Knowledgebase: Features
|
Can PerfectMail see through obfuscated text?
Posted by David Rutherford on 12 August 2013 01:25 PM
|
|
|
Spammers try to hide the text they send through obfuscation, mangling, etc. Can PerfectMail see through this? PerfectMail has a number of advanced analysis features, including features in the Content Filters (Filters > Content) to identify obfuscated words and phrases in the subject and body of an e-mail. Anti-Obfuscation and Suffix Matching are powerful tools that can see through certain types of obfuscation, but they can also result in false positives if the phrases used in content filter are not given some consideration. Anti-Obfuscation Anti-Obfuscation is a technique that identifies attempts to disguise words. For example, Anti-Obfuscation maps "\/ 1 @ g r @" to "Viagra", "><@n@x"> to "Xanax", etc. The word score is scaled to match the measure of obfuscation. This technique is very successful. (However, in some instances this technique can give erroneous results if the listed word is similar to other non-offensive words; so use this with care.) Suffix Matching Suffix Matching is a technique that attempts to match a "root word" to variations of that word "by suffix". For example, applying Suffix Matching to the word "run" will match variations "runs", "runned", "running", etc. If the Suffix Matching option is applied to a "phrase", then Suffix Matching will only apply to the last word in the phrase. A Warning on Anti-Obfuscation Understand the impact of Anti-Obfuscation and Suffix Matching when matching phrases in the content filters. These techniques try and match words and phrases by matching "possible variations" that may be used to try and avoid detection. This may become a problem when you are trying catch a "specific phrase". For example, if you try and match the word "C A S I N O" when looking for spam and have Anti-Obfuscation turned on it will also match "casino", which may result in inappropriate scoring. This may become more problematic when both Anti-Obfuscation and Suffix Matching are used. Keywords: antispam, content, obfuscation, mangling, suffix, matching | |
 (0 vote(s)) This article was helpful This article was not helpful |
|
Comments (0)