Anti-Spam Tool Aces Tests
When the massachusetts department of education needed to learn how to manage its spam problem, it turned to Zix Corp.s Message Inspector 3.17. The DOE, which serves all the school districts within the commonwealth, saw a sharp increase in spam around April. The anti-spam product it had been using to combat spam did not inspect the message body and was letting a lot of unwanted (and often offensive) e-mail through, according to Dave Mitchell, senior network engineer at the department.
"In the second quarter of this year, we started seeing a huge amount of spam hit the department," said Mitchell, who heads a team of network administrators that is responsible for the day-to-day operations, configuration, trouble-shooting, network planning and infrastructure recommendations at the DOE.
"Its a mystery as to why, and some of it was particularly offensive. Our users were calling us daily, telling us that they were getting 10, 15, 20 messages a day either trying to sell them something or that were really offensive," he said.
The DOE LAN includes the main office in Malden, a satellite office in Boston connected to the main office by microwave, an office in the western Massachusetts town of Monson connected by frame relay, and a second office in Malden connected by T-1.
The network serves staff within the DOE, while each educational institution in the commonwealth is completely separate. "We dont dictate whatsoever to them how they run their networks," said Mitchell.
Mitchells group includes himself and two administrators. The department also has a separate desktop user support group of approximately six or seven people.
The DOE network includes 75 servers and 600 nodes. The servers, which reside in the main office in Malden, run applications including Microsoft Corp.s Exchange 5.5, Oracle Corp.s Oracle database, Web servers, file servers and e-mail. The 600 desktops are spread among the main office and the satellite offices.
On the desktop, the department uses a combination of Microsoft Windows 9x, Windows NT Workstation and Windows 2000 Professional. The desktops run Office 2000 or 97, and staffers use Outlook 97, 98 or 2000 as their e-mail client.
The departments spam problem increased about the time that the license for its anti-spam/file-filtering product was due to expire, so Mitchell and his team decided to look for something more robust.
So how do you come up with a short list when the product choices number in the hundreds? Mitchell and his team focused on conversations with others in the IT field and did some reading about various products. Through these efforts, they were able to make a preliminary cut by going with recognizable names.
"I determined pretty quickly that we wanted a product from a more well-known organization, so we wound up looking at three different products," said Mitchell. "We went back to [our vendor] because they had in beta form an enhanced product that would look into the body of a message, but it wasnt known when the product would be released. We also looked at products from Trend Micro [Inc.] and Elron [Software Inc.]."
The departments anti-spam evaluation began in early April, and its pickElrons Message Inspectorwas deployed in early June. (ZixCorp has since acquired the business and assets of Elron.)
In the end, it was Message Inspectors straightforward interface and flexibility that won over the DOE IT team, according to Mitchell.
"I just wasnt happy with the interface from Trend Micro, and the fact that a lot of stuff was proprietary and you couldnt get in to see the filters and easily adjust the filters," said Mitchell. The Elron product was very straightforward, and it allowed us the flexibility we needed to set up our own filters and make adjustments in certain of those filters."
Mitchell said he is running Message Inspector on a fairly beefy box (running Windows 2000) because he didnt want to create a bottleneck. "Now that users are used to certain speeds in terms of how fast the mail flows, I didnt want to slow that down," he said. "Message Inspector is running on a Dell [Inc.] 4600, which consists of two 3GHz processors, 4G of memory and tons of storage."
Mitchell said the department sees anywhere from 200,000 to 300,000 e-mail messages passing through the system every 10 to 14 days. He said a recent Message Inspector report showed that, for the 10 days prior to the reports release, Message Inspector stopped almost 48 percent of these messages.
Any false positives? "We call it collateral damagetheres just no way around it," said Mitchell. "There hasnt been a lot, though. Weve been able, over the course of time, to allow those kinds of e-mail through as an exception to the rule. Refinance, for example, is a pretty common spam word, but someone might be expecting something about an actual refinancing. We can tweak the application based upon the sender, and weve done that and then closed it immediately after the e-mail has been received."
Mitchell said that the DOE does not quarantine e-mail: "If it is blocked for any reason or is infected, it is deleted."
Message Inspector Version 4, which was released in July and supports Linux and Unix as well as Windows, has a published price of $7 per user based on quantity, according to ZixCorp officials.
In justifying the cost of the product to the DOE, Mitchell said productivity and liability were factors, as was spams impact on bandwidth within the DOE LAN.
His one gripe with Message Inspector, said Mitchell, is that it doesnt block embedded HTML code very well. "[A message] will look perfectly innocuous, but then all of a sudden a Web page will pop up," he said.
ZixCorp officials say Version 4.3 of Message Inspector, which is due next month, will include an HTML parser. The DOE is evaluating a Message Inspector update and plans to upgrade this fall.
End-user response to the deployment of the anti-spam application has been positive overall, Mitchell said.
"We got a number of thank-yous, and there were notations that the spam was reduced dramatically." ´
Executive Editor Debra Donston can be reached at firstname.lastname@example.org.