Digiportal Software Inc.s ChoiceMail Enterprise 2.5 anti-spam software is one too many steps ahead of the effort to block junk e-mail using sender identity.However, most organizations will likely avoid ChoiceMail 2.5 because of the extensive configuration and intensive user training required to implement the tool effectively. In addition, problems in SMTP, the fundamental e-mail protocol, make it far too easy for spammers to circumvent the ChoiceMail spam blocker. Paradoxically, we believe DigiPortal is right to concentrate on developing effective tools to challenge e-mail by using identity, even though identity is the least reliable aspect of the current e-mail world. ChoiceMail 2.5 is loaded with well-thought-out tools to sort good e-mail from bad, and we could easily create policies that applied global acceptance rules for e-mail. We could also set up basic rules that always blocked e-mail from domains that are known bad senders while always allowing e-mail from customer domains. When authentication systems get up to speed, this kind of capability will be an asset to e-mail recipients. Now, however, global "accept" lists are a weakness because domain and sender information is so easily forged. Another potentially large problem we encountered during tests was social acceptance of challenge/response, especially for organizations that routinely send and receive mail from new sources. Unknown senders, such as new customers responding to a marketing campaign, get a challenge message unless special rules are crafted. Judging by the everchanging tricks and dodges spammers use to evade anti-spam tools, we think its only a matter of time before a keyword list is built that will evade ChoiceMail 2.5s challenge mechanism. Click here to read eWEEK Labs eValuation of six spam fighters. During tests, when unknown senders posted e-mail to our in-box, ChoiceMail generated and sent an e-mail message to them asking them to confirm they had sent us an e-mail. When a response was received, the original e-mail was placed in the in-box, and any further communication from the senders was automatically passed into the in-box. Although challenge/ response is a well-known method of handling other kinds of interactionsfor example, a knock on the door that elicits a "Whos there?" which is followed by "Its me, Cameron"this is new territory for e-mail. We think there is currently a high risk that the challenge/response test may create a barrier that a significant number of legitimate senders might not be motivated to overcome. Social problems aside, we think ChoiceMail 2.5 is a big step in the right direction for identity-based anti-spam systems. We hope future versions of the product handle some of the authentication without involving the people who are sending and receiving e-mail messages. For example, ChoiceMail integration with domain authentication tools, which are likely to appear during the coming year, will enable more hands-off authentication. We advise IT managers not to write off identity-based anti-spam tools. In the not-too-distant future, these products will likely be the best option for preventing spam from clogging in-boxes. Just not today. Senior Analyst Cameron Sturdevant can be reached at firstname.lastname@example.org. Check out eWEEK.coms Messaging & Collaboration Center at http://messaging.eweek.com for more on IM and other collaboration technologies.
ChoiceMail 2.5, which shipped last month priced at $350 per server with five user licenses, is one of the first enterprise challenge/response offerings eWEEK Labs has seen. In our tests, ChoiceMail 2.5 did a yeomans job of blocking junk e-mail from our in-boxes.