Report: 15 solutions achieve VBSpam award

Posted by   Virus Bulletin on   Oct 15, 2014

Surprisingly, the presence of more URLs doesn't necessarily make spam easier to block.

Yet again, we have good news for those who need to run a spam filter (in other words: everyone who runs a mail server). 15 of the full solutions participating in our comparative anti-spam tests achieved a VBSpam award. They all blocked a large percentage of spam, while blocking very few legitimate emails. Only one product (the open source solution Scrollout F1) failed to achieve such an award this time.

Seven of the products - Bitdefender, ESET, GFI, Libra Esva, Mailshell, Netmail Secure, OnlyMyEmail and ZEROSPAM - achieved a VBSpam+ award for blocking more than 99.5% of spam, while generating no false positives at all in the 'ham' corpus, and very few false positives in a separate corpus of newsletters.


  VBSpam quadrant - click here to view a larger version of the chart.

Compared to the last test, most products saw an increase in their spam catch rates, showing that the decrease we saw then was temporary. Of course, spam is a problem of volume, so while the catch rates are pretty high, you shouldn't expect anything less from your email security solution.

This month, we also looked at a possible correlation between the number of domains present in spam and the likeliness of such an email being blocked. After all, many spam filters make use of URL- or domain-based blocklists, and spammers are known to use compromised domains or URL shorteners to prevent their emails from being caught out this way.


Somewhat surprisingly, on this month's spam feed we didn't notice such a correlation. This is a likely consequence of the fact that spam filters use a combination of many tools to determine whether an email is spam; hence one single factor, though contributing, does not necessarily have an impact that can be measured.

Again, this month's report has been split in two. A summary of the results with a focus on the state of spam can be viewed here in HTML format, or downloaded here as a PDF. The full report, with performance details of all participating products, can be viewed here in HTML format, or downloaded here as a PDF.

As of this summer, all content published through Virus Bulletin is available free of charge, and the test reviews are no exception. We encourage readers to make use of this and read the full report, if not for the performance details of the various products, then at least for the 'state of spam' overview these bi-monthly reports provide.

Posted on 15 October 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.