While the software giant's latest spam-filtering technology shows promise, it must become more nimble to remain a step ahead of spammers

Since last Monday's column about the spam filtering built into Outlook 2003, I've received email from readers questioning my numbers. So let me reiterate: Yes, Outlook really is keeping the vast majority of spam out of my inbox.

Over the past week, I've continued my (admittedly) unscientific testing. And during that week, Outlook successfully filtered 95 to 98 percent of the mail I received.

The worst Outlook did was the day I received a total of 361 messages. Of those, Outlook flagged 240 as spam. Of the 121 that made it through to my inbox, 18 were spam. Of the 240 that were dropped into the junk mail folder, I found no misfiles, nor have I heard from friends telling me I'm not responding to their email. So, of the 361 messages that Outlook processed that day, 18 (or about 5 percent) were processed incorrectly.

That's how I do the math.

Interestingly, most of those 18 messages contained no text in the body of the message -- just a subject line. So I guess Microsoft Outlook has trouble filtering spamless spam.

But filtering email is just one of the ways Microsoft's fighting spam. I recently spoke to Ryan Hamlin, Microsoft's supreme allied commander in the spam war, who said that war is being fought on five fronts. They are:

Each of these areas could probably support a whole column, but I want to focus on the technology, which affects users most immediately.

Microsoft has recruited a crew of MSN users who've agreed to participate in a project that's providing the raw material for Microsoft's filter development program. Some 250,000 MSN members regularly receive emails from MS, asking them whether a given email message recently delivered to their account was or was not spam.

After the MSN member makes the choice, the message is dumped into an adaptive learning system that continually asks the questions: What is it about this message that caused it to be labeled "spam"? And what is it about this message that caused it to be labeled "not spam"?

Those questions have so far been asked about millions of emails, and the answers have helped define some 100,000 variables that can be used to decide whether a given message is likely to be spam.

Hamlin gets a little quiet when asked exactly how this works. What he did say is this: when Outlook receives an incoming message, it is tested against these 100,000 criteria and given a score. If the score is too high, into the junk mail folder it goes. If you're really interested in how this process works, Microsoft has filed for or received some 40 patents in this area, Hamlin told me.

Even if I really understood how all this works, I wouldn't tell you -- for the same reason I won't share the few homeland security secrets I actually do know. I want the defence to keep working, and the bad guys don't deserve a break.

So as spammers figure out ways to get past the Microsoft filter (and I've already discovered one), Microsoft will use its ongoing message analysis to catch the leak in the filter mechanism and plug it.

For MSN users, this is an automatic process that occurs on the MSN mail servers. For Outlook and Exchange users, there are still some issues to be ironed out; because the filtering takes place at the client desktop, filter updates must be applied to every machine.

(As a technical aside, Outlook 2003 spam filtering requires Exchange cached mode to be turned on. This causes messages to be delivered to the client desktop for filtering rather than stored only on the server.)

Microsoft says it wants to update the client filter every 6 to 12 weeks. What doesn't exist -- well, it does, but it's never been used this way -- is a way to distribute these updates to users.

Many people are aware of Windows Update, which can be used to automate the process of updating Microsoft's operating system. There is also something called Office Update for updating the MS Office applications, though it is not automatic.

For something as important as spam-filter updates, Hamlin wants to offer automatic delivery and installation. This, however, would require changes to make Windows Update deliver Office updates, or to make Office Update automatic.

My hope is that this will be resolved before the current Outlook 2003 filter starts to show its age, which I'd guesstimate to be when its miss rate exceeds 6 to 8 percent. By the time misses reach 10 percent, people will have lost their faith in Outlook 2003 spam filtering. So I'm looking forward to the announcement -- sometime in the next few months -- describing how the automatic spam-filter updates will be delivered.

Talking to Hamlin and others involved in what I consider to be an exemplary anti-spam programme, I had to ask the question: why doesn't Microsoft put as much effort into antivirus technology, something that is actually dangerous as opposed to merely annoying?

I did not get an acceptable -- or, to be honest, any -- answer to this question. That's something that really resides at the Bill-and-Steve-and-the-boys level of Microsoft decision making.

My own best guess is that Bill Gates and Peter Norton are, in fact, the same person. I keep asking whether anyone has seen them together and no one ever seems to have. But that's just a guess on my part.

Seriously, if Microsoft had to do it all over again, perhaps they would have taken viruses head-on the way they are now battling spam. That, in retrospect, would probably have been best. But that's water under the bridge and at least I'm happy to see Microsoft isn't making the same mistake twice. It rarely does.

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.