Safelists and Puzzles
Exchange Edge Services also will include support for managing safelists based on IP address and presolved puzzle validitya technology known as Penny Black in the Microsoft research labsthat would require sending servers to solve complex computational puzzles for each e-mail they send out, with the idea that mass e-mailers would not have the computing power to solve the puzzles. Microsoft also will look to provide technology that detects spam based on e-mail traffic analysis, according to Kim Akers, senior director in Microsofts Exchange group, though Akers said how Exchange would support those technologies has yet to be determined. "These are technologies we have in development," Akers said. "Were taking the basic concept and figuring out how to implement them."Flowers said he blames flaws in the Internet, not in Exchange, for spam, but said he welcomes Microsofts latest efforts to curtail it. "We will evaluate the effectiveness of the new spam-fighting solution in conjunction with our evaluation of third-party products," Flowers said. "If it is an effective tool, it will make Exchange a very powerful e-mail package in comparison to many others on the market." For more collaboration coverage, check out Steve Gillmors Blogosphere. Flowers said he expects that third-party vendors still will have a role to play in blocking spam even if Microsofts current and future anti-spam initiatives are successful. "Something that is built into the Exchange system will most likely not be as flexible and updatable as a third-party solution," he said. "As spammers get more creative, we will have to see how well the built-in Exchange spam filtering keeps up." Other moves in the industry indicate that anti-virus and anti-spam technologies are coalescing around e-mail authentication at the gateway. Anti-virus software developer Symantec Inc.
acquired anti-spam developer Brightmail Inc. earlier this month. The companies had already had a close relationship.
And last week, e-mail server and security appliance developer Mirapoint Inc. added the MailHurdle spam blocker to its Full-Spectrum e-mail security technology. The spam blocker works at the SMTP layer to track activity thats unusual or noncompliant with established Internet rules. It alerts administrators or blocks SMTP connections when such activity is detected.
For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.
E-mail server developer Rockliffe Systems Inc. is planning support for SPF, Caller-ID for E-mail and DomainKeys in upcoming versions of its MailSite server and gateway products, due to be released this summer.
"E-mail authentication has the potential to mitigate spam, virus propagation and phishing," said Jeff Smith, CEO of e-mail security firm Tumbleweed Communications Corp., in Redwood City, Calif.
"E-mail authentication, including support for such standards as SPF, DomainKeys, and S-Mime, will become more pervasive as a defense against all e-mail threats to the network," he said.
Check out eWEEK.coms Messaging & Collaboration Center at http://messaging.eweek.com for more on IM and other collaboration technologies.
Chris Flowers, IT engineering manager at Graphic Packaging Corp., an Exchange 2003 customer in Marietta, Ga., said spam now accounts for one-half to two-thirds of the e-mail traffic his company receives.