Identifying the most common spam characteristics
With so much anti-spam software on offer, it can be a daunting task to find the right spam filter for your company. At first glance most spam filters seem to offer the same features; DNS Black lists, heuristic analysis, header filtering, Bayesian filtering and black and white lists. However don't be misguided by appearance. There are important differences between spam filters and you should be aware of these before making your decision. Before selecting your anti-spam solution, ask these 5 questions:

1. Is the anti-spam software user-based?
   Many anti-spam products do not offer user-based spam filtering. User based spam filtering can be useful if you want to exclude certain email addresses from being spam filtered, or you only want to configure challenge/response for certain mailboxes. In addition user based spam filtering allows you to handle messages differently per user or group. Some users might prefer to have their spam messages in their junk mail folder whilst others prefer to received them tagged in their inbox.
   
2. Can users view their own spam mails and update black & white lists?
   You do not want your Administrator sitting all day reviewing all the quarantined messages and updating your white and black lists. It is much easier (and more efficient) to let your users review their own spam mails since they know best what is spam and what is legitimate. For instance, an investment newsletter might be legitimate for one user and spam for another.
   
3. Does the software offer detailed message tracking?
   Make sure that the spam filter provides adequate tracking of messages. In order to fine tune your spam filter it is necessary to be able to find out why a message was considered spam or legitimate, right down to the actual words found in the message.
   
4. Does the software provide bandwidth & storage savings?
   The spam filter should have the possibility to reject messages before they are received. For instance by checking DNS Black lists, Sender Policy Framework and invalid recipients, spam messages can be blocked even before they are downloaded, saving valuable bandwidth and storage space. Actually since these methods catch the bulk of spam, you could cut down on more than 60% of spam before it even reaches your server.
   
5. Does the software allow you to handle spam messages according to spam certainty?
   Most anti-spam programs have a layered approach, using different methods to determine whether a message is spam. However, does the spam software allow you to decide how to handle spam according to each method, or is all spam handled in one way? Taking a granular approach to spam improves efficiency and allows for early detection of false positives. For instance if a message is clearly spam, e.g. it is not addressed to a valid recipient or the IP address is listed on a DNS black list, there is no use in forwarding these messages to the user's junk mail folder. Since these messages can be considered spam with 99.99% certainty, these messages should either be rejected or placed in a quarantined folder that gets cleared automatically after a number of days. It would be a waste of your user's time to sift through these messages. However messages that have been flagged as spam by searching for words in the email are more likely to trigger false positives and benefit from being checked by a user.

See how Policy Patrol measures up:

1. Is the anti-spam software user-based?
   Policy Patrol allows you to exclude mailboxes from being anti-spam checked and also allows you to handle spam differently according to user or group (note that this does require a Policy Patrol Enterprise license). For instance Policy Patrol can hold spam messages on the server and send a quarantine report for some users, and forward the spam to the junk mail folder for other users.
   
2. Can users view their own spam mails and update black & white lists?
   Yes Policy Patrol allows users to access their own quarantined messages and add entries to the white list and black list via a web console. With the daily (or hourly) quarantine report, users will never miss a legitimate email again. Users can quickly skim through the list of newly quarantined spam messages from within Outlook and deliver emails or white list addresses. If preferred Policy Patrol can also forward spam to the user's junk mail folder.
   
3. Does the software offer detailed message tracking?
   Policy Patrol provides detailed tracking of messages, showing each message that was received (or sent) through Policy Patrol and what happened to it. For each message it shows exactly which condition caused the message to be flagged as spam, right down to the actual words found in the message.
   
4. Does the software provide bandwidth & storage savings?
   Policy Patrol can drop the SMTP connection if an IP is listed on a DNS Black list or the email does not contain any valid recipients, providing valuable bandwidth and storage savings. Policy Patrol can also use the Sender Policy Framework to verify IP addresses and domains. If SPF returns a hard fail, these messages can be rejected as well.
   
5. Does the software allow you to handle spam messages according to spam certainty?
   Policy Patrol offers advanced granularity, allowing you to specify for each method how spam messages should be dealt with. For instance with Policy Patrol you can reject messages with IP addresses on DNS Black lists, delete messages with URLs from SURBL lists and forward spam messages with spam words to the user's junk mail folder. This means that you can increase efficiency whilst reducing the risk of unnoticed false positives.