Why Great SPAM Filtering Makes Me Nervous

I’m just like you, SPAM emails drive me nuts.  That’s why email providers that have superior SPAM filters enjoy such a great competitive advantage today.  However, that great performing filter comes at a price.

Ask yourself, how does a SPAM filter distinguish between an offer for you to help someone cliam their family fortune from the Nigerian government and a note from grandma wishing you a happy birthday?  The answer is that is has to examine the content of the email and compare it to a vast database of content that has already been deemed to be SPAM.

The filter analyzes your email in numerous ways to determine if it is SPAM.  Just one example is that it counts the occurrence of each word and looks for high frequency words that indicate a pattern of SPAM.  Why is that scary?  Take a look at the analysis below and then the short hypothetical email that it was generated from and see what you think.  Could you glean most of the context from the analysis?

Analysis

Sender: AuntySmith@fakeomain.net

Recipient: JohnSmith@fakedomain.net

Word

Frequency

aunty 1
colonoscopy 1
fine 1
Hi 1
hope 1
I 1
it 1
Joe’s 1
John 1
just 1
know 1
let 1
love 1
make 1
Procedure 1
soon 1
to 3
Tulsa 1
uncle 1
Uncle’s 1
visit 1
wanted 1
went 1
you 1
you 1
Your 1

Now, no peaking…

||
||
||
\ /
||
||
||
\ /

Hypothetical Email

To: JohnSmith@fakedomain.net

From: AuntySmith@fakedomain.net

Subject: Your Uncle’s Procedure

Hi John!  I just wanted to let you know uncle Joe’s colonoscopy went fine.  Hope you make it to Tulsa soon to visit!

Love, Aunty

How much of this message could you infer from the analysis?  Did you think John, Aunty or Uncle Joe was the one that had the procedure done?

It’s amazing how much data can be figured out when you put human eyes on log data.  And this is just one of the more simple techniques applied to analyze email for SPAM.  If an email host was to suffer a breach of their analysis data along the lines of one of the recent credit card data breaches a lot of people would suffer a privacy invasion that no amount of identity protection or credit monitoring could make up for.

I’ll explore some things you can do to help protect your privacy in my next post.  For now though, be aware this potential problem exists and make sure you do your part to hold companies that provide SPAM filtering have security measures in place to protect data from breaches that could expose you to an invasion of privacy.

Question: Have you ever sent private information in an email that would be embarrassing if it went public?

Leave a Reply