Spammers use a variety of tactics in order to push their payload through to the end user.  In return, anti-spam companies have a variety of tools in their arsenal in order to combat spammers.  At one point, we, in the industry, need to ask ourselves "How many tools do we need to have in order to effectively combat spam?"

Wikipedia's entry for antispam techniques lists over 30 strategies for fighting spam.  Should we use all of them?  Some of them?  What mixture is the optimal mixture?

Let's look at the advantages of using a lot of techniques.  Clearly, there is a defense-in-depth strategy.  The more anti-spam techniques you have, the more likely you are to let fewer spam messages in to the end user.  Thus, the clear strength in having a lot of arrows is that you are much less likely to receive any junk mail in your inbox.

There are some disadvantages.  I can think of two main ones.  The first is that while spam catches are overlapping, false positives are often additive.  If three techniques all catch the same spam, many times the three techniques do not catch the same false positives and end up causing piles of FPs. 

For example, if filter A catches 45% of the spam, filter B catches 40% and filter C catches 30%, there is a great deal of overlap in what they catch.  Combined, let's say they catch 95% of all spam.  However, if each one has a 2% false positive rate, then most of the time they add up to a 6% FP rate when all is done (or 5.5%).  The law of diminishing returns applies with spam but not with FPs.  Adding more filters catches less spam (than the preceding filter) but usually adds a significant margin to the FP rate.

In my next post, I'll look at a second disadvantage.