Open your eyes to anti-spam options
- By J.B. Miles
- Dec 08, 2005
Mirapoint Inc.'s RazorGate 300 is designed to sit at the network edge for vendor-independent spam filtering of mail before it ever gets to the e-mail server.
Symantec's 8200 anti-spam appliances can be coupled with the company's 8100 series of e-mail security devices for additional protection.
In a few years, unsolicited bulk e-mail has blossomed from a mere nuisance into an epidemic that threatens all enterprise messaging.
In 2002, spam was about 20 percent of all e-mail traffic, a rate that made it annoying but not yet worrisome. IT managers were too busy fighting network viruses, Trojan horses and worms to be concerned.
Since then, however, spam has increased exponentially. The Radicati Group, a research company in Palo Alto, Calif., predicts that by 2007, there will be 50 billion spam messages a day in the United States, costing enterprises almost $200 billion per year in lost productivity.
The Meta Group of Stamford, Conn., estimates that in 2005, between 60 and 70 percent of inbound e-mail has been spam. And it said that number will grow to at least 80 percent next year if left unchecked.
This deluge puts a burden on e-mail relays, Simple Mail Transfer Protocol gateways and internal mail servers and clogs inboxes.
Given the spate of legislation around spam, plus the reams of press coverage and a growing industry for e-mail security tools, you'd expect most agencies would be up to speed on this rising tide. Sadly, you'd be wrong.
A recent Government Accountability Office report, "Emerging Cybersecurity Issues Threaten Federal Information Systems," gave federal agencies no better than a C grade overall for handling cybersecurity threats. Specifically, nearly 80 percent of agencies failed to identify spam as a true security risk. Only slightly more than half were aware that spam consumes network bandwidth and storage capacity ? which is why anti-spam tools are as important as ever.Blended threats
Experts said that as anti-spam and antivirus solutions have proliferated, so have the skills of spammers and hackers. They've learned to combine several methods into a single attack, often called a blended threat.
Industry watchers agree that when facing blended threats, even a best-of-breed anti-spam solution might not be enough to protect an organization. Ideally, an anti-spam solution should be part of an integrated e-mail security program that offers comprehensive protection.
Whether integrators provide network security services to agency customers or defend their own internal networks, the best spam protection comes in one of two forms: server- or appliance-based.
Server-based anti-spam software is a common choice for enterprises with enough IT skill and manpower to install and manage the products. The software is often highly flexible and modular, with add-on products that can be installed and managed alongside e-mail and Internet SMTP servers.
Server software can be cost effective to procure, but potentially expensive to integrate, administer and keep up on an ongoing basis.
Anti-spam appliances are designed for organizations that don't want to install and maintain software but still want an onsite solution.
Many leading server-based programs eventually come out on appliances, because customers demand it. Appliances often feature a hardened, secure hardware and software combination (usually running some version of Linux) that is easier to install, test, configure and run than systems you build yourself.
Of course, a plug-and-play box limits the amount of customization that can be done, and updated hardware may have to be bought when the appliance reaches its performance limit.
"Server-based software offers a high degree of customizability," said Keith Crosley, director of marketing development for Proofpoint Inc., a developer of server-based and appliance-based e-mail security products.
Crosley said large enterprises with skilled IT personnel may prefer server-based anti-spam solutions over appliances, but a smaller IT department may be better off with appliances.
"They are easier to set up, use, maintain and administer than server software, and you automatically get firmware and software updates," he said.Anti-spam approaches
Regardless of how spam protection is deployed, investigate the methods vendors apply to the task. No single approach to dealing with spam is 100 percent effective. Therefore, a combination of techniques is best.
Content-analysis techniques are used to examine inbound e-mail. The idea is to uncover suspicious characteristics within the message that spammers try to hide. There are various types of content analysis, including:
Keyword analysis: Specific words and phrases within the text of an e-mail message are scrutinized.
Lexical analysis: The context of words and phrases are analyzed. Suspicious words or phrases are assigned "weights," depending on the context in which they're found.
Bayesian analysis: Knowledge of previous events is used as a predictive tool. A Bayesian filter examines e-mail known to be legitimate, in addition to known spam, and compares the content to develop a database of words may help identify future spam.
Heuristic analysis: A message's spamlike characteristics are scrutinized. Each characteristic gets a probability score. If a probability threshold is reached, the message is deemed to be spam.
Header analysis: Message headers are examined to determine the sender's validity.
URL analysis: Embedded links in e-mail messages are compared to a list of URL rules or known spam addresses.
Used alone, content analysis can generate many false positives, for instance, identify valid e-mails as spam. One way to guard against this is to place suspect messages in a quarantine area where IT staff or end users can inspect them without infecting the network.
In addition, look for anti-spam solutions that go beyond content analysis to include techniques such as blacklists and whitelists, which compare messages against lists of domain names or e-mail addresses either known as spam sources (blacklists) or legitimate (whitelists).
Other anti-spam techniques include sender authentication, challenge and response, and reverse Domain Name System lookups. All three methods attempt to ensure that a sender is legitimate.
Honey pots are decoy e-mail mailboxes that act as spam traps. And a growing number of anti-spam solutions can check outbound e-mail for compliance with federal e-mail regulations and internal policies.
Remember: No single technique, whether server-based or in an appliance, can eliminate spam. Look for a vendor with a good track record and an integrated product that draws on multiple techniques. Bottom line: Integrators and their agency customers can no longer be complacent about spam.J.B. Miles writes from Honomu, Hawaii. E-mail him at email@example.com.