Trio Take Different Tacks in Fighting Spam - Page 3

Defending the Gateway

Enter commercial services such as Brightmail Inc.s Anti Spam. During a visit to the companys headquarters in San Francisco, we got to see firsthand how Brightmail processes information about e-mail that is collected from its Global 2000 customers.

As with services such as MAPS, Brightmail integrates with the mail gateway. In Brightmails case, a server and database sit at the customers site to process e-mail, which means that e-mail never leaves the premises. Mail is filtered according to specific rules that are provided on a daily (or more frequent) basis from Brightmail.

The Brightmail product also "seeds" fake e-mail addresses throughout the customer company. These fake accounts are designed to appear as real e-mail addresses to the outside world.

Suspect e-mail that is sent to Brightmail from customer sites is processed through a set of heuristic filters. These filters create rules that are reviewed by Brightmail staffers and then added to the rule database that is distributed to the customer sites. E-mail that cant be handled by the initial filters is forwarded to the staff in the Brightmail operations center for final disposition.

Anti Spam costs $10 to $15 per user per year, and the service will likely start to pay for itself in a matter of months by reducing the staff time spent manually handling spam.

The biggest drawback to using the Brightmail service is that the customer never owns any of the filtering rules. So if a customer decides to switch to another anti-spam provider or to bring the anti-spam process in-house, none of the experience gained by using Brightmail is carried over.

The Brightmail service is focused on large organizations. For small businesses or at the departmental level, a desktop product may be a viable option.

There are at least 20 to 30 decent desktop anti-spam tools on the market. However, most of these products lack central management policies and depend on the end user for fine-tuning. They are therefore unsuitable as a corporate anti-spam "standard." They do fit nicely in branch offices or in departments that are separated from central IT support.

We tested desktop product, Deersoft Inc.s SpamAssassin Pro, and were shocked at the drastic reduction in spam that made it to our Microsoft Corp. Outlook test system. The simple user interface made it easy for us to add and remove senders from a block list, and the product automatically integrated itself with Outlook so that we were up and running just minutes after installation.

SpamAssassin Pro, which uses the open-source SpamAssassin engine, processes mail header information along with text analysis to determine what is spam and what is legitimate—an increasingly difficult task that makes any of the tools reviewed here worth considering as part of an anti-spam arsenal.

Senior Analyst Cameron Sturdevant is at

Related stories:

  • How to Slam Spam
  • Anti-Spam Bills in the Works
  • Pre-Approval for Mass E-Mailers on Tap
  • Service, Tool Take Meat Out of Spam
  • Review: Mail-Filters.Com Can Ban Spam
  • New E-Mail Technologies Put Spam in the Cross Hairs