Proofpoint gets tougher against spam, viruses

E-mail security vendor Proofpoint is upgrading the core of its gateway software and appliance with additional spam and directory harvest-attack prevention, and is adding a module to help catch viruses during the first few hours of an outbreak.

With Proofpoint Protection Server 4.0 software and the Proofpoint Messaging Security Gateway 4.0 appliance, both slated for release this week, the company is responding to what it says is a significant increase in directory harvest attacks, says Andres Kohn, vice president of product management.

In these attacks, spammers flood a recipient’s mail server with messages addressed to made-up e-mail names, to which the mail server will respond saying the e-mail addresses are invalid. Whenever spammers don’t receive bounce-back messages, they know the addresses are valid, and they spam away.

Directory harvest attacks also cause spikes in mail flow that can tax mail servers, Kohn says. Version 4.0 helps prevent these attacks by blocking or throttling back messages coming from an IP address that has hit a preset threshold in the number of messages sent to invalid addresses. So if, for example, a sender attempts to send messages to 20 invalid addresses, Proofpoint will block any further attempts to send mail.

One analyst doesn’t necessarily agree that directory harvest attacks – or dictionary attacks – are on the rise, but concurs that they can cause headaches and enterprises should look to their anti-spam suppliers to help block them.

“There’s a lot of good that comes from having your anti-spam [product] detect dictionary attacks, which can fill up your mail server’s hard drive and crash your server,” says Daniel Golding, senior analyst at Burton Group.

Other enhancements in Version 4.0 include the ability to detect spam messages written in double-byte languages such as Japanese and Chinese. The new version also blocks e-mails with embedded URLs that are associated with phishing or spyware sites, Kohn says.

In this release, the company has enhanced outbound e-mail scanning features with a quick-inspection view that lets non-technical users quickly check if employees are violating corporate rules or government regulations regarding what can and cannot be e-mailed outside the company.

It also includes customizable smart identifiers that let users scan outbound mail for patterns characteristic of certain types of information, such as 16-digit credit card numbers, Kohn says. Companies can customize this feature to work with information types specific to their company, such as customer account numbers or billing codes, he says.

Proofpoint’s Zero-Hour Anti-Virus module, which was announced last fall and is also available this week, aims to protect organizations from malicious code during the crucial period after a virus has been released but before signatures are available, Kohn says.

The module filters incoming e-mail for clues of virus outbreaks, such as a spike of identical e-mails sent with attachments. Suspicious messages are quarantined at the organization’s gateway until anti-virus companies release signatures to identify and block them.

These types of zero-hour anti-virus filters are also available from Proofpoint competitors, including IronPort, CipherTrust and Symantec.

Proofpoint Protection Server 4.0 software is priced per module; the anti-spam module starts at $4,000 per year, depending on volume. The Proofpoint Messaging Security Gateway 4.0 appliance starts at $6,750, plus annual user license fees. The new Proofpoint Zero-Hour Anti-Virus module is priced starting at $2,720 per year, depending upon the number of users.