Previously, we looked at the various ways in which spam has
changed over the last few years and also at the various costs associated with spam.
As spam becomes more prevalent–even malicious, it is ever more important for
enterprises to do all they can to prevent it reaching their users’ Inbox. Many
anti-spam solutions existsome commercial offerings, some open sourcenone of
these are invulnerable to spam. Many will expect to allow a small percentage to
slip through the net. You will probably find most companies using multiple
anti-spam measures, each helping to fend off spam in a different way, but
working together to provide a solid overall solution.
Lets look at two commercial products:
This is an
all-in-one device which is compatible with all mail server architectures as it
sits between the outside world and the mail server at the SMTP level (pretty
much like an SMTP proxy or mail gateway). Ease of use and simple installation
are its selling points; it claims to offer the following protection:
- Denial of service and
security protection - IP block list
- Rate control
- Virus check with archive decompression
- Barracuda virus check
- User-specified rules
- Spam fingerprint check
- Intention analysis
- Bayesian analysis
- Rule-based scoring
Costs are not too bada system for 300-1000 active users
sells for around £4000 ($6900), which includes three years of updates and a
three-year instant replacement warranty. I havent had a chance to use one of
these devices, but if Barracuda wants to donate one to me for review/testing, I
would be more than happy to write something up (subtle hint).
This is an application which can be run on Windows, Solaris
or Linux servers (very unusual for Symantec!). Like most anti-spam solutions,
this application uses filters as its main defence. What makes Brightmail interesting
is how it does this: Filters are created remotely by Symantec who collect spam
and generate updated filters based on the content of what has been captured. Every
5-10 minutes, these new updated filters are sent down to customers’ mail
gateways for immediate use. This is claimed to be 95% effective, but I havent
seen this in action, so would suggest it may be an optimistic figure. Heres
the sales blurb:
- 95%
spam-catching rate - 99.9999%
accuracy rate - Automatic
updates every 5-10 minutes - Combination
of 17 different technologies used (although what these are isnt
mentioned)
- Low
administration - Performance
and trend reporting
If anyones using this system I would be interested to hear
about the results.
There are, of course, many different products out there;
these are just two examples that pretty much describe most of the commercial
offerings. Underneath, all of these systems are using the same basic principles
of content matching, IP/DNS checks, Bayesian analysis, fingerprinting, and rule
based scoring. The combination of these different methods makes for a pretty
good overall defence; however, as you can see, that comes at a price. There are
many open source implementations which offer all of these features. Configuration
is obviously not as simpleyou cant just plug and play. However, for a smaller
business wanting to save money, or a large enterprise wanting to serve large
numbers of employees, these may be a viable option. Next week, Ill take a look
at these free solutions and how they can be used together to offer an
effective anti-spam policy.
