Think of GBUdb as an enhancement to the SNF scanning engine.

GBUdb keeps track of where messages come from and whether those messages are spam or not. If they fail a SNF pattern rule then they are considered to be spam. If they do not fail a SNF pattern rule then they are not considered to be spam.

When a new message comes from a source that GBUdb knows about then it allows SNF work better and faster.

Reducing Leakage

If GBUdb knows that messages from a particular source are almost always spam then SNF will detect the message as spam even if there is no pattern rule yet. This helps reduce leakage.

That is -- new spam from old bots will generally get killed by GBUdb.

Reducing False Positives

On the other side of things, if an SNF pattern rule tags a message that comes from a trusted source then GBUdb will make sure that the message gets through. This reduces false positives.

GBUdb has Friends

One other thing that is important about GBUdb is that it doesn't work alone -- it has friends. All of the GBUdb systems on the 'net share what they know about message sources. This way when a spam bot starts to send messages to a new system that's never seen it before the other GBUdb systems can tell the new system that the message source (IP) is bad so it doesn't have to start learning that information all on its own.

Faster and More Efficient

In addition to reducing leakage and false positives, GBUdb also makes message scanning go faster and take fewer resources. If GBUdb knows that a message source is very, very bad then it will cause SNF to stop scanning the message as soon as it sees the IP address that sent it. This is the truncate feature. The result is that between 15% and 50% of messages going through the SNF scanner will be handled almost instantaneously - without bothering to look at most of the message.