PerfectMail has a number of advanced analysis features, including features in the Content Filters (Filters > Content) to identify obfuscated words and phrases in the subject and body of an e-mail.

Anti-Obfuscation

Anti-Obfuscation is a technique that identifies attempts to disguise words. For example:
Anti-Obfuscation maps \/ 1 @ g r @ to Viagra, ><@n@x to Xanax, etc. The word score is scaled to match the measure of obfuscation. This technique is very successful, but it can sometimes give erroneous results if the listed word is similar to other non-offensive words; so use this with care.

Suffix Matching

Suffix Matching is a technique that attempts to match a root word to variations of that word by suffix. For example, applying Suffix Matching to the word "run" will match variations "runs", "runned", "running", etc.

If the Suffix Matching option is applied to a phrase, then Suffix Matching will only apply to the last word in the phrase.

A Warning on Anti-Obfuscation

Understand the impact of Anti-Obfuscation and Suffix Matching when matching phrases in the content filters. These techniques try and match words and phrases by matching possible variations that may be used to try and avoid detection.

This may become a problem when you are trying catch a specific phrase. For example, if you try and match the word "C A S I N O" when looking for spam and have Anti-Obfuscation turned on it will also match "casino", which may result in inappropriate scoring. This may become more problematic when both Anti-Obfuscation and Suffix Matching are used.

Anti-Obfuscation and Suffix Matching are powerful tools that also require some consideration.

Updating the Content Filters

The fields for each word/phrase are in two groups for the Subject and other headers and the message body.

• Enable - Enable scoring for this word.
  
  
• Score - For each instance of this word score this amount.
  
  
• Rjct - If this word is found reject the message. (Score=99)
  
  
• Suf - Enable the Variable Suffix Engine. This engine matches against variations of word suffixes. For example, if you wanted to score the word jump the Variable Suffix engine would also catch: jumps, jumping, jumped, jumpy, jumper, etc.
  
  
• Obf - Enable the Anti-Obfuscation Engine for matching structural word variations. Spammers will attempt to change the structure of words so they are still readable by people, but difficult to recognize by machines. Depending on the amount of obfuscation found, the score of the found word will increase by the obfuscation factor. Our Anti-Obfuscation Engine is very good at catching and scoring for such attempts. However, this feature should be used with caution.