E-mail security company CipherTrust is boosting the anti-spam features of its gateway appliance with a software upgrade that includes four additional methods for users to detect unwanted messages.

Version 4.0 of Enterprise Spam Profiler (ESP), part of the company's IronMail appliance software, adds Bayesian filtering, URL filtering, content filtering and domain blacklisting to the product's arsenal of anti-spam techniques, says Paul Judge, CipherTrust's CTO. IronMail also offers companies virus protection, policy enforcement, message encryption and intrusion prevention.

ESP's Bayesian filter "learns" what a specific company defines as spam vs. legitimate e-mail by incorporating information from end-user quarantined mail, spam reports and spam traps, Judge says. URL filtering checks the URLs in an incoming e-mail against a blacklist of Web sites deemed invalid and flags messages accordingly. Automatic software downloads to customer sites update the URL blacklist in real time, Judge says. The new version also blacklists known spammers' domains and filters a message's content for clues of spam.

With the new anti-spam filters, ESP examines about 900 characteristics of each incoming e-mail to determine if the message is legitimate or spam, Judge says. Other ESP spam-fighting techniques include sender blacklists, reverse DNS lookup to verify that host's name matches its IP address, and heuristics that identify spam by looking for message characteristics such as excessive use of capital letters or multiple colors.

In addition to the new spam filters in ESP, CipherTrust has worked on perfecting the techniques its software uses so it can more effectively analyze whether a message is spam or not. "We're starting to reach the boundaries of possible detection techniques," Judge says. "Now the emphasis is switching from spam detection to the [quality] of information gleaned and training detection techniques." Version 4.0 is 98% effective in blocking spam, he adds, and the product's false-positive rate is less than 1%.

CipherTrust says that while spam blocking is a key feature of IronMail, the product's other features provides overall e-mail security for large corporations. The company, which competes with other e-mail security appliance makers including BorderWare and IronPort, launched five years ago with an e-mail message encryption and intrusion-detection product and expanded into virus and spam protection and content filtering two years ago.