Security

Tech Tip: Evaluating Postini as an e-mail filtering service

Jonathan Yarden

Spam is like a rat: It's a nuisance and a threat. Not only has it infested inboxes around the world, but spam carries with it hostile viruses and worms that can shut down or severely cripple entire systems and networks. People are sick of receiving it, and they're tired of constantly worrying whether hackers will use spam to hack into their systems.

It's difficult to measure exactly how much e-mail is spam or how much spam carries a malicious element. Individual estimates about spam vary greatly: Some companies and people have no problems with spam at all, while others have serious trouble with it.

I flatly reject junk e-mailers' claims that spam doesn't cost money. Sifting through the junk in your inbox is a time-wasting process. As the saying goes, time is money—and so is a new system if that spam happens to be infected. But for an Internet service provider (ISP), spam not only costs time and money, but also bandwidth, and even customers.

After fighting a losing battle with spam, the ISP I work for decided it had had enough. As a last resort, we outsourced our virus- and spam-filtering service to Postini, a commercial e-mail filtering service.

In addition to blocking hostile viruses and worms that are often present in spam, Postini prevents our mail servers from being flooded, which improves their general operation. Before the switch to Postini, junk e-mail flooded our servers, simultaneously, from so many locations that it was like a denial of service attack at times.

After the switch, we noticed an immediate decrease in incoming bandwidth. It turned out that upwards of 70 percent of all our incoming e-mail was a combination of spam, worms, and viruses. With Postini in the picture, this junk no longer inundates our servers.

How Postini works

From a technical perspective, I don't know how Postini categorizes spam e-mail, but I suspect the process is similar to the open source Bayesian pattern-matching systems that have become quite popular. Postini collects e-mails, categorizes them, and holds them if they contain some of the more popular questionable topics or content; viruses and worms are also identified and held. Valid e-mails are then forwarded to a Postini administrator-specified SMTP server.

Postini can be configured with one or more administrator accounts that control the overall operation of Postini for the customer. Depending on how the administrator configures Postini, message centers, which are unique accounts that sit between the Internet and the user's inbox, can be either manually set up or automatically created when a specific user receives e-mail. When a new message center is created for a unique e-mail address, Postini sends a notification e-mail with a Web page location and login information to the e-mail address for which the message center was created.

Although Postini's automatic message center creation is considerably easier than manually adding thousands of users, dictionary attacks could still cause excessive message center creation if your SMTP server accepts e-mail for users that really don't exist. Postini's delivery mechanism behaves as an intelligent proxy server, so if an e-mail address doesn't exist on the real SMTP server, Postini tracks these attempts, which helps Postini identify and block dictionary attacks in real time. Postini's tracking can also block multiple bounced e-mail messages to the same domain, which are typically the result of mail forgeries.

Postini's default settings for spam e-mail are moderate, but administrators or users can easily adjust them. Users can choose their own filters, whitelists, and blacklists. Additionally, users who prefer their e-mail raw, rather than cooked, can disable all filtering. I was surprised that anyone would want to disable Postini's filtering, although I guess it's true that you can't please everyone.

Postini is a very user-friendly service. Postini holds quarantined e-mail for several days, so if you don't receive an expected e-mail, you can log into the Postini message center and forward the quarantined e-mail to your inbox.

Costs for Postini differ, so I won't discuss pricing—that's their job. However, I will say that for many ISPs, Postini can add much-needed virus- and worm-blocking features, in addition to stopping spam and the abuse of your e-mail servers. Also, depending on the type of Internet connection you have, the cost of Postini might be offset by what you save in otherwise wasted bandwidth due to worms, viruses, and spam e-mail.

Final thoughts

Deciding to use Postini was easy; educating the users about how to use the service and exploring all of the administrative options is more complex. But I'm impressed with the detail of Postini's e-mail reports, which will surely be of interest to anyone who wants to measure the service's success.

After the paperwork was signed, activating Postini's service involved changing domains' MX records to point to multiple Postini incoming servers and configuring Postini's service to forward mail to our real e-mail server. Although the ISP I work for signed up for a 30-day trial, by the second day, user feedback and the bandwidth savings made it clear that Postini was well worth the cost of the service.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

Editor's Picks

Free Newsletters, In your Inbox