CipherTrust, Mirapoint, Symantec, and Tumbleweed appliances bring IP blocking, TCP/IP throttling, and other network-level
tricks to the battle against spam
Anti-spam filtering technologies have been perfected to the point where you can expect to see better than 95 percent accuracy,
with no more than a couple of false positives out of every 10,000 messages. Despite this amazing progress, enterprises are
still under attack. The grim truth is that filtering even 100 percent of incoming spam doesn't necessarily solve the spam
problem for large organizations.
The reason is that a high volume of spam, even when it's caught, can be extraordinarily expensive for larger organizations
that are finding that they need to add more mail servers, and more spam filters, to handle the load. Considering that spam
can amount to between 80 percent and 95 percent of all incoming e-mail, a large enterprise could substantially reduce the
number of mail servers and filters it manages and maintains if most of that spam would just go away.
Too much to ask? Each of the four vendors discussed here -- CipherTrust, Mirapoint, Symantec, and Tumbleweed Communications
-- use different approaches to rejecting spam before it enters the corporate network. Although the methods differ, each solution
is designed to complement a traditional anti-spam solution. All can dramatically ease the burden on your message filters and
mail servers, creating more processing headroom for legitimate messages and ultimately reducing the number of mail systems
you need to deploy and maintain.
Rather than filtering e-mail based on its content, these appliances use the sender's IP address, the recipient's address,
and other factors to identify messages at the TCP/IP or SMTP protocol level. They then block all traffic from the IP addresses
of known spammers, limit the number of connections or messages per minute from the IP address of a likely spammer, or allow
all messages from addresses with a clean reputation.
CipherTrust IronMail Connection Control uses a reputation database the company calls TrustedSource to rate IP addresses of
e-mail senders, for either sending no spam, sending lots of spam, or sending some spam, based on recent activity monitored
by CipherTrust's global network of spam collectors. Connection Control then either rejects connection attempts from known
spammers for a designated period or accepts their connections, allowing them to pass only a few messages an hour.
Mirapoint MailHurdle sends an SMTP retry message to the originating server, taking advantage of the fact that real e-mail
servers will readily resend but most spam engines aren't equipped to retry. The recipient address can also be verified to
ensure that the message was sent to a real user and not a random address. This retry and verification helps to stop directory
harvest attacks, which attempt to identify all the valid addresses in a domain to sell to other spammers. If a message is
addressed to invalid recipients, it is ignored; if it is addressed to both valid and invalid recipients, indicating that the
sender is fishing for valid addresses, the connection is throttled, and the IP is marked as a suspicious sender.
Symantec uses a technique similar to that of CipherTrust, relying on the Brightmail reputation service and then throttling
connections from IP addresses with bad reputations. The SMS (Symantec Mail Security) 8100 series allows known spammers only
a few simultaneous connections -- or only one connection at a time -- and accepts only a few messages or even just one per
hour, greatly restricting the ability of spammers to push their messages through the gateway.
Bottom Line: A standard component of all IronMail appliances, Connection Control uses a sender reputation database to identify spammer
IP addresses and then limits the bandwidth available to known spammers. Enforcement occurs at the IP layer, making it difficult
to bypass, but effectiveness depends on the accuracy and responsiveness of the reputation system.
Cost: RazorGate 100 appliance: three-year average for 500 users, $12.25 per user, per year, including anti-virus; RazorGate 450:
approximately $1 per user, per year, more due to higher initial hardware costs
Bottom Line: A component of Mirapoint RazorGate appliances, MailHurdle thwarts spambots by sending an SMTP retry message to the originating
server. Most spambots aren’t equipped to handle retries, and even if they incorporate support for it, increasing the retry
time can tie up their server resources, making it prohibitively expensive to bypass this technology.
Cost: $4,995 for SMS 8160 hardware plus yearly per-user software subscription for traffic-shaping technology, which can be licensed
for one, two, or three years
Bottom Line: The SMS 8160 uses the Brightmail sender reputation service to rate senders and throttles connections from the IP addresses
of known spammers so that only a few connections or messages are allowed. This is an efficient technique for stopping spammers
and allows legitimate messages from unknown or suspicious domains to pass through, albeit slowly.
Cost: MailGate Edge MG1300 (single) appliance: $5,000 for 500 users, $7,440 for 1,000 users, $10,000 for 2,500 users
Bottom Line: MailGate Edge uses the e-mail directory to verify that a message has been sent to a real user and employs reverse DNS lookup
to verify that the sender’s IP address matches the domain information contained in the message header. These techniques work
well to block directory harvest and DoS attacks but will be less effective at blocking run-of-the-mill spam.
» Database vendors add Google's MapReduce
Greenplum and Aster Data Systems will support Google's programming technique, developed for parallel processing of large data sets across commodity hardware
» Network management: Tips for managing costs
New technologies, changing requirements, and ongoing equipment maintenance and upgrades cost money, but there are ways to manage expenses
FIVE WAYS TO REDUCE IT COSTS IN 2009 The demands on IT have never been greater, particularly in light of lower revenue and uncertain demand for the goods and services. There are many ways that IT can help organizations adjust to this new economic environment. Learn about five key technology trends that can immediately impact your organization's bottom line, and how to build a strategy to implement these technologies within your current budget. Sponsored by: Riverbed
Enterprise Data Security Solutions Guide
Data security used to be about outside threats. These days the biggest challenge for data-driven organizations is the management of secure information from the inside out. Data is available on laptops, your network and even USB devices, but not always secure. Read this Solutions Guide to learn the best ways to keep it safe.
Sponsored by ISC2
iSCSI: The Rising Enterprise Star - The value proposition of iSCSI storage has always been its simplicity and low cost compared to Fibre Channel. No training...
Symantec Endpoint Protection White Paper - IT everywhere faces a threat landscape of attacks that exploit vulnerabilities in endpoint devices. Symantec Endpoint Protection...
Symantec Endpoint Protection White Paper - IT everywhere faces a threat landscape of attacks that exploit vulnerabilities in endpoint devices. Symantec Endpoint Protection...
What's the 411 on GOOG-411? Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...
Apple HTML source reveals 'iPhone Extreme' "This one's a stretch..." reports AppleInsider.
Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it.
Now, that sounds like the product Apple should have released first, rather ...
Open Sources Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
