Antispam start-up studies receiver's reputation

Turning the idea of sender reputation on its head, a new e-mail security company called Abaca Technology is announcing a gateway product that determines an inbound e-mail message’s potential to be spam based on how much unwanted e-mail the receiver has gotten in the past.

Abaca’s Email Protection Gateway appliance, which is being launched at Interop New York this week, blocks spam from entering an organization by using the company’s ReceiverNet technology. This technology collects information about how much spam each receiver in an organization has been sent in the past, and uses that ratio of spam to legitimate mail to determine if a new message is wanted or not, says Bill Kasje, director of business development with Abaca.

The system collects information about all the e-mail received using the appliance, giving Abaca a large pool of receivers’ reputations to base its scoring on, Kasje says.

“It sounded intuitive, but too good to be true, so we were extremely hesitant,” says Jay Roberts, network engineer of Community Health Partnership, a nonprofit Medicare and Medicaid care-management company in Eau Claire, Wis., with about 400 users. The company had been using Fortinet’s Fortigate multi-threat appliance, which Roberts says couldn’t keep up with the amount of spam coming into the mail stream. Roberts found Abaca while researching antispam products, and began using its product in June.

At the healthcare company, Abaca’s product started out at about 88% effective in catching spam, and is now between 98% and 99% effective, he says, and is the only antispam product currently in use. Roberts says he knows of only a few false positives – or legitimate messages wrongly labeled as spam – that the appliance has produced so far.

The idea of determining spam based on the receiver’s reputation is a new take, because most antispam companies are focused on catching spam based on the sender’s reputation.

“If you look at what current technology does today, most of the solutions out there focus on the sender’s reputation or the content of the message, but spammers can set up botnets, change IP addresses to spoof others, and change the content to get around current technologies,” Abaca’s Kasje says. “One of the things we learned early on is users tend to get a fairly consistent amount of spam in their mailboxes. So you can develop a reputation for each receiver and use that reputation to calculate the odds of whether an incoming e-mail is spam or legitimate.”

For example, when an inbound e-mail addressed to five receivers in an organization arrives, if the majority of those receivers have poor reputations the appliance will score the message to likely be spam, Kasje says. This is the appliance’s first line of defense against spam, although it also applies other conditions, such as sender reputation and scanning for URLs that link to bogus Web sites, he says.

The product also includes a Web-based administration console and self-updates with the latest rules for determining spam, Kasje says.