Mike Jackson wrote: > > 2. Once the server has received the email, it then scans the email > > and compares it to a list of rules. Every time a rule is matched, > > the server adds points to the email. > > 3. When the server completes the scan of the email, it takes the > > total number of points assigned to that email and compares that > > point value with the maximum allowed points. If the point value is > > over the maximum the server marks the message as spam. > > I typically expand these points when I'm explaining it to my users. I > say something along the lines of... > > SA compares the message to characteristics of spam messages that other > people have seen. Each characteristic is a rule, and each rule has a > point value for how strong an indicator of spam it is. When a rule is > matched, its point value is added to the message's total. If the > final total is higher than a certain threshold, the message is > considered spam. > > You could also explain that there's some rules with negative point > values, and these represent characteristics that are more common of > legitimate messages, but that's an added detail that only muddies the > waters. > > And FWIW, I don't think it's a silly question at all. Some people > have the luxury of only filtering their own mail, and can be as > hard-line as they want. The rest of us have to work with laymen who > have no idea how email really works and are simply frustrated that > they receive junk.
Depending on the user, I usually try to simplify these explanations as much as possible. I find that going too much into detail on points and such tends to confuse and frustrate most people who really don't care how it works, they just don't want the spam. I would give a description something like this: The spam filter uses a set of rules to assign a score to each email. If the email scores over five points, it is considered to be spam and is sent to your junk mail folder. Putting an email into the public ham or spam folders allows the spam software to learn from those messages. It gradually learns which words and phrases are more likely to be seen in each type of message. It then uses this information to contribute to the scores of incoming messages. Learning a message as spam does not guarantee that a similar message will not come through again, but each time one is learned, the score for that type of message will tend to increase. Similarly, each time you learn a message as ham, the score for that type of message will tend to decrease. If there is a certain spam that is consistently getting past your filters, I would ask the user to forward it directly to you so that you can look at the message and determine why it is getting by. Maybe you should write a custom rule for it. -- Bowie
