscribe URLs, such as "to be removed..", "we do not send...", "http://...?remove=..." Complex text patterns for common spam content, such as (?:You (?:were sent|have received|are receiving)|You're receiving).{0,15}(?:message|e-?mail)s? because - if you (?:(?:want|wish|care|prefer) not to |(?:don't|do not) (?:want|wish|care) to )(?:be contacted again|receive (any)?\s*(?:more|future|further) (?:e?-?mail|messages?|offers|solicitations)) Foreign character sets detected in headers and body Spam phrase identification. Count the ratio of frequent spam phrase occurrences, such as "credit card," "loan you," "multi level" and compare it with threshold value Unique identifiers, tags in the message/subject Suspicious text formats, for example a gap in text ("G E T R I C H F A S T"), lines of yelling ( BUY NOW!!! ) Nigerian scam, multiple patterns The Nigerian scam always mutates, and can be detected by pattern matching only. Network checks such as no MX record for sender's domain Realtime Blacklist checks, 10 RBL systems supported RBL tests don't uniquely identify a message as spam. They act as a contributing test to the probability that a given message is spam. Distributed checksum checks Razor network check supported. Provides peer-based identification of spam messages. 96 Lotus Domino 6 spam Survival Guide for IBM eServer

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
96
Lotus Domino 6 spam Survival Guide for IBM eServer
rating. Positive tests identify characteristics of legitimate messages, while
negative tests identify characteristics of spam messages. When combined, they
yield extremely efficient spam identification. Following are examples of the types
of tests conducted to identify the probability that a message is spam:
±
Basic keywords and phrases in the e-mail message, like AMAZING or casino
±
Malformed headers or addresses in the e-mail message header, such as
missing headers, invalid date, suspicious list of recipients, recipients
commonality ratio, forged
Received
headers
±
Pornography rules - approximately 40 positive and negative tests to prevent
false positives
±
HTML form use in e-mail body
±
Usual spam claims and unsubscribe URLs, such as
to be removed..
,
we do
not send...
,
http://...?remove=...
±
Complex text patterns for common spam content, such as (?:You (?:were
sent|have received|are receiving)|You're
receiving).{0,15}(?:message|e-?mail)s? because - if you
(?:(?:want|wish|care|prefer) not to |(?:don't|do not) (?:want|wish|care) to
)(?:be contacted again|receive (any)?\s*(?:more|future|further)
(?:e?-?mail|messages?|offers|solicitations))
±
Foreign character sets detected in headers and body
±
Spam phrase identification. Count the ratio of frequent spam phrase
occurrences, such as
credit card,
loan you,
multi level
and compare it with
threshold value
±
Unique identifiers, tags in the message/subject
±
Suspicious text formats, for example a gap in text ("G E T
R I C H
F A S T"),
lines of yelling ( BUY NOW!!! )
±
Nigerian scam, multiple patterns
The Nigerian scam always mutates, and can be detected by pattern matching
only.
±
Network checks such as no MX record for sender's domain
±
Realtime Blacklist checks, 10 RBL systems supported
RBL tests don't uniquely identify a message as spam. They act as a
contributing test to the probability that a given message is spam.
±
Distributed checksum checks
Razor network check supported. Provides peer-based identification of spam
messages.