What is the ESET Smart Security Antispam Module


Antispam behavior and user interaction

The Antispam module detects unsolicited email in two ways. The first is through a basic set of rules that are designed to automatically filter unwanted email messages. These rules are included by default in the installation of the program, and are updated along with the virus signature database updates. The second way that the Antispam module detects unsolicited email is by means of the Bayesian filter. The Bayesian filter can be trained on a per-user basis; the user manually marks a sufficient number of incoming emails as legitimate messages or as spam.

If you regularly receive spam from a certain address, you can add it to the Blacklist. If you wish to designate messages from a certain address to never be marked as spam, add the address to Whitelist. By default, the recipient address(es) in outgoing messages are automaticaly added to the Whitelist.

The following section is intended to explain how to proceed when an unsolicited message arrives

An unsolicited message has come to my inbox, what should I do?

If the message has not been filtered by the program, it is most likely an unknown type of unsolicited email and should be marked as spam. To do this, select the email message and click Spam on the ESET Smart Security Toolbar.

A message was marked as spam, but it is not spam

If a legitimate email message was classified as spam, the message must be reclassified. Click Not spam on the ESET Smart Security Toolbar.

I receive spam from a certain address on a regular basis

In the event that you consistently receive spam from a certain address, you can add the address to the Blacklist. To add an address to the Blacklist, select the email message and press ALT + S, or click Add to BL on the ESET Smart Security Toolbar. The list of addresses added to the Blacklist can be viewed in the main Antispam protection setup window. To add/edit/delete an entry, right-click in the window.

Antispam marks messages from an address which is trusted

You can add addresses you consider trusted to the list of trusted addresses (Whitelist). All addresses marked as trusted will be handled as not spam. To add an address to the list of trusted addresses, click Add to WL on the ESET Smart Security Toolbar.

Bayesian filter

Bayesian spam filtering is a very effective form of email filtering used by almost all antispam products. It is able to identify unsolicited email with a high degree of accuracy. The Bayesian filter can be trained on a per-user basis.

The functionality is based on the following principle: In the first phase, the process of learning takes place. The user manually marks a sufficient number of messages as legitimate messages or as spam (normally 200/200). The filter analyzes both categories and learns, for example, that spam usually contains words “rolex” or “viagra”, and legitimate messages are sent by family members or from addresses in the user's contact list. Provided that a greater number of messages was processed, the Bayesian filter is able to assign to each message a certain “spam index” and thus decide whether it is spam or not.

The main advantage is its flexibility. For example, if a user is a biologist, all incoming emails concerning biology or a relative fields of study will generally receive a lower probability index. If a message includes words that would otherwise qualify it as being unsolicited, but it is sent by someone from a contact list, it will be marked as legitimate, because senders from a contact list decrease overall spam probability.

The server-side control

The server-side control is a technique for identifying mass spam email based on the number of received messages and the reactions of users. Each message leaves a unique digital 'footprint' on the server based on the content of the message. Actually it is a unique ID number which tells nothing about the content of the email. Two identical messages will have identical footprints, while different messages will have different footprints.

If a message is marked as spam, its footprint is sent to the server. If the server receives more identical footprints (corresponding to a certain spam message), the footprint is stored at the spam footprints database. When scanning incoming messages, the program sends the footprints of the messages to the server. The server returns information on which footprints correspond to messages already marked by users as spam