Unsolicited and/or undesired commercial email is a significant problem for email administrators and users. A common category of undesired email is SPAM which is generally defined as bulk unsolicited email, typically for commercial purposes, and other categories of undesired email can be bulk email containing viruses and/or malware and the like.
At best, undesired email utilizes resources on email systems, occupies email account holder's time to review and delete and is generally frustrating and troublesome. At worst, undesired email can be malicious and can damage software, systems and/or stored data.
Much work has been undertaken in recent years to combat the growing problem of undesired email. One of the methods used to date to reduce undesired email in the form of SPAM is the use of Bayesian filtering wherein the content of received emails is examined for specified content to form a statistical decision as to whether the email constitutes SPAM. A message which is deemed to be SPAM can be flagged as such and/or directed to a selected storage folder or deleted from the system.
Another method to reduce undesired email is the use of scanners which examine emails to recognize viruses and/or malware and quarantine or delete the detected undesired email.
Another method commonly employed to date is the use of blacklists which identify IP addresses from which undesired email has been previously been received and which deem subsequent emails from those IP addresses as being undesired email.
Yet another method is described in U.S. Pat. No. 6,330,590 to Cotton wherein a checksum is calculated for each received email and is compared to a database of checksums of previously identified SPAM to determine if the received message is SPAM.
As can be imagined, as each new technical solution to detecting undesired email is introduced and deployed, the originators of undesired email alter their messages and/or sending techniques in attempts to circumvent the undesired email detection systems. Presently, the best practice for undesired email detection is to employ two or more different detection methods to obtain a synergistic result for the detectors.
While such multi-method detection systems can work reasonably well, they do suffer from some disadvantages. Specifically, many detection systems require regular and skilled input from email administrators or others to respond to changes effected by the originators of undesired email. Further, generally undesired email detection systems are configured to err on the side of caution in an attempt to avoid “false positive” detections and are therefore configured to operate at less than their maximum level of sensitivity for detecting undesired email. This is because, typically, it is deemed to be less harmful to receive some undesired email than to have a bona fide email flagged as undesired and be removed or quarantined.
Accordingly, users often still receive some amount of undesired email despite the active management of the process by email administrators and the use of the best multi-method undesired email detection systems.