Rules Strategy Example

design.gif The following is an example to explain the idea of rules strategy. Say that you have created the five spam filter rules shown below in an effort to reduce the amount of spam processed by your SMTP server and sent to your users mail boxes:

1.    Delete any mail originating from the domain SPAM.COM.

2.    Delete any mail sent from SpamKing.

3.    Quarantine any mail being sent to SpamLover@company.com

4.    Delete any mail containing the phrase "Free Offer" in the subject line.

5.    Quarantine any mail containing the term "SeXXX" in the subject line.

Say further that you have analyzed your incoming messages and know that for every 10,000 messages processed by the SMTP server, 42 are sent by SpamKing, 150 originate from the SPAM.COM domain, 500 contain the phrase "Free Offer" in the subject line, 18 are sent to SpamLover@company.com, and 196 contain the term "SeXXX" in the subject line.

In this case, the optimal ordering of the rules appearing in the Current Rules list is the following:

1.    Free Offer (500 instances)

2.    SeXXX (196 instances)

3.    SPAM.COM (150 instances)

4.    SpamKing (42 instances)

5.    SpamLover@company.com (18 instances)

When ordered as above, 500 of every 10,000 incoming messages can be eliminated in the first round of evaluation because they match the "Free Offer" rule. If the order is reversed, then is the first rule. A "Free Offer" message arrives. The message is evaluated five times (1. check for SpamLover@company.com, 2. check for SpamKing, 3. check for Spam.com, 4. check for Sexxx, 5. check for Free Offer) before matching on Free Offer and getting rejected.

But because we know that "Free Offer" mail occurs at a relatively high frequency, placing it first on the list will trigger the largest number of matches with the least amount of searching.

See also:

Keyword Lists
Synonyms Example

Vendor Provided Rule File