New Traffic Inspector module: protect traffic from spam

    Any program should be developed. Only such a path allows her to remain in the "cage", to use demand, to make a profit. The developers of the well-known Traffic Inspector system also go this way. New versions come out with enviable frequency, new features appear, new modules are added. Here and this time the functionality of the program has been expanded due to a new module - Traffic Inspector AntiSpam .

    Consider the main features and features of this very useful addition (there will be a lot of text and screenshots).


    The module is designed to protect against spam internal mail servers. It works under the condition of using the SMTP gateway of the Traffic Inspector program. (This feature is currently available for the Gold version). The module analyzes all messages arriving at the mail server, recognizing spam based on the specified rules and algorithms, which are based on the Bayesian classifier, which has become a classic for such checks. An important feature of this classifier is that it can be built on the basis of a sample with missing values, which is very suitable for checking a variety of mail messages.

    Although the Traffic Inspector AntiSpam module is based on the standard Bayesian classifier, it is implemented taking into account its own research and improvements regarding the detection of unwanted messages and specific signs of spam.

    Most often, anti-spam filters for e-mail messages are set either on e-mail clients (for individual users) or on e-mail servers (both public and corporate). A filter that checks incoming mail before it arrives at the server is used less often. Although in the conditions when a program is used to track traffic, why not use it to check mail too? Antiviruses stand in the way of traffic, now antispam can also be installed.

    The module built into the Traffic Inspector is self-learning. It analyzes all incoming messages, recognizing spam by the rules and algorithms that are displayed by its own self-learning system. But nevertheless, the help of an administrator or user is necessary - you can’t completely rely on the program’s work, since filters can fail, skipping explicit spam and writing completely correct messages to poor-quality mail.

    This module can be considered either the main or the additional one - besides it, on the guard of spam protection, the program also has a second module - the RBL SMTP filter. But it sometimes gives a misfire and is not always convenient to use. Although, for some IP address bases, protection provides reliable protection.

    So, to enable the antispam filter, you must have an SMTP gateway configured. Only if it is connected will work with the filter be available. Its configuration can be divided into two stages. The first is the configuration of actions when spam or a benign message is detected. As a rule, actions come down to adding the word SPAM to the message heading, as well as information about how this spam was detected, in the service message fields. In addition, each response to detected spam increases the weight value of the parameters that were used for this detection.

    On the contrary, for benign letters the weight value of the parameters decreases. The smaller the weight parameter - the more likely it is that the letter is good, and vice versa. If you wish, you can add information about the verification to the header and service fields of the message.

    Finally, there are simply suspicious letters about which the module cannot give a definite answer - whether the message is spam or not. For such letters, the weighted value of the parameters can not be changed, and in the heading, add information that this letter is only possibly spam.


    Here, in the settings, you can set the level of “aggressiveness” of the filter for checking messages (the higher it is, the lower the weight value the message will be considered as spam). It is possible to configure the size of the database for storing statistical data. But the larger the base, the better the filter works, but it will work more slowly. Therefore, it is possible to delete data from it with a period exceeding the established one. The database can be cleaned up completely, but this will mean that you will have to start the filter setup for spam recognition again.


    The settings mentioned above provide automatic processing of incoming messages. Nevertheless, especially at the first stage, an additional check of the correctness of the filter operation by a person is required. This task is performed through the module interface. Here you can display a list of received letters that have already been processed by the filter and have corresponding notes. Looking through the list, you can decide for yourself what is spam and what is not. The marks set by the user replace the automatic setting data and provide additional fine-tuning of the rules used by the filtering module. To increase the accuracy of message recognition, you can create black and white lists to tell the system in advance what is good and what is bad. And you can form your own rules on the basis of stable expressions,


    Each user can perform work with letters in their personal account in the Traffic Inspector program, which, in addition to defining spam, allows you to individually configure folders for sorting incoming letters and spam. The generated lists of incoming mail can be sorted by various criteria, impose filters on the view (for example, leaving only dubious ones). Reports can also be generated by such a parameter as words by which letters were classified as spam.

    Users of the network where the Traffic Inspector product with the anti-spam module is installed and receiving mail using MS Outlook do not need to perform module adjustment through the program’s personal account. Instead, it’s enough to install a small plug-in for your email client, and all adjustments to the distribution of letters between “benign” and spam can be done through the control panel. Choosing the right letter, you can define it as spam or, conversely, remove the affixed attribute and translate the received letter into the category of “benign”.


    No matter how well the filter works, but sometimes it works on completely correct messages. In order not to lose the necessary letters, the system provides the possibility of guaranteed delivery. It consists in the fact that when blocking spam, the sender can be sent a message about the impossibility of delivery, where, for the reason, it will be suggested to add a keyword to the subject of the message for guaranteed delivery (by default NOSPAM). Such letters will automatically be redefined as good and increase the accuracy of the module.


    Thus, the use of the Traffic Inspector AntiSpam module increases the capabilities of the system as a whole, protecting users from spam.

    Also popular now: