As anyone with an e-mail inbox knows, the spam problem isn't going away. According to a major anti-spam vendor, spam has increased
from 8 percent of all e-mail traffic in 2001 to 50 percent in July 2003. Other estimates show that figure as high as 70 percent
of all traffic. Two classes of products can help slay spam in the enterprise environment: gateways and services. Both allow
you to block spam for all network users at a single, centrally managed point before it hits your mail server.
For this review, I looked at two services and three gateway products. Services filter spam before it arrives at your network,
reducing the volume of traffic on your Internet connection. Services also typically offer multiple datacenters for redundancy,
high volume, and fast response. Setup requires merely changing the MX (mail exchange) record for your domain. But a service
is not under a local administrator's control, so if the service goes down, mail may not get through.
Gateways are harder for spammers to circumvent by sending e-mail to the real mail server's IP address; they offer local control
of the anti-spam technology; and they allow mail to continue to arrive if the anti-spam gateway goes down. But a gateway gives
the local administrator yet another system to maintain, and the total traffic through your Internet connection remains the
same because spam isn't filtered until it reaches your network.
The five products I tested: Brightmail Anti-Spam Enterprise Edition Version 5.1, FrontBridge TrueProtect E-mail Security Suite,
Postini Perimeter Manager Enterprise Edition, Proofpoint Protection Server 1.2.1, and SpamAssassin 2.44, an open source spam
filter included with Red Hat Linux 9.
In contrast to the commercial products, SpamAssassin represents an older, first-generation anti-spam solution, and its age
showed in my tests. It filtered only 62 percent of spam, whereas the other products produced great results, blocking 90 percent
to 96 percent of all the spam they encountered with few, if any, legitimate messages blocked.
Differentiating between spam and legitimate messages can be difficult. Newsletters, press releases, and other marketing materials
from companies you have a relationship with can be very similar to spam in content. These all present challenges to the filters.
The e-mail I used for testing was real e-mail containing many messages that stressed the filters.
I looked at two categories of mail incorrectly identified as spam: false positives that were not critical, such as newsletters
and marketing information; and false positives that were critical, such as personal e-mail from colleagues. Each product was
tested with a different stream of mail, so the number of messages received varied, but all received enough messages to assess
their capabilities.
The critical issue is not that the filter may have misidentified a few e-mails, but how easily those messages can be found
and added to a whitelist so that future e-mails from the same source are not stopped. All the products except Brightmail and
SpamAssassin allow end-users to add senders to the domain whitelist themselves. Brightmail allows users to forward misidentified
e-mails to the administrator, who can choose to add the sender to the whitelist. SpamAssassin allows only the administrator
to add to the whitelist, with no direct access for users.
All the products allow the administrator to blacklist known spammers and choose among a variety of responses to messages identified
as spam -- adding an identifier to the subject line, adding a message header, deleting the message, or quarantining it. Delegation
of specific administrative functions is possible with all the products except SpamAssassin, although the granularity of delegation
varies among the four. Spam settings can be set by enterprise (multiple domains) or domain, and Postini also allows individual
groups or users within a domain to have different rules.
And all the products but SpamAssassin use dynamic updates to keep up with the evolving technologies spammers use to circumvent
less sophisticated filters. The default update cycle may be every few minutes or once per week, depending on the product.
Keeping the filters up to date requires a subscription or maintenance fee.
Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator
to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit
words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks.
In my testing, the performance of the newer products was more than acceptable in every case. Per-user, per-year pricing should
not be an obstacle, even for the most expensive product. Choosing the right product will depend on your network topology,
your philosophy regarding outsourcing, requirements for administrative control and reporting, traffic loads, and your operating
system and mail server platform.
Brightmail Anti-Spam Enterprise
This gateway product constantly interacts with Brightmail's datacenter to keep filtering rules current. The gateway polls
Brightmail's datacenter every few minutes and downloads new rule sets when they're available, in much the same way anti-virus
applications do.
Brightmail's software can be installed on Linux, Solaris, or Windows, and features an easy to use GUI installer on all three
platforms. I installed the gateway on a Windows 2000 server with Exchange Server 2000 and enabled Brightmail's Exchange spam
folder agent in less than 10 minutes. The software automatically contacted the Brightmail site and downloaded the latest set
of rules. No additional configuration or tuning was necessary. Brightmail caught the highest percentage of spam and had the
lowest false-positive rate of any of the products tested.
Brightmail is the only product that does not allow end-users to add senders to the whitelist. On the other hand, Brightmail
includes a spam folder agent for both Exchange and Lotus Domino -- all mail identified as spam can be sent to the end-user's
spam folder, and an Outlook agent allows users to forward e-mail to the administrator, indicating "spam" or "not spam" with
one click.
This makes scanning and recovery of false positives very simple and straightforward. Alternatively, mail identified as spam
can be tagged as such in the header or subject line, and spam can be sent to a central spam mailbox, saved to disk, delivered
normally, or simply deleted. You can configure different policies for different domains.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
