Software

Decision Support: Consider Postini for your e-mail filtering needs

Explains the reasoning behind a network administrators decision to use Postini as his network e-mail filtering software

Spam is like a rat: It's a nuisance and a threat. Not only has spam infested inboxes around the world, but it may also carry hostile viruses and worms that can shut down or severely cripple entire systems and networks. People are sick of receiving it, and they're tired of constantly worrying whether hackers will use spam to hack into their systems.

It's difficult to measure exactly how much e-mail is spam or how much spam carries a malicious element. Individual estimates about spam vary greatly: Some companies and people aren't very troubled by it, while others have serious problems with it.

I flatly reject junk e-mailers' claims that spam doesn't cost money. Sifting through the junk in your inbox is a time-wasting process. But for an ISP, spam costs not only time and money, but also bandwidth, and even customers.

After fighting a losing battle with spam, the ISP I work for decided it had had enough. As a last resort, we outsourced our virus- and spam-filtering service to Postini, a commercial e-mail filtering service.

In addition to blocking hostile viruses and worms that are often present in spam, Postini prevents our mail servers from being flooded, which improves their general operation. Before the switch to Postini, junk e-mail flooded our servers simultaneously from so many locations that, at times, it was like a denial of service attack.

After the switch, we noticed an immediate decrease in incoming bandwidth. It turned out that upwards of 70 percent of all our incoming e-mail was a combination of spam, worms, and viruses. With Postini in the picture, this junk no longer inundates our servers.

How Postini works
From a technical perspective, I don't know how Postini categorizes spam e-mail, but I suspect that the process is similar to the open source Bayesian pattern-matching systems that have become quite popular. Postini collects e-mails, categorizes them, and holds them if they contain some of the more popular questionable topics or content; it also identifies and holds viruses and worms. Valid e-mails are then forwarded to an administrator-specified SMTP server.

Postini can be configured with one or more administrator accounts that control the overall operation for the customer. Depending on how the administrator configures Postini, message centers, which are unique accounts that sit between the Internet and the user's inbox, can either be manually set up or automatically created when a specific user receives e-mail. When a new message center is created for a unique e-mail address, Postini sends a notification e-mail with a Web page location and login information to the e-mail address that the message center was created for.

Although Postini's automatic message center creation is considerably easier than manually adding thousands of users, dictionary attacks could still cause excessive message center creation if your SMTP server accepts e-mail for users that really don't exist. Postini's delivery mechanism behaves as an intelligent proxy server, so if an e-mail address doesn't exist on the real SMTP server, Postini tracks these attempts. This helps Postini identify and block dictionary attacks in real time. Postini's tracking can also block multiple bounced e-mail messages to the same domain, which are typically the result of mail forgeries.

Postini's default settings for spam e-mail are moderate, but administrators or users can easily adjust them. Users can choose their own filters, whitelists, and blacklists. Additionally, users who prefer their e-mail unfiltered can disable all filtering.

Postini is a user-friendly service. It holds quarantined e-mail for several days, so if you don't receive an expected e-mail, you can log into the Postini message center and forward the quarantined e-mail to your inbox.

Costs for Postini differ, so I won't discuss pricing. However, I will say that for many ISPs, Postini may be a viable solution for adding much-needed virus- and worm-blocking features, in addition to stopping spam and the abuse of e-mail servers. Also, depending on the type of Internet connection you have, the cost of Postini might be offset by what you save in bandwidth that would have been wasted due to worms, viruses, and spam.

Final thoughts
Deciding to use Postini was easy. Exploring all of the administrative options and educating the users about how to use the service is more complex. But I'm impressed with the detail of Postini's e-mail reports, which will surely be of interest to anyone who wants to measure the service's success.

After the paperwork was signed, activating Postini's service involved changing domains' MX records to point to multiple Postini incoming servers and configuring Postini's service to forward mail to our real e-mail server. Although the ISP I work for signed up for a 30-day trial, by the second day, user feedback and the bandwidth savings made it clear that Postini was well worth the cost of the service.


0 comments

Editor's Picks