Keep Spam at Bay with SpamBayes

By Corey Nachreiner, WatchGuard Technologies Network Security Analyst

"And the worst part of all," the grandmotherly lady told me in dismay, "is that I'm getting a couple of these every week!"

I hid a grin. It's my job to monitor the Internet for emerging security threats, so I've subscribed to a lot of discussion lists. As a result, I get more unsolicited emails than anyone I know -- over 200 spam messages a day. If I received merely two unsolicited email messages a week, I'd think I'd gone to email heaven. But this particular weekend, as I taught about Internet security at a local writer's conference, my audience generally worked from home. And the 70-year-old lady sharing her consternation about two pornographic messages a week shouldn't have to become as familiar with the spam avalanche as I've become. So I told her about SpamBayes.

Like her, if you use SpamBayes, two weeks from now your home PC will show a mere fraction of the amount of spam you see now. This is especially great if you share your computer with kids who don't need to know that "hot girl on girl action" isn't Buttercup and Blossom playing tag on a summer day. Oh -- and SpamBayes is free.

What Is SpamBayes?

Originally, spam filters didn't have to be too sophisticated. If the subject line is in ALL CAPITAL LETTERS and ends with !!!!!!!! it's probably spam, right? But as spammers have gotten more clever, so have spam filters. SpamBayes is a project dedicated to developing an anti-spam email filter, using a statistical technique called Bayesian analysis to recognize and block spam. Bayesian analysis (named after Thomas Bayes) measures the probability of whether or not a new piece of data matches a group of previously classified data. In other words, if you have a bunch of emails you've already categorized as spam, Bayesian analysis can tell whether or not new email is spam, by scoring how closely it matches your old spam.

How well SpamBayes works for you, then, hinges on one key factor: a list of known spam messages to compare against. You train SpamBayes to recognize what you consider spam, and what you consider normal email. That's why I said "two weeks from now" you'll have less spam. But that's also why SpamBayes is so accurate: you get to customize it to your lifestyle.

Installing SpamBayes

Ready to try SpamBayes? Here we go!

The SpamBayes email filter comes in many forms, including an Outlook plug-in. You can download the Outlook SpamBayes plug-in here. Note that the plug-in only works with Outlook. (Not with Outlook Express. Sorry.) Go ahead and get it now if you'd like -- I'll wait right here.

Back already? Okay, now that you've downloaded the plug-in, close Outlook and double-click the file you downloaded named, "Spambayes-Outlook-Setup-006.exe." Accept all the defaults by pressing Next twice, then Install, and finally Finish. That's it; the Outlook SpamBayes plug-in is installed!

Fine-tuning SpamBayes

After installing SpamBayes, re-open Outlook and you should see two new buttons on your Outlook toolbar: "Delete as Spam" and "SpamBayes."  These will help you train SpamBayes. Don't worry, this is not too hard for you!

1. First, create folders for both spam and possible spam. If you don't already have a "Folder List" view in Outlook, click View => Folder List to bring one up. Right-click on your Inbox folder and choose New Folder. Call the new folder Spam and place it under Inbox. Repeat the same steps to create a second folder called Spam Maybe. Once you've created these folders, move any spam already in your Inbox to the new Spam folder.

2. Now we'll prepare SpamBayes for its education. In Outlook, click on the new toolbar item called SpamBayes => SpamBayes Manager. Click the Train Now button to open the "Training" window. Click the first Browse button and browse to your Inbox folder. Make sure that "include subfolders" setting is not checked and press OK. Now click on the second Browse button and browse to your new Spam folder and press OK. If you moved some spam to your Spam folder in step 1, now is a good time to press the Train now button in the "Training" window. If not, wait until you have received at least five spam messages and transferred them to your Spam folder before clicking Train now. Afterwards, click Close to return to the main SpamBayes Manager window.

3. Finally, you must tell SpamBayes what to do with any spam it receives. Click the Define Filters button in the main SpamBayes Manager window. Press the Browse button next to "Filter the following folders as messages arrive." Here you tell SpamBayes where it should look for new spam to block. Most users receive their email in the Inbox, so that's the most common folder to select for this option.
   
   Next, under "Certain Spam" you can tell SpamBayes the score an email must receive to be defined as spam, and how to handle such messages. Think of this score as points a particular email gets for each way it resembles past spam messages. The subject line contains the word Viagra? Score a point! Go ahead and leave the setting for "Certain Spam" at its default, 90. This means if SpamBayes is 90 percent certain an email is spam, it will treat it as spam.
   
   Now you need to tell SpamBayes how to handle messages that are definitely spam. SpamBayes can leave a spam email alone, move it to some folder, or copy it to some folder. I recommend you press the down-arrow button under "Certain Spam" and choose "Moved." To tell SpamBayes where to move spam to, press the Browse button and choose the Spam folder you created earlier. As you pile up more bad messages in the Spam folder, SpamBayes has more and more information about what spam is to you.
   
   Since SpamBayes won't be deadly accurate at first, follow the same steps above for telling it how to handle messages that it thinks might or might not be spam. Leave the "Possible Spam" setting on its default, 15, and have SpamBayes move such messages to the Spam Maybe folder. Press OK and now SpamBayes knows where to shove any spam it detects.

4. We've set up all these options, but we haven't activated them yet. To do so, look in the main SpamBayes Manager window for a setting called Enable filtering. Putting a check next to that setting turns on your spam-blocker. However, before you enable that setting you must train SpamBayes with at least five spam messages and five normal messages. If you already moved some spam to your Spam folder in step 1 and trained SpamBayes in step 2, you can enable this setting now. Otherwise, wait for some spam to arrive, move it to the Spam folder, and follow the end of step 2 to train SpamBayes.

   Once you check the Enable filtering setting, SpamBayes starts learning and acting.

   Practice Makes Perfect

   Now that you've activated SpamBayes, as soon as spam arrives, SpamBayes moves it to your Spam folder. However, like an athlete training for a sports events, SpamBayes gets better with practice.

   For the first few days you use it (depending on how often you check email, and how often you receive spam), spam will still arrive in your Inbox. This is normal. After you train SpamBayes for awhile, it becomes extremely accurate.

   When an email arrives in your Inbox that you consider spam, select it and press the Delete as Spam button on your Outlook toolbar. This moves the message to your Spam folder and tells SpamBayes to recognize future similar emails as spam. You'll also find messages in the Spam Maybe folder that might or might not be spam. As messages appear in this folder, highlight the ones you consider spam and press the Delete as Spam button. You'll also have a Recover from Spam button on your toolbar. If you find a message in Spam Maybe that isn't spam, highlight it, and press the Recover from Spam button to send it into your normal Inbox.

   As you continue to train SpamBayes, you'll notice less and less spam appearing in your Inbox. The beauty of this training method is that you can totally tailor SpamBayes to your personal preferences. If you receive mail that normally isn't classified as spam, but you really don't want it, tell SpamBayes it's spam and get rid of it. Likewise, if you happen to receive "spammish" emails about a subject you really are interested in (like my wife's favorite gardening newsletter), train SpamBayes to accept them.

   The author of SpamBayes updates it often. I'd recommend visiting his Web site intermittently to check for updates.

   Now you know a simple way to regain absolute control of your Inbox. It sure put a smile on the face of the 70-year-old woman at the conference. Here's hoping it does the same for you. ##