Anti-Spam Vendors Defend SMTP Gateway

Vendors defend SMTP gateway, target dark traffic.

Spam accounted for more than 80 percent of business e-mails last year, and the arms race against it continues this year. Of particular interest to enterprises is the SMTP gateway, or edge protection, to stop not only spam but also spam precursors such as directory harvest attacks.

Microsoft Corp., of Redmond, Wash., earlier this month acquired e-mail security vendor Sybari Software Inc. with plans to add Sybaris anti-spam and anti-virus software to its server products, including Exchange.

/zimages/6/28571.gifClick here to read more about Microsofts acquisition of Sybari.

Microsoft officials gave few details on where Sybaris technology would fit in with Exchange. The vendor currently offers a virus-scanning API in Exchange 2003 Service Pack 1 for third-party anti-virus software vendors to plug into. Its likely that the Sybari technology will provide Exchange customers with another option.

Whether that technology will be extended to the SMTP gateway or the edge of a companys network remains to be seen. A company spokesperson said the Sybari technology will become part of a "multilayered solution" in current and future versions of Exchange. Microsoft plans to offer Exchange Edge Services, a series of technologies for blocking spam at e-mail gateways, as part of several upcoming releases of Exchange, starting with support for the Sender ID e-mail authentication framework in Exchange Service Pack 2, slated for release in the second half of this year.

Other Edge Services technologies in future versions of Exchange are expected to include IP safelist and presolved puzzle validity—a technology that will require sending servers to solve complex computational puzzles for each e-mail they send out—as well as spam detection based on e-mail traffic patterns. The Microsoft spokesperson said Microsoft was developing the Edge Services technology itself. Sybaris technology could be deployed at both the Exchange Server and SMTP gateway levels.

"The gateway remains open," said Tumbleweed Communications Corp. CEO Jeff Smith, after Microsoft announced the Sybari acquisition. "Tumbleweed has focused on gateway e-mail security for the past 10 years. It would appear there are future opportunities for collaboration with Microsoft for gateway e-mail security."

Tumbleweed, earlier this month, announced a new e-mail relay appliance, MailGate Edge, which blocks so-called dark traffic at the gateway before it reaches the server. Dark traffic is unwanted inbound SMTP traffic, including spam; spam precursors, such as directory harvest attacks; e-mail DoS (denial of service) attacks; malformed SMTP packets; and invalid recipient addresses, said Tumbleweed officials in Redwood City, Calif.

Company officials said this dark traffic accounts for 70 percent of all inbound SMTP traffic. Enterprises can clean up the rest with content-filtering software on the e-mail server.

Pete Chiccino, senior vice president and chief security officer at The Bancorp Inc., said MailGate Edge eliminates about 98 percent of spam that his company receives. "Before the MailGate, a lot of time and money was wasted weeding through junk and/or spam mail," said Chiccino in Wilmington, Del. "I cant put a dollar amount on it, but I can tell you it was high."

MailGate Edge blocks future spam messages as well by preventing directory harvest attacks that bombard e-mail servers with messages addressed to random user names in the hopes of finding legitimate e-mail addresses for a domain.

Postini Inc., which develops managed services for stopping spam at e-mail gateways, reported in its E-mail Security 2004 report that the average company got hit with about 150 directory harvest attacks per day last year, with each attack averaging 234 invalid address look-ups.

Scott Rose, senior systems engineer at Finisar Corp., in Sunnyvale, Calif., said directory harvest attacks accounted for 2.23 percent of e-mail traffic his company received in the past 30 days, though another 13.7 percent were invalid recipients. Finisar uses a three-tier defense against spam and viruses: Anti-virus software from McAfee Inc. blocks viruses on the Tumbleweed MailGate Anti-Spam Appliance, Trend Micro Inc.s ScanMail stops spam and viruses on back-end Exchange clusters and Symantec Corp. Anti-Virus Corporate Edition works on all desktops and servers.

"My back-end Trend Micro ScanMail does very little these days, but I still like the added protection," said Rose. "Nothing can ruin your day more than a virus breakout."

In addition, Finisar uses two Tumbleweed MailGate Edge appliances as e-mail relays.

"We used Cloudmark and other software-based blacklists, with so-so results," said Rose, who said the MailGate technology from Tumbleweed has reduced spam by "90 to 95 percent."

Rose said that beyond the initial cost of the appliances, all that spam defense comes fairly inexpensively. "There is very little day-to-day administration needed, and I have experienced 99.999 percent uptime," he said.

In related news last week, Sendmail Inc., based in Emeryville, Calif., announced Mailstream Content Manager 2.0, which can be deployed at the gateway in concert with the Sendmail mail transfer agent for e-mail security and compliance.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.