Spam Sleuth Review Overall Rating:

Description

Spam Sleuth is a spam filter that operates as a proxy. It uses a large array of filtering techniques (pretty much all the methods in general use today) and is highly configurable. It has basic anti-virus capabilities and can automatically remove suspicious attachments.
It provides challenge/Response capability, a novel "E-mail stamps" feature, can send "fake" undeliverable messages and even relay and auto-respond to messages.

Verdict

Spam Sleuth is an extremely comprehensive anti-spam solution. It has the richest feature set of anything that we have seen so far and returned some very impressive numbers as far as accuracy goes.

Being so full-featured, this filter is much more "hands-on" than many other modern filters we see. To get the most out of it, it requires getting to know its features and settings quite well. This we determined to do early on and as a result managed to obtain an accuracy rating of nearly 95%.

It is not an "instant" solution and it will require regular tweaking to get the best out of it, but it has all that a dedicated spam fighter could wish for - and then some...

Installation

Happily, nothing to report here. Installation went without a hitch and was uneventful.

Interface

Spam Sleuth's interface is to the point, not flashy, but functional. Operating as it does as a proxy type filter, it mostly does its work in the background. Because of this, most interaction with the program is achieved through the main screen and the settings dialog.

Features and Operation

Spam Sleuth can be set to work in one of two modes of operation.
In polling mode, it will periodically connect to your mail servers, filter the messages and delete any that are deemed to be spam (copies of these messages are kept by the program should you need to "rescue" them later). This leaves your mail server with only good messages which can be downloaded by your regular e-mail client.
In Pop3 Proxy Mode, Spam Sleuth downloads all messages from your mail servers and performs the filtering. Your regular e-mail client then connects to - and retrieves the messages from - a special mail server that Spam Sleuth sets up on your local machine. This mode of operation requires that your mail server setting in your e-mail client is changed from your regular e-mail server to "localhost" or 127.0.0.1, which is a special address that resolves to your own machine. Don't worry if this doesn't make sense as the configuration wizard will make the settings for you.

In essence, Spam Sleuth works on a points system. During message scanning, points are added or subtracted from the score as each filter is applied to the message. If, after all filtering has been done, the "score" is above a certain (user configurable) threshold, then the message is deemed as spam. This system makes it more complicated than simply marking a message as spam as soon as one of the indicators has been met, but it does make the filter a little more "tolerant" should a legitimate sender accidentally fall foul of one or two of the filter's rules.

While we are on the subject of this scoring method, there is one feature found in Spam Sleuth that we have always said would be a good idea: it can be set up so that below a certain points threshold, the message will be accepted as a good message. After a certain threshold the message is simply deleted. Between these two points, it can be set to send out a challenge to the sender of the message.
This seems a very good implementation of the challenge/Response system as it only sends out challenges to messages that are "borderline" thereby not flooding the internet with unnecessary challenges, but still allowing you the assurance that legitimate senders have a way to ensure their message gets through to you. Unfortunately, this challenge/response system requires that the sender visits a web site belonging to the manufactures of the filter, but in testing the system it was extremely simple to do and we were pleased to find that the web site was not (currently) being used as a marketing vehicle.

There are so many features in Spam Sleuth that it would take more space than we have here to fully outline them. We will content ourselves with a brief outline of the most important:

• Accounts - As far as we could tell, Spam Sleuth has the facility to filter as many e-mail accounts as you like. These are limited to Pop3 accounts, but as virtually all mail accounts are Pop3 nowadays, we really don't see this as much of an issue.

• Spam Thresholds - As the message is awarded points as it travels through the filtering process, you can set the threshold at which the message becomes classed as spam.
  
  
• Anti-Virus - Unlike any filter we have tested before, Spam Sleuth actually keeps an updated database of virus definitions and tests messages for viruses. We wouldn't suggest using this as a replacement for a regular anti-virus on your system - particularly as we found a few virus bearing messages that got through the filter - but it is a nice touch nonetheless. If a virus is found in a message, the message can be either automatically deleted or assigned points to ensure that it is removed unread from the server.
  
  
• Friends, Enemies and Mailing Lists - Spam Sleuth can maintain a list of your friends and Mailing Lists (which it can import from many e-mail programs or even a text file) who never will have to undergo the filtering process. Obviously, enemies messages are always rejected. A * wildcard can be used to ensure that all senders at a specific domain will be counted.
  
  
• Good Words and Bad Words - In these sections, words are added to the lists and assigned a points value. Bad words will add to the spam score, while good ones will subtract. There are no wildcard features in these lists - which is a little limiting, but the "power filter" section explained later makes up for this if you are willing to invest the time needed.
  
  
• Profanity - The profanity section is a nice touch if you are worried about creating filters that contain objectionable language. This section works just like the bad words section outlined earlier except that the list is never displayed. Words/phrases can be added to this section and this section can be checked for the existence of a word/phrase, but the word/phrase is never actually displayed.
  
  
• Attachments - points can be added to the score according to which type of attachments appear and specified attachments can automatically be removed.
  
  
• Dictionary - Spammers often place fake words at the end of the messages subject and the message body in the hope of throwing off spam filters. Spam Sleuth will compare these sections of the message for the existence of "non words" and award points accordingly. You can add your own list of words to be considered legitimate.
  
  
• Subject - This filter checks the message subject for obvious spam characteristics such as excessive spaces, the word: "ADV:", empty subject etc... and will award points accordingly.
  
  
• HTML Volume - This filter analyses the message for the excessive use of HTML formatting such as reds, yellows and large fonts etc..., all of which are potential indicators of spam.
  
  
• Character Sets - points can be awarded for the existence of non-standard character sets and even for the existence of certain characters. You could - for instance - specify that if a message contains the character: "â" then add 50 points to the spam score.
  
  
• Blacklists - Spam Sleuth can be set to check internet net based black lists - or RBLs and add points to the score if they are found. A comprehensive choice of black lists is provided.
  
  
• HTML Removal - This section allows you to add points to the score if certain types of HTML are present in the message. Optionally, these types of HTML can be automatically removed from the message. Such types of HTML include: Script, Fake Links, External Images and Web Bugs (code embedded in the message to let the sender know that you have read the message).
  
  
• Valid Sender - This section check the validity of the sender of the message using some quite sophisticated methods ranging from simply checking whether the sender is also the reply address to checking the MX record for the address and seeing if a server exists there to receive a reply.
  A new addition we noticed on this screen that is not mentioned in the help file is the existence of SPF checks. SPF, which stands for Sender Policy Framework is the "buzz word" right now in the anti-spam world and is basically a way to check that the message actually came from the correct machine on the network from which it claims it originated. This system has not yet been widely accepted, but definitely shows promise.
  
  
• Power Filters - The power of this section lies in the ability to create your own filters. While you can simply add words here and assign points if they exist, the real power lies in the ability to use regular expressions.
  Regular expressions are an extremely powerful way to perform searches for the existence of certain characters. They can be quite a challenge to learn but can perform some quite spectacular things and are particularly useful in getting round spammer's "obfuscation" of their kill words.
  
  
• Bayesian Filter - There are many filters today that are based solely on Bayesian filtering. This is just another method in Spam Sleuth's formidable armoury. The filter does not come pre-trained so it will not work "out of the box" and the help files recommend that you wait until you have at least 100 good and 100 bad e-mails before you attempt to train the filter.
  We did get the feeling though, that it was just as well that there are other filtering methods available to Spam Sleuth as it did not appear to be a particularly efficient implementation of the method and a lot of the time simply served to negate the spam score achieved by the other filtering methods.
  We would hope that time and regular training should put this right though.
  It must be remembered that Spam Sleuth's Bayesian filter will not train itself, so you will need to regularly ensure that all mails are correctly marked as spam or not and perform the training. Another indication that this could not be considered a "hands-off" type of filter.
  
  
• URL Check - This filter sends any URLs found in the message to a central server. The server returns a number indicating how many times this URL has been seen lately as this can be an indication of spam. Obviously, newsletters and legitimate promotions will also return a high number so this particular filter is only useful in the context of all the other filtering methods in this program.
  
  
• Summary - Spam Sleuth can periodically send a summary of all e-mails processed, along with the actions taken and the reasons during a specified period.
  
  
• Turing - This facility can send a standard Turing Test requiring that the sender visit the Spam Sleuth web site and enter a number found on the web page for the message to be delivered to your inbox.
  As stated before, we particularly liked the way that you specify a points range in which a turing test is sent.
  When a turing test is passed, the message is allowed through to your inbox and, optionally, the user's address will be added to your friends list. The turing message sent is editable.
  
  
• E-mail Stamps - This curious facility will send a challenge to the sender of a message informing them that your attention to their message is worth some money. (You can set the amount - although only in dollars it seems). The recipient of the message can then go to PayPal and pay the money, after which the message will be allowed through.
  We would assume this to be of novelty value only.
  
  
• Bounce - This facility will send a fake undeliverable message to the sender of a message identified as spam. As usual, this is in the hope of getting them to remove your address from their database. As usual, we see this to be of little value as the addresses given in the headers of the e-mail message will invariably be forged.
  
  
• Relay - This feature will forward a message to a specified e-mail address if the message is found to be good or bad depending on your choices in this section. A little thought will show some useful applications for this, such as forwarding only messages that have passed the filtering to another address when you are away from your computer. Nice.
  
  
• Auto Responder - This feature will allow you to send an auto response to good messages (or messages that are within a certain points range) for times such as when you are away and wish to let people know that you will deal with their message upon your return.
  

As you can see, Spam Sleuth has an almost bewildering array of features. Most of these are quite innovative and useful, while some are "cute" at best.
Bringing all these features to bear on the your incoming messages can result in some quite impressive results as far as spam filtering, but this does require some considerable investment in learning all the features and keeping them at optimum efficiency.

Accuracy

As our test results show, Spam Sleuth - properly configured - is capable of returning some very impressive figures in terms of accuracy.

Conclusion

On the whole, we really liked Spam Sleuth. There are some great features and a lot for people to "get their teeth" into if they take the spam war seriously.

Given the large array of filters that an incoming message has to pass through, the actual filtering process can sometimes take quite a long time.

If you need a filter that you just install and forget about, then Spam Sleuth is probably not the best thing for you. It does require some "tinkering", but the rewards of such are potentially great.

During our test (quite a comprehensive one as we usually test with around a thousand messages and we tested here with over double that amount), we were not at all impressed with the Bayesian engine. It seemed to us to mostly just negate some of the positive effects of the other filters. An even more extended test may have improved this situation though.

All in all, a very good filter. The need for quite a bit of user interaction just stopped it getting our top marks.

Return to Review Index