Answer to Question 1
The most common basic content-filtering techniques are black lists and white lists. A black list spam filter looks for From addresses in incoming messages that are known to be spammers. The software can delete the message or put it into a separate mailbox for review. A black list spam filter can be implemented at the individual, organization, or ISP level. Several organizations, such as the Spam and Open Relay Blocking System, collect black lists and make them available to ISPs and company e-mail administrators. Other groups, such as the Spamhaus Project, track known spammers and publish lists of the mail servers they use. Some of these are free services; others charge a fee. The biggest drawback to the black list approach is that spammers frequently change their e-mail servers, which means that a black list must be continually updated to be effective. This updating requires that many organizations cooperate and communicate information about known spammers.
A white list spam filter examines From addresses and compares them to a list of known good sender addresses (for example, the addresses in an individuals address book). A white list filter is usually applied at the individual user level, although it is possible to do the filtering at the organization level if the e-mail administrator has access to all individuals address books (some companies mandate such access for security purposes). The main drawback to this approach is that it filters out any incoming messages sent by unknown parties, not just spam. Because the number of false positives (messages that are rejected but should not have been) can be very high for white list filters, the rejected e-mails are always placed into a review mailbox instead of being deleted.
Answer to Question 2
E-mail attachments can be or can contain viruses. Using virus protection software and dealing with e-mailed security threats is a cost that comes with e-mail use.
