“A Bayesian Approach to Filtering Junk E-Mail” appeared in the AAAI 1998 Workshop on Learning for Text Categorization (AAAI Technical Report WS-98-05) and was written by Mehran Sahami of Stanford University together with Susan Dumais, David Heckerman, and Eric Horvitz of Microsoft Research. It is one of the earliest and most influential demonstrations of machine learning applied to a security and abuse problem.
Rather than asking users to hand-write brittle rules to catch spam, the authors cast junk-email detection as a probabilistic text-classification problem and applied a naive Bayes classifier. The model learns, from labeled examples, how likely each word and feature is to appear in junk versus legitimate mail, and combines those probabilities to estimate whether a new message is spam. Importantly, the paper went beyond raw text, adding domain-specific features such as particular phrases and message properties, and it framed the task in a decision-theoretic way that accounts for the high cost of misclassifying a legitimate message as junk. The authors argued the resulting filters were accurate enough for real deployment.
This work helped establish the pattern that dominated spam filtering for years and that recurs throughout AI for cybersecurity: learn a statistical model of “normal” versus “malicious” from examples, and let it adapt as the adversary changes tactics. The naive Bayes spam filter became a textbook example of practical machine learning.
For a business reader, this paper marks an early proof that learning from data could outperform hand-crafted rules at a real-world defense task, a principle that now underlies modern systems for detecting fraud, malware, and intrusions.