The approaches described in this section are approaches that could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
The problem of unwanted emails, commonly referred to as spam, in email-based communication technologies is well-recognized. Spam may include unsolicited messages sent by a computer user over a network to a large number of recipients, sometimes including attached files or hyperlinks. For typical users, spam mostly includes unsolicited commercial messages, but it also includes unsolicited messages sent for malicious, disruptive, or abusive purposes. For example, spammers sometimes send messages in bulk to a particular domain to exhaust the resources of the domain or to spread a virus. These unwanted emails waste the time, money, and resources of end users and service providers.
To combat the problem of spam, numerous anti-spam systems have been developed. Many of the systems currently in use apply a set of rules to incoming email messages to determine how to handle an incoming message. Based on the application of the rules to the message, the anti-spam system determines whether to deliver the message to a user's inbox, to a specially designated spam folder, or in the case of potentially malicious emails such as those that might be carrying a virus, to quarantine the message on an alternate server and not deliver the message at all. The determination might be made by applying a combination of categorical rules, such as quarantining all emails with attached executable files, and a set of aggregating rules that assign a score to an incoming email based on characteristics such as content, origin, file size, and/or the presence of attachments. Emails with a score over a threshold value might be designated as spam and delivered to the user's spam folder.
Most anti-spam systems apply the same global filtering rules to all users. In a system with a large and diverse group of users, using the same global filtering rules for all users limits the system's ability to be tailored to the behavior of any particular user. Specifically, rules that correctly identify spam for one user cause false positives for other users.
Some systems allow users to supplement the global filtering rules by adding their own unique set of categorical rules. Such a system, however, typically does not allow the user to modify the global rules, which in many cases are the ones that detect the majority of spam. Additionally, such a system puts the burden of customizing the system on the user, which is both ineffective and inefficient.