Can that spam!

Make money fast! Great free pixxxx! Instant credit now!

How many times a day do messages like these appear in your inbox? Five? 10? 50? Multiply your answer by the number of users at your site, and it's easy to see how spammers can clog the arteries of a high-end e-mail system in an Internet minute.

Spam warriors have traditionally relied upon client-based e-mail filters, databases of known spammers and bogus return address fields (robert.currier@NOSPAM.duke.edu) to fight off the glut of unsolicited e-mail. These techniques all provide some measure of protection but are too cumbersome to maintain and easily thwarted by dedicated spammers.

We spent a week putting Berkeley Software Design, Inc.'s MailFilter 1.0 - the newest weapon in the war against spam - through its paces. For small to medium mail systems this unobtrusive network appliance has the potential to provide protection against unwanted e-mail. It's easy to install and configure and provides a high level of hands-free spam detection. But the product suffers from poor physical design and a lack of stability.

Tag, you're it

MailFilter 1.0 provides mail administrators with several methods of detecting and tagging spam. The simplest is a total site ban: all mail from spam.com is refused or subject-line tagged as spam. The other options are variants of this method and all rely on the operator building a table of known spam senders.

That's about all the control you have over the spam detection engine. MailFilter 1.0 is pretty much a "black box." BSDI provides no details about the detection algorithms. While BSDI understandably wants to keep its product a jump ahead of the spammers, paying thousands of dollars for a closed system makes us uncomfortable.

Updates to the filtering engine are available at a cost of $1,400 per year or $2,520 for two years through a subscription service that automatically delivers modifications. Operators have the choice of accepting the updates or putting them on hold for manual implementation. Updates from BSDI are merged with your existing tables, preserving your original data. A backup option is available in the event your settings are corrupted.

MailFilter sends reports to the administrator every 24 hours. The reports provide counts of total messages delivered to both internal and external sites, and tells you what percentage were spam, tagged, rewritten and rejected messages. Tagged messages have a header field added to them indicating the level of confidence (low, medium or high) that the message is spam. Rewritten messages have their subject line modified to include a special tag at the beginning of the line.

The reports provide useful information but would be greatly improved by the addition of charts. A Web-based reporting function would also be a nice feature.

Plug and play

While reporting needs improvement, installation is simple. We removed the unit from the packing materials, plugged it in to our network, performed some basic configuration via the serial port, and it was ready to go.

We tip our hat to BSDI's tech support staff. We had to call tech support to get past the initial setup menu because our review unit arrived without a license key. The support department was closed when we called but returned our call as soon as they opened. We wish more vendors were as responsive.

We were somewhat disappointed to find that the MailFilter wasn't shipped with a console cable or an Ethernet cable. While most administrators have these cables in-house, you can't manage the box without one, and it would be nice to have everything you need in the box.

The form factor could also stand a bit of work. The power switch is a large, semi-spherical button located on the right side of the front panel. It looks cool, but it doesn't work well there. We accidentally brushed the switch on several occasions and powered the box down. Until the unit was reset all incoming mail screeched to a halt. In the busy machine room environment where the MailFilter would likely be installed, this is a recipe for disaster. The power switch needs to be recessed and moved to the back.

While we were concerned about the accidental power outages, the tendency of the unit to lock up at random intervals bothered us a lot more. During the week we had the MailFilter, we experienced four unexplained system crashes. In three cases, the HyperText Transport Protocol Daemon (HTTPD) and Simple Mail Transfer Protocol processes appeared to die; the unit responded to pings and had an active console but wouldn't process mail or respond when we attempted to contact it using the Web console. The MailFilter died completely the fourth time.

In all cases, the MailFilter came back online after a power cycle. With no user-accessible log files, we were unable to trace events leading to the crashes. None of the other machines on the network segment we were using experienced any problems. We weren't able to correlate the crashes with heavy mail traffic or find any other explanation.

Web console

After you've entered the basic IP address, DNS and gateway pointer settings in to the MailFilter via the serial port, all further administration and configuration is done using a Web browser. You'll need to make sure your browser supports the Secure HTTP (HTTPS) protocol; newer versions of Netscape Navigator and Internet Explorer work fine.

The main administration screen gives you access to all of the controls you need to configure and operate the MailFilter. Administration, Status, Filter Updates and Mail Routing settings are all one click away. We were pleased with the simplicity of the Web console but annoyed by the fact that when clicked on, all links bring up another browser window. We found it cumbersome when performing several configuration changes to constantly open and close windows; frames might be a better choice.

Not ready for prime time

On the plus side, we found MailFilter version 1.0 easy to configure and operate. The spam-filtering engine seemed robust and did a good job of identifying and eliminating the spam we threw at it.

Unfortunately, despite those positive attributes, we can't give an unqualified thumbs-up to the current release. Stability was a problem, the form factor needs work and we would like to see more user-configurable filtering parameters. As much as we liked the concept, we recommend waiting for a revised version of the product.

RELATED LINKS

BSDI's Mail Filter page

Pricing: $2,395 (includes four months of filter updates).

Currier is the director of data communications at Duke University in Durham, N.C. He is the recipient of Network World's 1997 User Excellence Award and an Honorable Mention in the 1997 Excellence in Campus Networking competition sponsored by CAUSE, a users group for computer professionals in higher education. Currier can be reached at (919) 660-6995 or robert.currier@ duke.edu.

Currier is also a member of the Network World Test Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. Click above for more Test Alliance information, including what it takes to become a member.

How we did it:

We installed MailFilter 1.00 on our departmental network and configured it to be a proxy server for our e-mail. We used a Dell P2-266 with 64MB of memory running Red Hat Linux 5.0 as the mail host. The DNS MX record of the Linux box was modified to point to the MailFilter.

We sent the MailFilter a variety of e-mail over the course of a week, including legitimate mail with a variety of spam and spam-like messages.

We evaluated the ease of installation and operation as well as the stability, fault-tolerance, reporting capabilities and automatic filter updating features.