Unsolicited mass e-mail or “spam” has become a serious problem for all Internet users. A user can receive tens of hundreds of spam messages in a given day. Some companies specialize in creating distribution lists that allow senders of spam or “spammers” to easily reach millions of undesiring recipients with advertisements and solicitations.
In view of the increasing burden created by spam, efforts have been made to filter spam before it reaches its intended recipients. These efforts include basic spam filters, which may operate using content-based rules. Essentially, these filters include software that recognizes content that is typically found messages, and flags messages having such content. Some filters may also block or filter messages originating from a particular address (e.g., a spammer's address). One drawback with these types of filters is that they are relatively static. That is, once a rule is created, it does not typically change or is relatively difficult to change. As a result, spammers can modify their messages to avoid these rules. Furthermore, the relatively static nature of these rules increases the possibility of false positives. False positives are legitimate e-mails that are mistakenly identified as spam. For most users, missing legitimate e-mail is an order of magnitude worse than receiving spam, so filters that yield false positives are particularly undesirable.
The present invention provides an improved system and method for analyzing and managing spam e-mails. The system and method monitors multiple instances of spam, creates and stores records of these instances, and uses related information and statistics to dynamically create, modify and retire rules for detecting spam and preventing it from reaching its intended recipients.