Adaptive Filtering of SPAM



Similar documents
Lan, Mingjun and Zhou, Wanlei 2005, Spam filtering based on preference ranking, in Fifth International Conference on Computer and Information

An Overview of Spam Blocking Techniques

Anti Spamming Techniques

About this documentation

Bayesian Spam Filtering

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Savita Teli 1, Santoshkumar Biradar 2

Simple Language Models for Spam Detection

Who will win the battle - Spammers or Service Providers?

Spam filtering. Peter Likarish Based on slides by EJ Jung 11/03/10

Journal of Information Technology Impact

Configuring MDaemon for Centralized Spam Blocking and Filtering

How to keep spam off your network

BARRACUDA. N e t w o r k s SPAM FIREWALL 600

A MACHINE LEARNING APPROACH TO SERVER-SIDE ANTI-SPAM FILTERING 1 2

Spam Filtering using Naïve Bayesian Classification

Do you need to... Do you need to...

Eiteasy s Enterprise Filter

An Efficient Spam Filtering Techniques for Account

Stop Spam Now! By John Buckman. John Buckman is President of Lyris Technologies, Inc. and programming architect behind Lyris list server.

Detecting spam using social networking concepts Honours Project COMP4905 Carleton University Terrence Chiu

Spam Filtering Methods for Filtering

Tightening the Net: A Review of Current and Next Generation Spam Filtering Tools

How to keep spam off your network

PANDA CLOUD PROTECTION User Manual 1

Purchase College Barracuda Anti-Spam Firewall User s Guide

REVIEW AND ANALYSIS OF SPAM BLOCKING APPLICATIONS

Spam DNA Filtering System

SpamNet Spam Detection Using PCA and Neural Networks

Evios. A Managed, Enterprise Appliance for Identifying and Eliminating Spam

MDaemon configuration recommendations for dealing with spam related issues

How To Stop Spam From Being A Problem

International Journal of Research in Advent Technology Available Online at:

Why Content Filters Can t Eradicate spam

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

SPAM FILTER Service Data Sheet

AntiSpam QuickStart Guide

Comprehensive Filtering. Whitepaper

EFFECTIVE SPAM FILTERING WITH MDAEMON

Solutions IT Ltd Virus and Antispam filtering solutions

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

Increasing the Accuracy of a Spam-Detecting Artificial Immune System

USER S MANUAL Cloud Firewall Cloud & Web Security

FILTERING FAQ

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

1 Introductory Comments. 2 Bayesian Probability

What makes Panda Cloud Protection different? Is it secure? How messages are classified... 5

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

Kaspersky Anti-Spam 3.0

More Details About Your Spam Digest & Dashboard

Marketing Do s and Don ts A Sprint Mail Whitepaper

Antispam Security Best Practices

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

Combining Global and Personal Anti-Spam Filtering

IMF Tune Opens Exchange to Any Anti-Spam Filter

A Content based Spam Filtering Using Optical Back Propagation Technique

Anti Spam Best Practices

Trend Micro Hosted Security Stop Spam. Save Time.

Spam Testing Methodology Opus One, Inc. March, 2007

Enterprise Marketing: The 8 Essential Success Factors

Anti-Spam White Paper

BARRACUDA SPAM FIREWALL FAQ

Introduction. SonicWALL Security

FireEye Threat Prevention Cloud Evaluation

Filtering Spam Using Search Engines

Webmail Friends & Exceptions Guide

Top 40 Marketing Terms You Should Know

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Analysis of Spam Filter Methods on SMTP Servers Category: Trends in Anti-Spam Development

Marketing Glossary of Terms

Top 25 Marketing Terms You Should Know. Marketing from Constant Contact

Setting up Microsoft Outlook to reject unsolicited (UCE or Spam )

Recurrent Patterns Detection Technology. White Paper

An Delivery Report for 2012: Yahoo, Gmail, Hotmail & AOL

Ipswitch IMail Server with Integrated Technology

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

Transcription:

Adaptive Filtering of SPAM L. Pelletier, J. Almhana, V. Choulakian GRETI, University of Moncton Moncton, N.B.,Canada E1A 3E9 {elp6880, almhanaj, choulav}@umoncton.ca Abstract In this paper, we present a new spam filter which acts as an additional layer in the spam filtering process. This filter is based on what we call a representative vocabulary. Spam e-mails are divided into categories in which each category is represented by a set of tokens which form a Representative Text (RT). Tokens are strings of characters (words, sentences, or some times meaningless strings of characters). This RT is used to compute a resemblance ratio with incoming e-mails. With this ratio we decide whether the incoming e-mail is a spam. This filter was implemented and integrated to Spamihilator software. Some experimental and interesting results will be presented. an efficient solution may threaten the usability of the e- mail as a communication means. Spam filtering can be applied at the client level or the server level. In this paper, we will focus on filtering spam at the client level. Several solutions and techniques for filtering spam were proposed in the literature. They are based on; header analysis, address lists, keyword lists, digital signatures [5,6], and content statistical analysis (Bayesian filter)[7,8]. (Keywords: spam, filtering, e-mail, UCE, UBE, unsolicited e-mail) 1. Introduction Spam constitutes a major problem for both e-mail users and Internet Service Providers (ISP). There is no standardized definition for spam, however, in general the word "spam" is used to refer to unwanted, "junk" e-mail messages. Spam can often be referred to as unsolicited commercial e-mail (UCE) or Unsolicited Bulk E-mail (UBE), however, not all unsolicited e-mails are necessarily spam[1, 2]. Spam is costly for both users and ISP. Unfortunately, this cost is not always understood by some users. Most see spam as annoying e-mails they can simply delete. They do not realize their real monetary impact. The spam cost to ISP is more dramatic and can be seen at two levels; increase of the load of e-mail servers and waste of bandwidth. Most ISP are not willing to bear all the costs of increasing their bandwidth, therefore, the users end up bearing the costs too, either under the form of wasted time because of slower internet access or of raised rates [3]. The average number of spam messages received is continually increasing exponentially. Figure 1 shows recent statistics on the number of spam messages received by one e-mail user and taken from [4]. Fighting spam is a necessity. The lack of Figure 1, Annual spam evolution The most effective and elaborate solution is the Bayesian filter which constitutes the main core of many spam filtering software. It is generally used in conjunction with the other techniques in the spam filtering process. They are applied as several layers. We start by examining white and black lists of addresses, followed by the list of keywords, and the Bayesian filter. It is very difficult to get high filtering rate using a one layer filter. Applying several layers of filtering certainly increases the filtering rate and consequently improves the overall result of spam reduction. The Bayesian filter divides manually the corpus of a high number of e-mail messages into two classes; legitimate or illegitimate (unwanted or spam). Each e-mail must be then split into tokens (words, html codes, etc.) so their occurrence in the corpus of messages can be computed. Based on this occurrence and using a specific mathematical formula, we can compute the probability that an e-mail is spam. Although the Bayesian filter is very effective, it needs to be updated regularly which involves a lot of computation that can be difficult to achieve in real-time. Sometimes, we would like to filter a

specific type of spam either because it constitutes the main source of annoyance or we would like to have a better success rate in eliminating this type of spam. In this case, the focus will be in a smaller spam corpus which should imply less computation but will require a more adaptive filter. We expect an adaptive filter to be more successful than any other general purpose filter. In this paper we propose an adaptive filter that works as an additional layer in the filtering process. Our approach consists of dividing the spam corpus into several categories. Each category is described by a representative text (RT) that can be compared to every new incoming e- mail. A resemblance ratio is then computed and used as a criterion for determining whether the incoming e-mail is spam. Our filter was implemented and integrated to the Spamihilator software. The Spamihilator [9] is a software made for spam filtering, which offers us an excellent environment for implementing our filter quickly without going through all programming hurdles for processing the e-mails. The experimental results on our filter show a significant improvement in eliminating spam e-mail messages. The paper is organized as follows; in section 2 a summary of spam filtering methods and techniques is given, in section 3 we present our approach and the implementation of our filter, some experimental results are presented in section 4, finally, in section 5, we give some concluding remarks and future work. 2. Spam filtering techniques The dramatic increase of the spam in the past two years created a real interest among many researchers for fighting spam. Many researchers are presently working in the implementation of new filters that prevent spam from reaching their destination either by blocking it at the server level or the client level. In January 2003 and 2004, a conference on spam took place at MIT in Cambridge and the Coalition Against Unsolicited Commercial E-mail (CAUCE) was established. While CAUCE is trying to introduce legislations that would make spamming illegal [1], other research groups are trying to fight spam by creating new filters [10]. Several companies are presently commercializing appliances for blocking the spam messages at the server level [11, 12]. 2.1. Client-based V.S. server-based solutions Protecting e-mail users individually can have its advantages; however, a server-based solution is normally more advantageous, especially for organizations. For e- mail users who have a spam problem with their personal e-mail account, using a client-based filter can reduce the number of spam messages received, therefore, can appear to solve their problem. However, an organization who wishes to reduce its spam should explore other options. In most cases, dealing with the problem at a server level is a better choice [13]. The cost of purchasing software to protect users individually can be higher than protecting them indirectly by protecting the server. Server-based solutions give administrators more control. Even if a company purchases anti-spam software for all of its employees, it is not guaranteed that they will use it correctly, if they use it at all. Some users might not want to put in the effort necessary to ensure the reduction of the spam they receive. With client-based solutions, the user determines which messages are spam. This freedom allows employees to receive messages which are forbidden by the organization s e-mail content policies. Furthermore, employees who do want to benefit from their anti-spam software will have to spend time tuning their spam filters. Some might not tune them correctly; therefore, spam messages will continue to appear in their mail box or, ever worst, legitimate e-mails could be lost. Client-based solutions do not prevent an organization s networks from being taxed by unwanted e-mails [14]. Spam that could simply be deleted by a server-based solution is stored on the server. When spam is only filtered once it reaches the user, the costs have already been incurred. The sooner we can detect spam, the less damage is made. If server-based spam protection seems to be a good solution for businesses, some might wonder why it could not be used in all situations. ISPs could protect themselves against spam that is distributed to their clients. The problem is that the user should have control of what he chooses to receive. The objective is to eliminate spam, not censor e-mails. It can be more acceptable for a business to have control of the content of the e-mails received by its employees. However, controlling the information to which users have access in their personal accounts is not desirable. Some filters can be put in place to eliminate unsolicited e-mails sent in bulk because these waste bandwidth and can slow down service for users, but filters that eliminate e-mails based on content should not be put in place. Users should have the right to control the information to which they wish to be exposed. Whether at the client level or the server level, there are several techniques for filtering the spam. We will discuss the most important ones. 2.2. Challenge and response A challenge is a question that the sender of an e-mail must correctly answer before an e-mail can be delivered. In most cases, senders only have to answer a challenge correctly once. After having answered a question correctly, they are put in an address whitelist. The challenges must be simple for a person, but difficult for a

machine. For example, the sender could be asked to identify how many oranges are in a displayed image. E- mailing challenges to a sender could cause a problem because if the sender also uses a challenge anti-spam filter, an infinite loop could be formed. This problem could be solved simply by automatically adding anyone you e-mail to your address whitelist. The sender could also be asked to visit a website to take the challenge. [15, 16] 2.3. Header analysis The header can be useful for tracing an e-mail. Most users do not see the complete header because most e-mail readers do not show it by default. The complete header is not shown because it contains information that is not normally important for the user such as information for computer to computer routing. The only information from the header that is normally seen by the user is the subject, the date and the From address. The only thing that can not be faked in the header is the last Received portion. This portion shows that the e-mail has been received by the recipient [17]. From the header analysis, we can find several hints which indicate that the received message is a spam, for example, an IP which does not match the domain name indicates that the header has been forged. A forged header is a very good indication that an e-mail is spam. Other indications may be used for identifying spam messages; the use of distribution list, the presence of error lines, etc. The header analysis is often used to make rules for heuristic spam filtering. 2.4. Digital signatures Digital signatures, also known as fingerprints, identify messages. Signatures of messages that have been identified as spam can be put in a database. This database is then used to compare the signature of received e-mail with the list of signatures of spam. If there is a match, the e-mail is spam. Ideally, this would mean that once one person that uses this database receives a particular spam message, the signature is added and that message would be blocked for all the other users of the database. Unfortunately, it does take time for a signature to be added to the database; therefore, others will receive the e- mail before it is blocked. Furthermore, slightly modifying a message will change its signature. Spammers often add random text in their e-mails which changes their digital signature. [5, 6] 2.5. Address lists There are two kinds of address lists. Address whitelists are lists of addresses of people from whom the receiver accepts all e-mails. Address blacklists are lists of addresses from which all e-mails are blocked. These lists can be implemented at both client and server level. Address lists can include not only specific addresses but also domain names and domain name extensions such as.org or.edu. In a client-based solution, the whitelist of addresses normally contains addresses of people the user knows and wishes to communicate with. The blacklist contains a list of the addresses of people with whom he does not want to communicate. When the user receives a spam message, he can add the address of the sender to his blacklist. In a server-based solution, the address blacklist can contain addresses of known spammers. Such lists are called Real-time Blackhole lists and are widely available on the Internet [18, 19, 20, 21]. A Real-time Blackhole list is a collection of networks that either allow spammers to use their systems to send spam, or have not taken action to prevent spammers from abusing their systems. The address whitelist can contain addresses used by the administrator to communicate with the users. In an organization, it can also contain the e-mail address of all the members. When using address lists, it is important to ensure that we do not add addresses without being certain that they are correct. Spammers often forge the header to make it appear that an e-mail has been sent from another address. The IP address is harder to forge than the e-mail address; therefore, sometimes it is easier to make a list using IP addresses. 2.6. Keyword lists Much like address lists, there are two kinds of keyword lists. Keyword whitelists are lists of words that indicate that an e-mail should not be deleted. Keyword blacklists are lists of words that indicate that an e-mail should be deleted. Keywords can be found in an e-mail s subject, header or body. Although they are called keyword lists, they are not necessarily only composed of words. They can contain patterns (a combination of several words) or codes. One of the major problems with keyword lists is that, in order to be effective, they must be made specifically for each user. This means that they are only appropriate for client-based solutions or in server-based solutions for organizations who wish to control the information to which their users have access. Creating a good keyword list can take time and skills. In addition, they must be periodically updated in order to make them as effective as possible. A major problem with keyword blacklists is that they can sometimes eliminate legitimate e-mails, case of a false positive. False positives can occur regardless of which filtering method is chosen; however, false positives using keyword blacklists can

sometimes be higher than acceptable if the list is not constructed very carefully. Whether keyword lists are used in client or serverbased solutions, they need to be created correctly and kept up to date. This takes time and effort. [22, 23] 2.6. Statistical methods With statistical detection techniques, e-mails are assigned a point value or a spam probability rating. This rating is calculated with a formula. E-mails are separated in tokens, each token is assigned a probability. These probabilities are then combined to find the e-mail s spam probability. The interesting aspect of statistical spam detection is that the filter continually learns and adapts itself to new spamming techniques because it uses e-mails received to create its spam statistics. There are several statistical methods, but Bayesian filtering is currently the most popular [8]. Statistical methods have proven to be quite effective; however, as they gain popularity, spammers find ways to modify their message in order to fool these filters. They can themselves use Bayesian methods to determine which words have high spamprobability ratings and avoid using them. Because there are so many ways to express an idea, spammers can normally get their message across without using words which have a high spam-probability. They can also add words which have a low spam probability, or even random text to their messages in order to reduce the message s spam probability. 2.6.1. Bayesian Filter. Bayesian filtering is statistical approach which was used by many researchers to build a spam filter. Paul Graham made a significant contribution to this domain in implementing and testing one of the first Bayes spam. [8] Later on, Gary Robinson added some improvement to this filter. He produced a number of alternative approaches to combining and scoring word probabilities. The architecture of the spam Bayes system has three different parts: Tokenizing, combining and scoring, and testing. Tokenizing consists of separating a message into a list of tokens. The Bayesian filter does not use HTML tags as tokens. Such tags, as well as other information such as images are simply eliminated. A particular attention has been placed on header tokenization. Experimentation is being conducted in order to find more effective ways of tokenizing headers. Combining and scoring consists of assigning a score to incoming e-mails by combining the probabilities of each token found in the e-mail. Several combining schemes have been tested. The first was a variation of the "Naive Bayes" scheme, proposed by Paul Graham, which generally produced scores of either 0 or 1. An e-mail which received the score of 1 was classified as spam, while an e-mail which received a score of 0 was classified as legitimate. Very few e-mails were classified as unsure. Using this scheme, the number of false negatives, as well as the number of false positives was relatively high. Other combining schemes were later suggested by Gary Robinson. He suggested a few approaches using the Central Limit Theorem. In these approaches, incoming e-mails received two scores; a spam score and a legitimate score. A greater number of e-mails were classified as unsure. Gary Robinson later suggested a combining scheme using chi-squared probabilities which has shown to be very effective. This combining scheme is now the most widely used. It also produces two scores; a spam score and a legitimate score. It classifies e-mails in three categories; spam, legitimate and unsure. Figure 2 [24], shows an example of bimodal distribution of spam-recognition logic, depicting a typical snapshot of around 10,000 messages being processed through one of our Mail Filtering servers. In the background, you'll notice the double-humped distribution as predicted by the pseudo-bayesian probability mathematics used in the classifier. Figure 2, bimodal distribution of spamrecognition logic Finally, training consists of feeding the tokenizer e- mails which have been separated into two categories; legitimate emails and spam. This is necessary in order to be able to compute the probabilities that the classifier will then use to determine if an e-mail is spam. 3. Our approach: Adaptive Filtering The goal of this paper is to propose a client-based filter. We would like to eliminate as much spam as possible by adding a new layer without creating an unacceptable number of false positives. This new layer is adapted to target spam by category. We assume that other strategies are already implemented in lower layers. An

open source software is ideal to implement our filter. This way, we will focus on the filtering algorithm and not waste time on implementing filters that already exist and creating an interface. Spamihilator software, written by Michel Krämer, offers us the right environment for the implementation of our filter. It has a user friendly interface and implements most commonly used spam filtering techniques [9]. Spamihilator uses address lists, intelligent keyword blacklisting and Bayesian filtering. We created our own plug-in which is token 1 based. However, it differs from the keyword filtering used by Spamihilator because it uses several independent token lists to build a representative vocabulary from which a Representative Text (RT) is defined. Each list contains tokens that are commonly used in a specific category of spam messages. This approach will allow us to take into consideration token associations; occurrence of certain tokens in the same message, their relative order, etc. It is also different from a traditional smart keyword list concept where keywords are given a spam probability. Vocabulary can be used in a variety of contexts. Using independent token lists allows us to have more options to implement our adaptive filter. The following is a brief description of the steps we used to implement our filter. 3.1. Create a corpus of spam messages Spam corpuses are available online [25]. Unfortunately, after careful examination of these corpuses we found that they do not contain a large specter of spam and have an excessive number of multiple copies of the same message. Furthermore, they need to be preprocessed in order to remove certain information like headers, HTML code and adapting them to the requirements of the Sphinx software we are using for text analysis. For all these reasons we decided to create our own corpus using the Université de Moncton e-mail server. A corpus of approximately 2000 messages was collected. 3.2. Splitting Spam messages into categories Sphinx Lexica and Hyper-base [24], generally used by linguists for text analysis, are software that we used to analyze our spam corpus. Although they have certain limitation on the number of messages they can process at a time (approximately 100) they are still very useful for extracting certain key characteristics of corpuses. We are mainly interested in the occurrence of tokens, occurrence of token associations, and text associations. These characteristics should help us to split our corpus into 1 Tokens is less restrictive than commonly used Keywords categories which can later on be used for the creation of RT. Fifteen categories or RT were defined using 2000 spam messages. For each category a RT was created in which non representative tokens like prepositions were excluded. We were hoping to automate the whole process of text analysis and separation but, unfortunately, because the software limitation that we mentioned above and the size of our corpus, part of the text classification was done manually. This makes text separation more complex but does not affect the validity of our approach. In future papers, we are planning to address the size limitation issue and automating RT generation. 3.3. Spam filtering criterion The criterion we are using is fairly simple, it is based on resemblance ratio that we can calculate and compare to a cut-off point. When the resemblance ratio between a category s RT and an e-mail is greater than the cut-off point, the e-mail is labeled as spam. We calculated the resemblance ratio as follows: Resemblance Ratio(RT, e-mail) = # of tokens in common # of tokens in the RT In this formula, we assume that tokens have equal importance. It is easy to add weights on tokens to reflect their impact. As a matter of fact, this formula is obtained from the lexical distance D between two texts A and B [26]. D is computed as follows: D= (A-A B)/A + (B- A B)/B, A B represents the common section of the two texts. A-A B and B-A B are the sections that characterize A and B respectively. The cut-off point can be adjusted according to the level of aggressiveness the user wishes to impose in filtering his e-mails. Let s note that the level of the cut-off point may affect the number of false positive messages. 4. Experimental results In order to test the filter s performance and find the best cut-off point, we slightly modified the algorithm. Instead of labeling an e-mail as spam as soon as a resemblance ratio was greater than the cut-off point, we outputted into a text file the resemblance ratio assigned for each category as well as the words from each RT that were found in the received e-mails. We sent e-mails from each of the 15 categories for which we had created a RT to the e-mail account we were filtering. We then compared the percentage of correctly classified e-mails obtained with different cut-off points. We found that the best cut-off point would be 0.2, with 55.6% of the messages classified within their defined categories. However, with a cut-off point of 0.1, 86.7% of the spam messages were classified in at least one category and 13.3% of e-mail messages fell outside our defined

categories. Extending their scope may increase the percentage of spam messages covered by all categories. Here again it is not our aim to cover all spam categories but to give the user the means to eliminate a specific annoying spam category. As we will see later, our filter meets this expectation. Number of messages: 778 messages Figure 4 represents the percentage of blocked messages vs. the cut-off points for various numbers of tokens in the RT of the weight loss category. It shows that the number of tokens in the RT has a little impact on the number of blocked messages. For cut-off points greater than 0.4, the number of blocked messages increases slightly when the number of tokens in the RT decreases. % of blocked messages 90 80 70 60 50 40 30 20 10 0 All blocked messages Blocked by the appropriate adaptive filter 0,1 0,2 0,3 0,4 0,5 0,6 0,7 0,8 0,9 1 Cut-off Figure 3, % of blocked messages vs. cut-off point 5. Conclusion In this paper, we showed that adaptive filtering targeting specific categories of spam messages improves the overall spam filtering when it is combined with other techniques as an additional layer. Using our filter, we were able to block additional spam messages that smart keyword filter failed to stop. We are confident that, by adjusting our filter, we will be able to improve its performance. We are aware that our technique has to be tuned and more experiments have to be done to improve its implementation. In future work, we are planning to improve RT creations and updating. Figure 3 shows the percentage of blocked messages by our filter with various cut-off points. The dashed line represents the total number of blocked messages; the solid line represents the percentage of messages blocked by the appropriate defined category. Most of the blocked messages are trapped by the appropriate defined category; it is clear that fighting spam by adaptive category gives a good result. We compared the performance of our filter with Spamihilator s smart keyword filter. Spamihilator s filter blocked more spam messages than ours. However, when we combined both filters we got better results in blocking spam messages. As we mentioned at the beginning of the paper our aim is to add another layer that improves the overall results of the filtering process. As a matter of fact, 60% of the spam messages that succeeded to pass through Spamihilator s smart keyword filter were blocked by our filter. This confirms the importance of adaptive filtering. % of blocked messages 120 100 80 60 40 20 0 Weight Loss - 48 messages All categories Weight Loss - 40 words Weight Loss - 17 words Weight Loss - 10 words 1 2 3 4 5 6 7 8 9 Cut-off Figure 4, effect of number of tokens in the RT on the % of blocked messages Acknowledgement The authors express their thanks to the anonymous Referees for their careful review and suggestions. A special thanks to Dr. Sylvia Kasparian for her help and for giving us access to her laboratory s software (Sphinx). References [1] The Coalition Against Unsolicited Commercial E-mail, www.cause.org [2] Mail Abuse Prevention System, http://mail-abuse.org /standard.html [3] Institute of Information & Computing Sciences, www.cs.ruu.nl/wais/html/na-dir/net-abuse-faq/spam-faq. html [4] Spam Statistics, http://bloodgate.com/spams/stats.html [5] InboxDoctor, http://www.inboxdoctor.com/smartshield.htm [6] www.mirror.ac.uk/sites/spamassassin.taint.org/spamassas sin.org/ index.html [7] Paul Graham, Better Bayesian filtering, January 2003, http://paulgraham.com/better.html [8] Paul Graham, A Plan for Spam, August 2002, http://paulgraham.com/spam.html [9] Spamihilator, www.spamihilator.com [10] Anti-Spam Research Group, http://www.irtf.org/asrg/ [11] Mailprotector, http://www.mailprotector.biz/how.asp [12] TrimMail Inbox, http://www.trimmail.com/ [13] J.A. Korsmeyer, Inc, www.jak.com [14] GFI Software Ltd, http://www.gfi.com [15] www.overcomeemailoverload.com/advice/antispamtools. html [16] Larry Seltzer, Challenge-Response Spam Blocking Challenges Patience, May 8, 2003, Security Supersite, http://security.ziffdavis.com/article2/0,3973,1066733,00.asp?kc =SCAV10303KTX1K0000557

[17] Ken Hollis, spam FAQ or "Figuring out fake E-Mail & Posts", http://digital.net/~gandalf/spamfaq.html#item1 [18] Domain Name System Real-time Black List, www.dnsrbl.com/index.html [19] Spamhaus, http://www.spamhaus.org/sbl/index.lasso [20] www.blars.org/errors/block.html [21] SpamCop Blocking List, http://spamcop.net/bl.shtml [22] Ion Androutsopoulos, John Koutsias, Konstantinos V. Chandrinos and Constantine D. Spyropoulos, An Experimental Comparison of Naive Bayesian and Keyword-Based Anti-Spam Filtering with Personal E-mai Messages, www.dwheeler. com/essays/stopspam.html [23] A tale of two lists, www.andrew.cmu.edu/~lw2j/spam _ban.html [24] Baulac Y. et Moscarola J. Le Sphinx Lexica : Manuel de [25] SpamArchive, www.spamarchive.org référence, LeSphinx-Developpement, Seynod-France. [26] Distance lexicale, http://ancilla.unice.fr/structure.html#fn9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information