Review: McAfee SpamKiller

SpamKiller represents an unimpressive integration of the widely used SpamAssasin engine into a rudimentary anti-spam framework.

McAfee Security, a network associates inc. company, has taken the open-source SpamAssassin and integrated it into its SpamKiller Anti-Spam gateway appliance. (The company acquired the famed open-source product in May 2002.)

SpamAssassin has had a long run as an open- source product and is still freely available at As such, SpamAssassin is a favorite test tool for spammers: A spammer develops a mail campaign, runs it against SpamAssassin until it gets through and, voilà, spam is waiting in your in-box.

SpamKiller wasnt for WiscNet mainly because it requires that false positives be resurrected by an administrator. Company representatives said a forthcoming version of the product, due this quarter, will allow end users to resurrect filtered messages.

Probably the other biggest drawback to SpamKiller is that it is incapable of scanning HTML messages to determine if a message is spam. HTML is a favorite way for spammers to evade word- and character-scanning anti-spam devices such as SpamKiller.

Company representatives said SpamKiller in the future will allow for per-user policy creation but only for the forthcoming SpamKiller for Exchange (also due this quarter). eWEEK Labs thinks that an e-mail product that provides per-user policy only for the Microsoft mail platform is too limited for consideration in most enterprises. We hope McAfee moves aggressively to develop policies for a variety of mail systems, including IBMs Lotus Software divisions Lotus Domino.

With many of the other products we looked at, anti-spam updates were frequently released to match the changing patterns and methods of the spammers. SpamKiller, in contrast, relies on 650 rules that are updated only on a monthly or bimonthly basis.

SpamKiller also doesnt lend itself to tuning by e-mail administrators. In fact, we were advised during the eVal not to adjust the characteristics of the rules because of the likely adverse effect on the filtering ability of the product.

These restrictions would be less troubling to us if it were not for the fact that most of the other techniques used by SpamKiller—techniques developed by McAfee before the acquisition of SpamAssassin—are fairly notorious for providing false-positive results.

For example, as one of its five spam-testing components, SpamKiller integrates with third-party RBLs (Real-time Blackhole Lists), where suspected spammers are tagged by the Internet community at large. These lists are often managed by underfunded nonprofit organizations, and legitimate mailers sometimes linger on the RBLs.

Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@