The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at

How Does a Spamfilter Work?


Indiscriminately-sent unsolicited bulk messages or, to put more simply, ‘spam’, estimated to account for over 80% of all e-mail traffic. Fortunately, these messages usually have identifying characteristics that an anti spam filter can use to block or divert them to a junk mail folder.


There are different kinds of filters that can be used to spot the various tell-tale signs of e-mail spam, including:


  • User-defined filters – these are included in most e-mail services and work by forwarding e-mail to different mailboxes depending on headers or contents. You may already use them to organise your inbox, with rules set to forward messages from certain friends to certain sub-folders. In the same way, e-mails can be identified as junk and filtered if the origin or content is suspicious. For these rules to work, the filter needs to build a database of the common characteristics of spam e-mail by prompting you to decide whether e-mail from certain sources or with particular content is unsolicited. A relatively small number of user-defined rules can significantly eliminate a large number of spam emails.


  • Header filters are more refined - they assess e-mail headers for the information held in addition to the recipient, sender and subject fields displayed by mail browsers. Header filters scrutinise the information trail left by the servers that were used in delivering your email, also known as the relay chain. As spammers don’t want to be traced they put false information in the relay chain to prevent people from replying to the email and trace their location. Header filters are used in spam filtration to detect forged headers which are a sure sign that the email is spam.


  • Language filters simply filter out any email that is not in the language of the recipient. They are of limited use unless your language is English, due the widespread use of English online.



In recent years, sophisticated content filters have further improved the effectiveness of spam filtration using the following methods:


  • Bayesian Analysis

A Bayesian or rule-based filter assesses the entire context of an e-mail, looking for words or phrases that could indicate spam. The rules they use apply mathematical formulae to analyse the content of a message and compare the content to records of the user’s legitimate e-mails and spam. Bayesian filters learn to differentiate between valid messages and spam over time and, after a period of training, they significantly improve their accuracy.


  • Collaborative Filtration

Collaborative spam filters use feedback and the collective memory of a group of users to build a database that can be used to identify spam. Every time new spam e-mail is received, and a user identifies it – either by locally generated blacklists or human inspection – its characteristics are recorded centrally. Any subsequent user who receives a suspect e-mail can then query the shared database to determine whether the message is already tagged as spam.



The BullGuard Anti Spam Filter uses a combination of these filtration techniques to analyse every e-mail you receive to determine whether it is genuine, spam or a phishing attempt. BullGuard Spamfilter builds its efficiency not only by your training, but also collaboratively through spam reports sent to the BullGuard server by all BullGuard Spamfilter users. When multiple users mark the same message as spam, the email address is entered in the spam addresses database – therefore every time you use BullGuard Spamfilter, you are helping make it more efficient at catching spam. Please note that you will be prompted and asked for consent before a spam log is sent to BullGuard.

Was this article helpful?