E-mail security company CipherTrust is boosting the anti-spam features of its gateway appliance with a software upgrade that includes four additional methods for users to detect unwanted messages.

Version 4.0 of Enterprise Spam Profiler (ESP), part of the company's IronMail appliance software, adds Bayesian filtering, URL filtering, content filtering and domain blacklisting to the product's arsenal of anti-spam techniques, says Paul Judge, CipherTrust's CTO. IronMail also offers companies virus protection, policy enforcement, message encryption and intrusion prevention.

ESP's Bayesian filter "learns" what a specific company defines as spam vs. legitimate e-mail by incorporating information from end-user quarantined mail, spam reports and spam traps, Judge says. URL filtering checks the URLs in an incoming e-mail against a blacklist of Web sites deemed invalid and flags messages accordingly. Automatic software downloads to customer sites update the URL blacklist in real time, Judge says. The new version also blacklists known spammers' domains and filters a message's content for clues of spam.

With the new anti-spam filters, ESP examines about 900 characteristics of each incoming e-mail to determine if the message is legitimate or spam, Judge says. Other ESP spam-fighting techniques include sender blacklists, reverse DNS lookup to verify that host's name matches its IP address, and heuristics that identify spam by looking for message characteristics such as excessive use of capital letters or multiple colors.

In addition to the new spam filters in ESP, CipherTrust has worked on perfecting the techniques its software uses so it can more effectively analyze whether a message is spam or not. "We're starting to reach the boundaries of possible detection techniques," Judge says. "Now the emphasis is switching from spam detection to the [quality] of information gleaned and training detection techniques." Version 4.0 is 98% effective in blocking spam, he adds, and the product's false-positive rate is less than 1%.

CipherTrust says that while spam blocking is a key feature of IronMail, the product's other features provides overall e-mail security for large corporations. The company, which competes with other e-mail security appliance makers including BorderWare and IronPort, launched five years ago with an e-mail message encryption and intrusion-detection product and expanded into virus and spam protection and content filtering two years ago.

"A year ago we saw everyone with a content-filtering product adding the anti-spam label to their box. Now you see everyone with an anti-spam product trying to scratch that word off and call [their product] e-mail security," Judge says.

Supplying more than just anti-spam services to corporations should help vendors distinguish their products from the flood of offerings now available to fight unwanted e-mail, according to a January report from The Radicati Group. "Even though the market today is shared by hundreds of companies, we believe that over the next four years the vast majority of these will disappear," principal analyst Sara Radicati and senior analyst Masha Khmartseva say in the report. "The ones that will survive are expected to transition from single-point solution providers to broader secure messaging solutions, with spam being a part of a complete secure messaging suite." CipherTrust's Judge says IronMail already focuses on complete e-mail security.