Question
The Zero-hour checks in GMS Anti-Spam are very effective at blocking junk email, I am interested to know how these work.
Answer
Zero-hour classification is unlike conventional Anti-Spam techniqes, because it does not work by examining the content of your message, or by looking for particular key words or combinations of words. Instead, a mathmatical calcuation is performed on the incoming message to create a unique signature, which is then sent to online servers which monitor the delivery of millions of email messages daily and contain signatures for upwards of 10 million known unique junk email messages at any one time.
A local cache of signatures is stored on the GMS server, to prevent continued requests to the online stores – these local caches should detect upwards of 70% of your junk email. Overall, you should expect to see 97% or higher being blocked.
Following classification of the message, it will have one of the following criteria applied:
0 – None
1 – Unknown
2 – Suspect
3 – Bulk
4 – Confirmed spam
Only messages classified as 4 will be blocked by the Zero-Hour classification, if you enable strict mode messages with a classification of 3 will be blocked.
The Zero-hour classification system is fully automated, and as such should have no admin overheads – should you choose to move messages to quarantine, you can use the Quarantine Report to mark messages as junk, or to report false positives.
See Also:
- What happens when I report a Zero-Hour false positive?
- What is a false positive
- What is the difference between the zero-hour AV and AS checks
- What is a false negative?
- What happens when I report a Zero-Hour false negative?
Keywords:zero-hour anti-spam commtouch zerohour classification