Enterprise Spam Filters
Scan your email servers to prevent spam
March 24, 2003
EDITOR'S NOTE: The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to http://www.winnetmag.com/buyersguide.
The volume of spam messages we receive seems to be growing, with no end in sight. And little wonder: The Wall Street Journal recently ran an article about a spammer who makes more than $200,000 a year by filling people's email Inboxes with junk. Microsoft receives approximately 200,000 spam messages per day.
Along with the explosive growth of spam has come a corresponding growth in the number of products and services that cut down the amount of spam entering users' mailboxes. An ongoing race exists between two clever and determined forces: spammers and antispam vendors.
The technology that vendors use to fight spam varies. Keyword scans look for terms, such as "free," "XXX," or "refinance," that are often used in spam messages. Some products scan only the message headers, whereas others include the message body and attachments. Contextual analyzers flag messages according to spam indicators such as the presence of many exclamation points or dollar signs in the subject line or a blank To line coupled with a Bcc field in the header. Other products reference blacklists of known spammers' IP addresses to determine whether an email message is from a known spammer or a known spammer's ISP. Collaborative filters add spam message signatures to the filter list so that all sites that use the list can block the same spam messages. Some spam preventive procedures attempt to identify spam messages by scanning the number of capital letters or punctuation marks in the header, the number of addresses the sender is delivering the message to, and the rate at which incoming messages from the same sender arrive at a given server. Some products let you configure specific scanner settings (e.g., the keyword list, contextual analyzers, IP address blacklist sources).
Most antispam products implement more than one of these filtering methods and let you choose to delete suspected spam before it reaches your Inbox (which risks deleting legitimate email messages erroneously identified as spam), quarantine suspicious messages, or tag suspicious messages so that a client-side rule can file the message accordingly. Be prepared to spend some time experimenting to find the right mix of settings and adjusting them over time as spammers change their methods of operation.
Antispam products offer a wide range of abilities and features but in general fall into five categories: Client-side filters, appliances, Exchange plugins, standalone SMTP proxies, and hosted services. Client-side filters install on the desktop; some client-side filters run as Exchange plugins, and others act as POP3 proxy servers.
This issue's Buyer's Guide highlights appliance- and server-based antispam products. Appliances are dedicated hardware devices that install at the network perimeter and scan incoming mail. Hardware solutions tend to be more expensive than software-only solutions but generally offer easier configuration and maintenance.
Exchange plugins provide the advantage of not requiring a separate server, but you need to carefully assess such products' stability and vendor support before making a commitment. Standalone SMTP proxies sit on the network perimeter and scan all your incoming mail, which is beneficial because you don't have to make any Exchange server changes; however, not all proxies correctly handle the full set of SMTP extensions that Exchange supports. Notably, most proxies don't support the STARTTLS or 8BITMIME protocols. Hosted services act as SMTP relays: You point your DNS MX records to the vendor's servers, which accept and filter mail for your domains and relay legitimate mail back to your servers.
About the Author
You May Also Like