Previously, we looked at the various ways in which spam has

changed over the last few years and also at the various costs associated with spam.

As spam becomes more prevalent–even malicious, it is ever more important for

enterprises to do all they can to prevent it reaching their users’ Inbox. Many

anti-spam solutions exist—some commercial offerings, some open source—none of

these are invulnerable to spam. Many will expect to allow a small percentage to

slip through the net. You will probably find most companies using multiple

anti-spam measures, each helping to fend off spam in a different way, but

working together to provide a solid overall solution.

Let’s look at two commercial products:

Spam Firewall

This is an

all-in-one device which is compatible with all mail server architectures as it

sits between the outside world and the mail server at the SMTP level (pretty

much like an SMTP proxy or mail gateway). Ease of use and simple installation

are its selling points; it claims to offer the following protection:

  • Denial of service and
    security protection
  • IP block list
  • Rate control
  • Virus check with archive decompression
  • Barracuda virus check
  • User-specified rules
  • Spam fingerprint check
  • Intention analysis
  • Bayesian analysis
  • Rule-based scoring

Costs are not too bad—a system for 300-1000 active users

sells for around £4000 ($6900), which includes three years of updates and a

three-year instant replacement warranty. I haven’t had a chance to use one of

these devices, but if Barracuda wants to donate one to me for review/testing, I

would be more than happy to write something up (subtle hint).

Brightmail AntiSpam

This is an application which can be run on Windows, Solaris

or Linux servers (very unusual for Symantec!). Like most anti-spam solutions,

this application uses filters as its main defence. What makes Brightmail interesting

is how it does this: Filters are created remotely by Symantec who collect spam

and generate updated filters based on the content of what has been captured. Every

5-10 minutes, these new updated filters are sent down to customers’ mail

gateways for immediate use. This is claimed to be 95% effective, but I haven’t

seen this in action, so would suggest it may be an optimistic figure. Here’s

the sales blurb: 

  • 95%
    spam-catching rate
  • 99.9999%
    accuracy rate
  • Automatic
    updates every 5-10 minutes
  • Combination

    of 17 different technologies used (although what these are isn’t


  • Low
  • Performance
    and trend reporting 

If anyone’s using this system I would be interested to hear
about the results. 

There are, of course, many different products out there;

these are just two examples that pretty much describe most of the commercial

offerings. Underneath, all of these systems are using the same basic principles

of content matching, IP/DNS checks, Bayesian analysis, fingerprinting, and rule

based scoring. The combination of these different methods makes for a pretty

good overall defence; however, as you can see, that comes at a price. There are

many open source implementations which offer all of these features. Configuration

is obviously not as simple—you can’t just plug and play. However, for a smaller

business wanting to save money, or a large enterprise wanting to serve large

numbers of employees, these may be a viable option. Next week, I’ll take a look

at these ‘free’ solutions and how they can be used together to offer an

effective anti-spam policy.