Latest technologies in the battle against Spam

Qustodium always uses the latest and most effective technologies in the battle against Spam. Our solution is based on a combination of filters that check every incoming e-mail for spam patterns, viruses and phishing attempts.

Once a mail has passed through the system and has been classified as malicious (i.e. spam, virus or phishing), the message is marked instantly as such. As a result, the message (perhaps containing a virus) will not even reach your system, avoiding a potential infection entirely. Other systems require you to download a dangerous message to your mail program first before they virus can be identified!

Note that none of the criteria by themselves is enough to say a message is definitely spam; you can easily come up with examples for where a given rule will misfire and incorrectly increase or decrease the spam score. However, when taken together, the collection is marvelously robust and accurate at identifying spam and ham.

Computer-based text recognition

In recent months a high number of image spam mails has been detected. Image spam is unwanted e-mail in which text is embedded in an image to foil traditional spam filters that catch spam by scanning messages for key words and by using other text-based techniques. By using Optical Character Recognition (OCR), Qustodium recognizes the embedded text and coverts it to data so it can be scanned like any other piece of e-mail for suspicious content.

Amongst other OCR systems, Qustodium also uses a system developed by Google .

Text block recognition

You have seen them a million times, but no more: Notifications that your rich unknown uncle left you a large sum of money in a bank account in Nigeria, or that you can become rich by investing in just the right stock at just the right time. Qustodium detects those repetitive messages through rule sets developed by the industry experts at SpamAssassin Rules Emporium, and several Qustodium-specific rules that are constantly fine-tuned.

Distributed checksum systems (DCC, Pyzor, Razor2)

DCC (Distributed Checksum Clearinghouse), Pyzor and Razor2 are distributed systems that enable Qustodium to detect spam messages that have been sent not only to you, but also to many other people world-wide. Every message is anonymously checked against a centralised server farm where massively distributed spam messages are stored. If the message is already known to the distributed system, it is more likely to be spam.

Bayesian filtering

A Bayesian filter classifies incoming e-mails by comparing them to a automatically created list of words and expressions. Most e-mails with words such as "Viagra" or "Casino" are probably spam (depending on the context of the words), and thus receive a higher score from our filters. Positive words such as "dinner" or "vacation" that are unlikely to turn up in spam messages decrease the spam probability.

White lists, black lists and greylisting

White lists contain e-mail addresses or domains that you consider trustworthy, and that do not need to be scanned for potential spam. For instance, you can add yourprovider.com to your white list in order to trust all messages from yourprovider.com. Black lists work the opposite way: every address or domain on your black list will always be classified as spam, so if you receive annoying messages from spammer@hotmail.com, simply adding that address to your black list will classify all messages from that address as spam.

In addition to your personal black and white lists, Qustodium checks all messages with a real-time list of domains and addresses that are verified as source for viruses or spam messages, and flags dangerous messages accordingly.

Greylisting is used at Qustodium to "temporarily reject" any email from a sender it does not recognise. If the mail is from legitimate mail server and not a spam bot, the originating server will try again to send it later, at which time Qustodium will accept it. Every successful (i.e. legitimate) combination of sender/recipient is stored in a white list to ensure that every subsequent e-mail is delivered instantaneously.