Friday, 24 April 2009

BoxSentry Ditches Challenge/Response; Fights False Positives

Update Apr 25 6.30am UTC: fix name of product (thanks, Meng)

Singapore-based BoxSentry has historically been known as a challenge/response spam filter vendor. Readers will probably be aware that I'm no fan of C/R.

As time goes by, BoxSentry has gradually de-emphasized C/R, but until recently it was still sending challenges for a small but significant proportion of the spam it received -- and hence was sending unsolicited "replies" to people who had never sent email to the BoxSentry user.

Manish GoelManish Goel, BoxSentry's CEO, confirmed to me that his company no longer uses C/R. That's great news for Internet users. Well done, Manish; I know that I and others have been thorns in your side for a while about this; I appreciate your good humour in our occasional, heated debates!


Manish also brought other news. While beefing up their technology base -- in part to compensate for the loss of the C/R layer -- the company has developed new techniques to better identify false positives.

BoxSentry has wrapped the new techniques in a product it's calling LogiQ. The idea is that it can run alongside a traditional spam filter and automatically retrieve any false positives it finds.

As an illustration, Manish offered a "typical" example: over the test period, a deployed spam filter from one of the well-known vendors delivered 11,500 legitimate messages, but LogicQ found an additional 680 false positives in the filter's quarantine. That's a roughly average false positive rate, in my experience. Not the exactly state-of-the-art, but pretty representative of deployed spam filters. It might equate to one false positive every week per user.

Manish says that 100% of the false positives identified with these new techniques really are false positives -- although they may not catch all of them.

A bold claim; I'm looking forward to digging into the details of the techniques under NDA...

2 comments:

Post a Comment