How to: Fighting spam

The idea of saving millions of dollars annually would be a hit with any company. Combine it with increased end-user productivity and reduced network administrator headaches and you've got a home run. That's been Jason Sosinski's experience with MXtreme, a spam-fighting appliance from Borderware that his company installed last year.

The idea of saving millions of dollars annually would be a hit with any company. Combine it with increased end-user productivity and reduced network administrator headaches and you've got a home run. That's been Jason Sosinski's experience with MXtreme, a spam-fighting appliance from Borderware that his company installed last year.

Sosinski, IS security administrator at ARS Service Express, estimates that the heating and cooling services company is saving roughly $2 million per year with MXtreme.


How to: Spammers stay one step ahead


"Users were spending more time identifying spam on their own than doing actual work" before MXtreme was installed, Sosinski says. Now, of the approximately 11,000 e-mails the Memphis, Tenn., company's 2,500 employees receive each day, roughly 50 are spam. "That's a number I can live with," he says.

Most companies have experienced the toll that unwanted e-mail takes on their employees' ability to do their jobs, their network and storage resources, and their network managers' patience. In a recent survey by The Radicati Group, 43% of companies said they didn't have a formal anti-spam policy in place. Those companies should invest immediately in spam protection, the research firm says, or suffer the consequences as the percentage of unwanted e-mail in corporate in-boxes - now totaling at least 50% of all e-mail - continues to rise.

The good news is the market is flooded with ways to reduce spam. From software that sits at the messaging server to gateway applications to dedicated appliances and outsourced services, vendors pop up almost daily, offering products dedicated to zapping spam. Companies that specialize in other areas, such as virus protection, content filtering and multifunction appliances also are entering the market, in an attempt to become one-stop providers of messaging security needs. While choice is good, the anti-spam market has become a dizzying array of products and technologies.

Checklist

For spam fighters
Look for anti-spam products that employ more than one type of filter — white or black lists, fingerprinting — to capture spam.

Decide how much control your company wants over

e-mail that’s been deemed spam, and whether end users or the network administrator should manage it.
Educate your end users to identify and report any spam that does get through, and alert them to e-mail fraud. One clue to detect spam is if the sender’s e-mail address differs from the company’s name in the message.
Limit Web surfing on company PCs; an easy way for spammers to find live e-mail addresses is by lifting them from sites where visitors have input their address.

Before attempting to sift through the various anti-spam approaches, companies should make a few key decisions to help guide their search. Are you comfortable outsourcing your spam headache to a service provider, which means letting your e-mail traffic flow through their data centers before hitting your corporate network? If you prefer an in-house solution, should it sit at your mail gateway to ward off spam before it enters your network, saving valuable resources, or at the mail server where it can perform additional tasks as well? Or does a dedicated appliance that can't be tampered with sound more secure? And what about offerings from established messaging security vendors?

While these approaches have their pros and cons, analysts agree they all beat doing nothing. Because most of these enterprise products employ more than one means of filtering spam - be it through heuristics, fingerprinting, black and white lists - the distinctions come down to where a company wants to install the product and what kind of administrative features it's looking for.

"In general, all of these approaches are effective," says Matt Cain, an analyst with Meta Group. "I don't think [there are] wide discrepancies in how much spam they filter, we find the major [differences] around now that they've caught the spam, what to do with it?"

Anti-spam services

The leaders in this market include PostiniFrontBridge and MessageLabs. Their services divert a company's incoming mail to their own data centers, where a number of techniques are employed to quarantine unwanted e-mail messages, and the remainder of the traffic is passed on to the customer. Anti-spam service vendors tune their filters to be sensitive to false positives because businesses are often more concerned about missing wanted communication than having a few extra spam messages in their users' in-boxes.

Anti-spam services can be the right answer for companies that want to dedicate minimal IT resources to handling spam. "We wanted to go with someone who was more of an expert in the area, rather than have that responsibility weigh on us internally," says Frank Gillman, director of technology with law firm Allen Matkins in Los Angeles. "Certain things should be outsourced."

Gillman chose FrontBridge.

Other advantages of anti-spam services include how quickly customers can get up and running - it usually takes less than a week, while installing and configuring software in house can take a couple of months, says Meta Group's Cain. Because there's sure to be a shakeout in the anti-spam market that will leave a few big companies standing, using a service for a year or two is a good way to avoid having to choose an anti-spam software vendor until clear winners emerge, Cain adds.

Responding to the security concerns that some companies have about letting their e-mail flow through a third party before it reaches the corporate network, Postini's Scott Petry, founder and vice president of products and engineering, says, "Incoming e-mail has already been out on the Internet. We offer a service that allows people to resolve their spam problems before it hits their network."

On the downside, anti-spam services can cost more in the long run than software or an appliance, because the services usually involve a monthly fee, not a one-time charge, says Masha Khmartseva, senior analyst with The Radicati Group. A typical FrontBridge customer spends between $1.50 and $3.50 per user, per month.

Gateway and server software

This is where the anti-spam market gets most crowded, with Brightmail being the dominant player and ActiveStateCloudmarkProofpointMailFrontier and others offering products as well. Anti-spam gateway software sits at a corporation's mail gateway to filter spam out of the incoming messages. These products generally give companies the most options for how they want to handle spam once it's caught, including quarantine areas managed by end users where spam messages are held. Many products also offer black and white lists, which dictate e-mail senders that should always be blocked and never be blocked, respectively.

Wyndham Hotels, of Irving, Texas, installed and ripped out anti-spam gateway software from an unnamed company before deciding to go with MailFrontier's software. "That gave us an opportunity to see what our needs were. We learned we needed a lot of end-user functionality," says Lyndon Brown, manager of network service and electronic messaging at Wyndham. Brown is responsible for supporting the company's 7,000 e-mail users. With MailFrontier's Antispam Gateway software, Wyndham's users receive a daily list of what messages were blocked as spam, although Brown says that as users grow more confident in the software they check the list less often.

Also on the market are anti-spam packages that integrate with a company's e-mail server, such as those from Block All Spam and SunBelt. A number of vendors don't specialize in spam protection but include it in their offerings - the advantage is tight integration with other messaging services, such as e-mail policy enforcement and virus protection.

Summit Electric Supply, which has about 550 employees, uses Clearswift's MailSweeper server software to filter e-mail for spam and any objectionable content that might violate corporate e-mail policy.

The Albuquerque, N.M., company traps about 2,500 spam messages per day using the server-based filter, says Kurt Williams, CIO of the industrial supply firm.

Using anti-spam software on a mail server also means companies can scan outgoing mail and incoming messages. Atlanta law firm Arnall Golden Gregory uses NetIQ's MailMarshal to monitor outgoing e-mail for possible sensitive messages related to medical issues and privacy, says network administrator Paul Grulke.

"We built a hit list of key words, such as 'chiropractor' and 'patient,'" Grulke says. Outbound mail with these keywords might be stopped, which helps the law firm comply with the federal law known as the Health Insurance Portability and Accountability Act.

Gateway appliances

J. SosinskiThese appliances from Borderware, Corvigo,  and others also sit at a company's gateway to detect incoming spam, but consist of a dedicated server and hardened operating system that vendors say offer heightened security. In general, these appliances offer the same amount of spam protection and administrative and end-user controls as anti-spam software. However, anti-spam appliances tend to be easier to set up because there's minimal configuring. They also might offer better performance because the operating system is tweaked for the task, Meta's Cain says.

Sendio

Borderware is taking a more-is-better approach to fighting spam. The anti-spam appliance vendor recently announced plans to integrate Brightmail's anti-virus gateway software with the next release of its MXtreme appliance, offering additional anti-spam filters and increasing its product's scalability. MXtreme can scan traffic only for companies with up to roughly 4,000 users.

Security-plus

With the anti-spam market booming, it's no surprise that vendors offering other types of e-mail products want to get in on the game. Security vendors including Network AssociatesSymantec and Trend Micro have introduced anti-spam products, both software- and hardware-based, and some multi-function devices that act as firewalls and anti-virus filters as well as offer spam protection.

Some analysts think multi-use products could quickly upstage stand-alone anti-spam software or appliances because IT departments often prefer having fewer products to install and maintain.

But others warn that it's too early in the development of anti-spam technology to trust this crucial task to a company that doesn't live, eat and breathe spam. While a number of big anti-virus companies offer anti-spam products too, "generally their spam-blocking stuff is still immature, compared with what else is on the market," Cain says.

"We expect in a year or two that will change . . . . For now I would say you need to go with a best-of-breed vendor," he adds.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10