Anti-Spam

Kaspersky Internet Security includes Anti-Spam, a component that allows detection of unwanted messages (spam) and their processing in accordance with the rules in your e-mail client. It saves time while working with e-mail.

Unsolicited mass email mailings, most often including advertising messages.

Anti-Spam is built into the following mail clients as a plug-in:

You can use the lists of blocked and allowed senders to specify for Anti-Spam the addresses from which messages will be recognized as useful mail or spam. You may also consider as spam messages that are not addressed to you directly. Furthermore, Anti-Spam can check a message for the presence of allowed and blocked phrases and also for phrases from the list of obscene expressions.

To enable efficient recognition of spam and useful mail in Anti-Spam, the component needs training.

Component operation algorithm

Anti-Spam uses a self-training algorithm that allows the component to tell spam from useful mail better with time. The source of data for the algorithm is the contents of the message.

Anti-Spam work consists of two stages:

  1. Application of strict filtering criteria to a message. These criteria allow a quick determination as to whether the message is spam. Anti-Spam assigns to the message spam or not spam status, the scan is stopped and the message transferred to the mail client for processing (see algorithm steps 1 to 5 below).
  2. Inspection of messages, which have passed strict selection criteria during previous steps. Such messages cannot be unambiguously considered spam. Therefore, Anti-Spam has to calculate for them the probability of being spam.

The Anti-Spam algorithm consists of the following steps:

  1. The message sender’s address is checked for its presence in the lists of allowed or blocked senders.
    • If a sender’s address is in the allowed list, the message receives the Not Spam status.
    • If a sender’s address is in the black list, the message receives the Spam status.
  2. If a message was sent using Microsoft Exchange Server and scanning of such messages is disabled, the message is assigned the not spam status.
  3. A message analysis is performed to check if it contains strings from the list of allowed phrases. If at least one line from this list has been found, the message will be assigned the not spam status. This step is skipped by default.
  4. Anti-Spam analyzes a message to check if it contains strings from the list of blocked phrases or the list of obscene words. Whenever words from these lists are found in a message, their weighting coefficients are summed up. If the total of coefficients exceeds 100, such message will receive the spam status. This step is skipped by default.
  5. If the message text contains an address included in the database of phishing or suspicious web addresses, the message receives the Spam status.
  6. E-mail is analyzed using heuristic rules. If the analysis finds in a message signs typical of spam, the probability of it being spam increases.
  7. E-mail is analyzed using the GSG technology. While doing it, Anti-Spam analyzes images attached to the email message. If the analysis finds in them signs typical of spam, the probability of the message being spam increases.
  8. The application analyzes e-mail attachments in  .rtf format. It scans attached documents checking them for the presence of spam signs. Once the analysis is complete, Anti-Spam calculates how much the probability of the message being spam increased. By default, the technology is disabled.
  9. It checks for the presence of the additional features typical of spam. Each detected feature increases the probability that the message being scanned is in fact spam.
  10. If Anti-Spam was trained, the message will be scanned using iBayes technology. The self-training iBayes algorithm calculates the probability of a message being spam based on the frequency of phrases typical of spam found in message text.

Message analysis determines the probability of its being spam expressed as the spam rate value. The Spam or Probable spam status will be assigned to a message depending upon the specified threshold values of the spam rate. Besides, the product adds by default to the Subject field of spam and potential spam messages the label [!! SPAM] or [!! Probable Spam]. Then each message will be processed in accordance with your rules defined for e-mail clients.

In this section:

Enabling and disabling Anti-Spam

Selecting spam protection level

Training Anti-Spam

Scanning links in messages

Detecting spam by phrases and addresses. Creating lists

Regulating threshold values of spam rate

Using additional features affecting the spam rate

Selecting the spam recognition algorithm

Adding a label to the message subject

Excluding Microsoft Exchange Server messages from the scan

Configuring spam processing by mail clients

Restoring the recommended Anti-Spam settings

Internet Security arr Anti SpamPage top

Anti-Spam