When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. There are a few kinds of bounce notifications that a mail server can send: Recipient...

Before getting into the problem of backscatter, let's look at how the system is supposed to work before spammers ruined it for everyone. Let's say that you want to mail a letter to your friend. You write the letter, put it in an envelope, and write...

As the creator, editor and sole content contributor to this blog, I like to write about topics that are relevant to myself at the present moment.  For example, if we are dealing with a breakout of image spam, I will write a few posts about why image...

A month ago one of our spam analysts came across a Bank of America phishing spam.  The thing about this one is that it is one of the best I've seen in a long time: This is very legitimate-looking.  The logo is legitimate, it has correct grammar...

This post is a bit of a rant... but just a bit. I've been at Frontbridge/Exchange Hosted Services for a while.  We were a startup in 2000 (long before my time) and like any startups, the way to get going quickly is to use LAMP technology - Linux...

Continuing on in my series of rebuttals to the reviewers of my paper, I'd like to respond to the third and final review. I agree with the author that a set of common metrics is paramount for being able to measure and compare current approaches, and use...

Continuing on in my rebuttals to the reviewers who refused my paper (which I believe is my right... if they can review it and refuse then I can disagree with their reasons for refusal), I'd like to move on to the second reviewer. The definitions given...

I just finished a series on spam metrics and I submitted to the CEAS in order to get it accepted such that I could speak at the conference this year. I put it together in two days.  Well, as it turns out, it was rejected. The reviews on it were anonymous...

I came across an article in PC World about the top 50 Tech Visionaries.  I was only going to read a couple of them but ended up reading the entire thing.  I thought I'd repost 5 of my favorites and maybe add a couple of comments. Steve Jobs...

6. Grey Mail For all of our discussions around spam and non-spam, there is still the issue of grey mail. What is grey mail? Do we include grey mail in our spam corpus? Should we include it in the non-spam corpus or omit it altogether? To begin with, let’s...

4. Combining FPs and FNs Suppose we were evaluating two filters, Filter A and Filter B. Filter A has a catch rate of 91% but an FP rate of 5%. Filter B has a catch rate of 75% but an FP rate of 2%. Which is better? How can we combine the two metrics?...

From time to time, we have major spam emergencies.  Running a service, stuff invariably breaks.  We try our best to monitor stuff, but something always comes up that we weren't aware of.  Queues build up, perf monitors don't always get...

3. Measurements The first way to do this is by way of Catch Rate. Catch rate is defined by the following: Catch rate = = Spam correctly identified / (Spam correctly identified+missed spam) = TP / (TP+FN) This Catch rate gives us the effectiveness of a...

2. Definitions The email industry needs to converge on a set of standards around metrics. Specifically, while we all think we know what we mean, what we don’t know is what others think they mean. So, let’s define them: Legitimate mail (ham...

A few weeks ago I submitted a paper to the CEAS (Conference on Email and Antispam).  My paper was rejected but I thought I would reprint it here. I ended up writing this paper in two days.  I either had to write a 10-page paper or a 3-page one...