How to make a full-proof spam filter that will not block any of the legitimate email?
A team at the International Computer Science Institute in Berkeley, California, and the University of California, San Diego researched the ways that spam tricks existing filters and realized that spam sent by botnets is usually generated from a template that defines what the content of the email and the changes it goes through to fool filters.
According to NewScientist, they worked under the conviction that this template might be discovered by analyzing the multitude of emails sent by a bot.
So, they infected a machine, monitored the emails it sent out and took a thousand of them for analysis. Having done that, they reverse-engineered the template and used that knowledge to tweak the spam filters.
The result was a complete success: 100% of spam blocked and no false positives – even when tested against more than a million genuine messages.
The only problem (for now) is that this has to become an automated process. Large botnets send thousands of messages each minute, so every minute counts.