F5 Moves to Guard E-Mail Against Spam

F5 and Secure Computing are partnering to help enterprises better handle the rising tide of unwanted spam.

F5 Networks is marrying the scalability of its high-performance Big-IP traffic management appliance with the anti-spam protection of Secure Computings TrustedSource database to help enterprises better handle the rising tide of unwanted spam.

With spam growing exponentially, enterprises are finding that their anti-spam infrastructure cant scale to match it in a cost-effective manner. F5 Networks, of Seattle, and Secure Computing, of San Jose, Calif., on Nov. 20 launched a new module for F5s Big-IP appliance that can block more spam messages at the edge of the network, without having to add more anti-spam servers.

F5 Networks claims to be the first to implement a reputation-based network edge security offering. It accesses reputation data from Secure Computings TrustedSource multi-identity reputation engine to identify spam messages and then reject or quarantine them.

"For the customer, it yields a high-speed way of taking a first pass at filtering out unwanted SMTP connections," said Nathan Meyer, product manager at F5 Networks. "Were not looking at the content of the message, just who sent it, and were preparing a DNS [Domain Name System] query to Secure Computings Trusted-Source."

/zimages/4/28571.gifThe recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers. Click here to read more.

By some estimates, spam accounts for up to 75 percent of the 75 billion e-mails sent each day, and the amount of spam is doubling every six to nine months, some analyst reports suggest. In addition, spam has increased 10 to 20 percent in the fourth quarter thus far compared with the averages across the first three quarters of this year, according to Richi Jennings, an analyst at Ferris Research.


"In the last three years, weve gone from 4 million to 200 million attempted messages a month, and weve gone from 150 million to 200 million in just the last six months," said Franklin Warlick, Internet postmaster at Cox Communications, in Atlanta.

Warlick, a current Secure Computing customer whos familiar with the new F5 Networks module, estimated that it could double the capacity of the existing spam security gateway infrastructure at Cox.

"Youre pushing the hard work out to the [networks] edge, so every box past that doesnt have to look at [discarded spam traffic]. Whatever traffic it stops, thats traffic that doesnt get to more expensive internal hardware, whether its a firewall or Web proxy," Warlick said.

/zimages/4/28571.gifThe spammers strike back. Click here to read more.

TrustedSource analyzes global real-time data to filter messages based on reputations assigned for different identities, including IP address, domain name, URL and the message itself.

The new Big-IP Message Security Module is not intended to replace existing spam filters but, rather, reduce the number of additional gateways that enterprises have to add to keep pace with the increase in spam traffic.

In fact, it can improve the scalability of other types of spam filters that dig into the content of messages to determine their validity. It also can work in conjunction with Symantecs BrightMail, IronPort Systems Anti-Spam product or Microsofts own spam filter for Exchange, F5 Networks officials said.

"We can sit in front and reduce the load on [Microsofts Exchange] servers," said Phil De La Motte, business development manager at F5 Networks.

"Its acceleration for spam filters," said Eric Ogren, an analyst at The Enterprise Strategy Group. "As spam becomes commoditized, this is a way companies can grow their farm of filters in a cost-effective way and treat it not as a special device but as a security capability."

The new module is due from F5 Networks in January, and it will range from $5,000 for a 1,000-mailbox license up to $35,000 for a 100,000-mailbox license.

F5 Networks, bullish about the prospects of the new module, is already mulling enhancements to it. "If adoption takes off like we think, well add more security checks to the module to do things like send a message back to the mail server to see if it responds," De La Motte said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.