Symantecs New Tack to Fighting Spam

Symantec on Monday will introduce a layered approach to beating back the torrents of junk mail that flood corporate mail servers.

Symantec Corp. on Monday will unveil a new set of anti-spam capabilities that introduce a layered approach to beating back the torrents of junk mail that flood corporate mail servers.

The functionality, included in the companys AntiVirus for SMTP Gateways 3.1, is separated into three main categories: detection, false positive prevention and false positive management. Symantec officials acknowledge that the dream of catching every piece of spam without snaring any legitimate mail is just that, a dream.

"Its not going to happen," said Chris Miller, product manager at Symantec, based in Cupertino, Calif.

So Symantecs approach relies on multiple layers of detection and false positive to act as a kind of sieve. The first detection layer is a custom blacklist, which allows customers to filter e-mail addresses by the senders name, second-level domain or top-level domain.

Next is an option that allows for the creation of custom whitelists. This enables administrators to build a database of domains of organizations that they implicitly trust, such as partners and customers. Messages from addresses on the whitelist do not go through the heuristic scanning or blacklists.

This is followed by a set of real-time blacklists provided by third parties, each of which contains a massive database of IP addresses used by known spammers. Administrators can use as many lists as they choose, and can also create their own custom lists.

From there, Symantec employs an anti-spam heuristics engine that uses a neural network technology to flag messages once they reach a certain threshold of spam-like attributes. Individual administrators can adjust the sensitivity level of the engine at any point.

The final layer of defense is custom filtering, which allows customers to weed out messages with certain words or phrases in their subject lines. All of this effort is focused on stopping as much spam as possible before it reaches users inboxes.

But even the spam that does get through can be identified by adding some text—such as "spam" or "bulk"—to the beginning of the messages subject line.

AntiVirus for SMTP Gateways 3.1 will be available next week.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.