False-positive management in anti-spam solutions

Spamming is a prospecting technique involving the mass distribution of unsolicited information, often of an advertising nature, by e-mail. Antispam is a system that enables the end user, the recipient, to protect himself as much as possible against receiving these unwanted emails.

The criteria used to measure the quality of antispam solutions are: false-positive and false-negative rates. The false positive rate is the percentage of legitimate e-mails wrongly identified as spam by the anti-spam solution in place. The false-negative rate is the percentage of spam messages interpreted by antispam as legitimate e-mail.

The lower these rates, the more efficient the solution. An effective anti-spam system is one that guarantees a low false-positive and false-negative rate.

Unfortunately, these two rates always vary inversely. It’s relatively simple to develop a solution that removes virtually all spam, but legitimate emails will inevitably be interpreted as spam. Conversely, by reducing the number of false positives as much as possible, the amount of spam detected will also be reduced!

False positives remain a critical element, however, as they may correspond to important, more damaging legitimate emails. So it’s natural to focus as much as possible on reducing the false-positive rate, while trying to maintain a good level of spam detection.

Given that all anti-spam software inevitably generates false positives, it is also advisable to offer the customer an alternative way of turning around in the event of false positives. A number of techniques are available to meet this challenge. In the case of a solution implemented directly on the user’s workstation, there will often be a folder associated with the spam, so that the user himself can analyze the contents of this folder a posteriori. In the case of a solution implemented on the mail server side, the vendor will offer either spam quarantine, or access to a webmail containing a specific spam folder, as in the first case.

An alternative and original solution offered by the Altospam antispam solution consists in notifying the sender of the message, via his own server, that his email has been refused by the antispam. The sender is thus informed that his message has been interpreted as spam and therefore not received by the recipient. So, just as a sender receives a return message if the recipient’s mailbox is full, the message sender can take steps to warn the recipient of the problem, or modify the content of the message so that it can be resent.

This solution solves the problem of managing false positives presented above. It also frees the recipient from the need to analyze spam emails after the fact. Isn’t the whole point of installing an anti-spam solution to prevent users from wasting time reading unsolicited e-mails?