Enterprise Spam Tools Featured at Demo

One of the major themes at this year's show was new tools to defeat spam

The more pervasive email is in business, the bigger a problem we have with spam How do we keep nasty stuff out of our users systems, while not bringing too much hassle into the workday routine?

To date, most anti-Spam solutions have operated on the desktop. PC Magazine recently ran an exhaustive round-up of desktop spam products. But at this years Demo, the focus was taking those products off the corporate desktop and onto a server, where they can be centrally managed and maintained.

In this story we look at two server-based solutions, and one that aims to build a registry of nasty spammers, to make it easier to identify, and block, the worst offenders.

When it comes to email, the problems of access and protection are similar to security.are the same. E-mail has been a great productivity tool, but with Spam comprising upwards of 75% of some users email it has become more of a productivity drain.

Everyone hates Spam – yet it has mushroomed into a huge problem. A wide-range of anti-spam tools have been delivered to the market, but most of them run on individual desktops, and need to be managed separately by users. However, two new server-based products aim to help protect the in-box centrally while still enabling productivity and freedom.

Mail Frontier: The new Anti-spam Gateway from MailFrontier uses the many of the same techniques that its popular Matador desktop product uses, including whitelists, blacklists and content filters. The software runs on its own dedicated Windows 2000, Solaris or Linux server and acts as an SMTP provy. It sits between the SMTP Gateway and an Exchange, Notes, Sendmail or other mail server.

A small client runs on each PC, and communicates with the central server. The user can enable his or her own set of white and black-listed domains – this lets one user receive email newsletters that another has targeted as Spam.

When a message has been identified by the server as Spam, it is removed from the users inbox and put into a special holding area. The server builds and updates what the company calls an "eProfile" – a customized set of rules that determine what each user receives and what gets blocked.

The company also hopes to reduce false-positives by sending a note to a user when certain questionable messages have been blocked. This lets users still receive messages that may seem to be Spam, like email newsletters.

Mail Frontiers Anti-Spam Gateway will cost between $5 and $15 per seat, per year. The Windows 2000 server is available now.

Cloudmark: The Cloudmark Authority anti-spam gateway works differently. Rather than rely on blacklists and whitelists, this server uses what they call a "message fingerprinting" technology to identify and block Spam. It uses a predictive Beyesian engine to determine whats good and whats not.

Cloudmark compares Spam to dna, and has built a product around identifying mutations spammers add to messages to keep them from being caught by more traditional Spam-catching products. Cloudmark Authority also incorporates intelligence from over 300,000 users of its SpamNet product, which they claim lets them do more precise filtering.

The server develops Spam confidence levels, and allows administrators to select actions based upon those levels. So a 90% likely Spam message could simply be deleted, while a 70% confidence level might result in a warning to the user about the message.

The server runs on either Linux or Windows, and talks to the Gateway Message Transfer Agent (MTA) directly. It can be loaded onto the MTA itself, and in that case exacts a 5-10% hit on performance. Unlike some other solutions, which can have hundreds or thousands of rules, Cloudmark claims that its solution generally compares each message to a small set of "genes" – typically around 150.

The product costs $10 per inbox per year, and is available now.

Registry of Spammers: IronPort already sells messaging gateway appliances that are installed all over the world. The company is using data collected by those appliances, along with others to determine on a real-time basis who is sending out large quantities of email. Their new SenderBase website gives details about the how much email has been sent by domain, along with IP addresses and other information associated with those domains.

The free web service offers amazing insight into the patterns of email. Yahoo is the top email domain, but mostly because of its HTML-based email. But the SenderBase service lets you identify other top domains – to determine which are spammers. With the detailed domain and IP address information provided, administrators can use that data to develop blacklists of the top spammers.

Existing IronPort customers running the C60 Messaging Gateway can take that information one step further, and easily block those IP addresses and domains directly. Whether youre a customer or not, the SenderBase website offers a fascinating glimpse into real-time email traffic patterns.