Trio Take Different Tacks in Fighting Spam

 
 
By Cameron Sturdevant  |  Posted 2002-08-19
 
 
 

Trio Take Different Tacks in Fighting Spam


Separating the wheat from the chaff in e-mail is tricky enough on a manual basis. Automating the process is complex and often has mixed results, but three approaches (see chart) examined by eWeek Labs can significantly reduce the expense and frustration of dealing with junk e-mail.

All e-mail servers and clients allow for substantial rules-based filtering, but as the amount of spam increases and as spammers become more clever, IT managers should be looking at special-purpose tools that are generally better at not only catching spam but also letting legitimate e-mail through.

Two of the technologies we examined work at the ISP or corporate e-mail gateway level, filtering out and disposing of spam messages before they reach users desktops. The other works at the desktop level and helps users set their own filtering criteria.

All three of these techniques will help reduce spam, but they are up against some highly motivated "marketers" who are constantly crafting their e-mail messages to circumvent the sophisticated offerings we examined. IT managers should thus expect to spend several hours a day, over several weeks, fine-tuning any anti-spam tool they use. The payoff, however, could be a significant boost in productivity as end users can once again pay more attention to acting on e-mail, rather than deleting their way through a mountain of spam.

Many of the products that act at the e-mail gateway also work for mobile devices such as Research In Motion Ltd.s BlackBerry because the mail messages are routed through an SMTP server. Aside from dealing with the messages that come in this way, we have not seen any products that are focused exclusively on blocking spam from mobile devices.

Starting at the Top


Starting at the Top

There are several organizations that track spam sources and offer services that block known spamming sites. The MAPS (Mail Abuse Prevention System) and the Distributed Server Boycott List are just two among many such services.

eWeek Labs evaluated MAPS for this report, but all these services work at two levels. First, spammers are reported to the services by people who have received spam from an identifiable relaying mail server. MAPS—which, like most of these, is a nonprofit service—takes care to confirm that the server associated with the IP address is, indeed, supporting spam distribution. If so, the IP address is added to the MAPS database. Second, the MAPS service is integrated into subscribers e-mail gateways and does a lookup on the origin of each incoming mail message. The e-mail gateway processes mail that is not on the black hole list, and mail that is on the list is acted on by policies that are set up by each subscribers mail administrator.

We recommend that organizations using a service such as MAPS dump all suspect e-mail in a holding area that is reviewed frequently, especially during the first several weeks after implementing the service.

The priority of the mail reviewer should be to ensure that legitimate e-mail is not being accidentally shunted to the trash. It also helps to track the amount of junk mail that is being diverted from end users to determine if the service is saving the organization money. MAPS real-time black hole list service costs $1,500 per enabled IP address, which supports as many as 1,000 users.

When using a black hole list, some e-mail administrators may also choose to bounce blocked e-mail back to the sender. This, of course, sends a confirmation to spammers that they have a legitimate e-mail address, making it likely that the e-mail address will receive more junk mail, but it also has the benefit of letting legitimate senders know that their e-mail has been blocked.

We recommend that IT managers bounce blocked messages, particularly at organizations that depend on e-mail to take or confirm orders or that deal in sensitive business information, such as financial or insurance records. Any extra stress on the mail server will likely be offset by the peace of mind that comes from knowing that legitimate senders are being warned that their message didnt get through.

Probably the biggest disadvantage of the subscription services is that, for the most part, they rely on volunteers to submit information on spammers. Although the lists they maintain are often complete, the services are still responding to general spam instead of taking a tailored, proactive approach to blocking spam.

Defending the Gateway


Defending the Gateway

Enter commercial services such as Brightmail Inc.s Anti Spam. During a visit to the companys headquarters in San Francisco, we got to see firsthand how Brightmail processes information about e-mail that is collected from its Global 2000 customers.

As with services such as MAPS, Brightmail integrates with the mail gateway. In Brightmails case, a server and database sit at the customers site to process e-mail, which means that e-mail never leaves the premises. Mail is filtered according to specific rules that are provided on a daily (or more frequent) basis from Brightmail.

The Brightmail product also "seeds" fake e-mail addresses throughout the customer company. These fake accounts are designed to appear as real e-mail addresses to the outside world.

Suspect e-mail that is sent to Brightmail from customer sites is processed through a set of heuristic filters. These filters create rules that are reviewed by Brightmail staffers and then added to the rule database that is distributed to the customer sites. E-mail that cant be handled by the initial filters is forwarded to the staff in the Brightmail operations center for final disposition.

Anti Spam costs $10 to $15 per user per year, and the service will likely start to pay for itself in a matter of months by reducing the staff time spent manually handling spam.

The biggest drawback to using the Brightmail service is that the customer never owns any of the filtering rules. So if a customer decides to switch to another anti-spam provider or to bring the anti-spam process in-house, none of the experience gained by using Brightmail is carried over.

The Brightmail service is focused on large organizations. For small businesses or at the departmental level, a desktop product may be a viable option.

There are at least 20 to 30 decent desktop anti-spam tools on the market. However, most of these products lack central management policies and depend on the end user for fine-tuning. They are therefore unsuitable as a corporate anti-spam "standard." They do fit nicely in branch offices or in departments that are separated from central IT support.

We tested desktop product, Deersoft Inc.s SpamAssassin Pro, and were shocked at the drastic reduction in spam that made it to our Microsoft Corp. Outlook test system. The simple user interface made it easy for us to add and remove senders from a block list, and the product automatically integrated itself with Outlook so that we were up and running just minutes after installation.

SpamAssassin Pro, which uses the open-source SpamAssassin engine, processes mail header information along with text analysis to determine what is spam and what is legitimate—an increasingly difficult task that makes any of the tools reviewed here worth considering as part of an anti-spam arsenal.

Senior Analyst Cameron Sturdevant is at cameron_sturdevant@ziffdavis.com.

Related stories:

  • How to Slam Spam
  • Anti-Spam Bills in the Works
  • Pre-Approval for Mass E-Mailers on Tap
  • Service, Tool Take Meat Out of Spam
  • Review: Mail-Filters.Com Can Ban Spam
  • New E-Mail Technologies Put Spam in the Cross Hairs

  • Rocket Fuel