Mirapoint RazorGate returns spam to senders
MailHurdle technology rejects unwanted messages before they hit mail servers
After reviewing a half-dozen anti-spam products, I’m starting to take for granted that they’ll screen out about 95 percent of spam with few or no critical false positives. A number of vendors are now shifting their efforts from improving spam filtering to developing products capable of immediately rejecting unwanted e-mail messages before they’re filtered.
Case in point is Mirapoint: The company has incorporated a technology called MailHurdle into its line of RazorGate e-mail security appliances. MailHurdle is capable of stopping 60 percent or more of spam before it’s even delivered. This technology by itself will not necessarily produce better spam-filtering results, but it reduces the number of messages the filters have to handle, lightens the load of internal traffic on the network, and increases message-delivery speeds.
MailHurdle employs a variety of SMTP protocol-level techniques to verify both the recipient and sender of messages. To verify the recipient, the RazorGate uses a directory-based lookup of the recipient address and rejects messages not addressed to real users. This defends against spammers’ directory-harvest attacks as well as bulk e-mail sent to random lists of users.
To verify the sender, MailHurdle looks at the originating IP address and the From and To addresses in the message. If a particular recipient hasn’t previously received a message from the sender’s IP address, MailHurdle sends a temporary failure message back to the originating mail server using a standard SMTP failure code. If the originating mail server is a bulk e-mail system, it will generally not resend the message. Viruses using raw SMTP to send messages will also not retry.
If the message is legitimate, the originating mail server will quickly retry sending the message, at which point it’s allowed through the gateway. (According to Mirapoint, there’s one old version of GroupWise that may not properly retry unless it’s patched, but every other e-mail server the company has found supports this SMTP command.)
I witnessed the benefits of MailHurdle first-hand during my test of the RazorGate system at California Polytechnic State University, San Luis Obispo (aka Cal Poly). I opted to assess the RazorGate there rather than running my usual live test, because seeing the system statistics in a real-world, 10-month deployment would make up for the slight loss of control.
There are three versions of the RazorGate: the RazorGate 100, geared for small and midsize businesses; the 300, aimed at midsize to large organizations; and the high-end 450, targeted at the enterprise. (I reviewed the 450, formerly called the Mirapoint MD450, in 2003. The university deployed two RazorGate 450s in a clustered system last May. Since then, the system reduced the number of messages the filters had to handle from 400,000 or more per day to slightly more than 100,000 per day. The user-verification feature also reduced loads on the servers; by dropping e-mail addressed to nonexistent users, the queues of outgoing “user unknown” messages were eliminated.
Of the messages that did reach the filters, 97 percent of the spam was caught, and there were no critical false positives and 0.01 percent noncritical false positives.
Simple Yet Sophisticated
While at Cal Poly I participated in deploying a RazorGate 100, which the university will eventually use for a separate S/MIME e-mail system.