Layer Up to Keep Out Spam

Guarding the gateway and client pays off.

Its a fact that even the best anti-spam solutions fail to catch all spam. Therefore, IT managers should look at combinations of products and approaches to keep spam out while allowing legitimate e-mail into their organizations. eWEEK Labs believes a two-layer approach of managing spam at the gateway and the client, at least for some e-mail accounts, may be the best way to remedy the problem.

The quest to strike a balance between filtering spam and not filtering legitimate e-mail has resulted in products that filter most but not all spam. Unfortunately for e-mail accounts with common or published names, even stopping the majority can allow hundreds of spam messages to get through daily.

To gauge the value of adding desktop anti-spam tools to provide a second level of filtering, eWEEK Labs tested Block All Spam Inc.s Source Authentication Personal Edition, Qurb Inc.s Qurb 2.0 and Symantec Corp.s Norton AntiSpam 2004. We also looked at the embedded spam filtering capabilities in Microsoft Corp.s Outlook 2003 and The Mozilla Foundations Mozilla 1.5. The prices of these products range from free to $59 per user.

Adding a second layer of filtering can make a big difference, particularly when the first level of filtering doesnt provide end users with a means of tuning their own filters. Of the products we looked at, Qurb 2.0 and Mozilla 1.5 did the best job of filtering while providing users with a good level of control.

All these solutions used one or more of three approaches: proprietary filtering, Bayesian filtering and source authentication. All the products support white lists (lists of approved senders) and blacklists (lists of prohibited senders).

Qurb, Norton AntiSpam and Outlook 2003 use a combination of proprietary filtering, white lists and blacklists; Mozilla uses Bayesian filtering; and Block All Spams Source Authentication Personal Edition uses source authentication, which challenges the sender and forwards only messages for which it receives a valid response.

We found that the products that provide end users with more control generally did a better job in tests. Although not all users will want to spend time managing and tuning applications, the investment can pay off.

Every approach has its benefits and trade-offs. With proprietary filtering, a significant amount of legitimate e-mail—we saw as much as 10 percent—is inappropriately marked as spam.

With all the products except Source Authentication Personal Edition and Mozilla, we saw false negatives and positives; the downside was that false negatives sat in a spam folder in which they were quickly forgotten. Bayesian filtering requires users to spend initial time training the filter to work.

White lists and blacklists can be cumbersome to manage, and some approaches to managing these lists, although intended to be helpful, can instead be aggravating. For example, the Qurb application automatically generates a white list based on messages in a users in-box. Because theres probably already some spam in the in-box, the user will unintentionally approve some spam senders.

What to Look for in anti-spam products


  • Generally, filtering yields a number of false positives and negatives
  • Products should be tunable and customizable by the end user

White lists and blacklists

  • Provide a way to accept newsletters and other legitimate bulk e-mailings
  • Can be cumbersome to maintain

Source authentication

  • Completely eliminates spam from an in-boxlegitimate bulk e-mailings
  • Will slow down or possibly stop some legitimate e-mail
  • Needs to work in conjunction with other methods

We found source authentication, or challenge-and-response techniques, to be inconvenient because they require responding to automated responses—a behavior that, at this point, many users just arent going to learn. That second step is critical to preventing the tie-up of legitimate e-mail, particularly because automated challenge responses can be easily marked as spam by the recipients spam filtering.

Source Authentication Personal Edition, for example, is an application that sits between the mail server and client. The software has a white list and will hold all e-mail until it receives a response from the sender. The product worked as advertised in tests, but it lacks the polish and integration with messaging clients found in competitors. For example, adding to the white list requires sending a specially formatted message to the senders in-box.

Qurb, in comparison, gives users the option of using challenge and response to combat spam, but unlike Source Authentication Personal Edition, Qurb doesnt effectively block access to inbound messages.

Giving users the ability to see incoming messages is critical when balancing filtering against productivity. The products that provide a viewable repository for e-mail, including Outlook 2003, Qurb and Norton AntiSpam, proved helpful in effectively managing the influx of unsolicited e-mail. Simple sender validation tools, such as the Approve and Block buttons that Norton AntiSpam and Qurb use, made it easier to manage messages.

Technical Analyst Michael Caton can be reached at