Spam Killer

Earlier this month, America Online filed five lawsuits against spammers, seeking a total of $10 million in damages, after receiving nearly 8 million individual complaints from subscribers. Spam accounts for more than 40 percent of the incoming e-mail at a typical U.S. corporation, according to San Francisco-based antispam vendor Brightmail.

To highlight the channel's role in the fight against spam, and to provide an ongoing forum for sharing ideas across the solution provider community, the CRN Test Center conducted an antispam contest. In January, we began soliciting entries on crn.com, asking solution providers to submit examples of deployed, customized antispam solutions. We received 36 submissions, which were then judged by CRN Test Center engineers on their level of innovation, completeness, scalability and original effort.

Our results revealed that the battle to control our inboxes is a fast-moving target. In Spy vs. Spy style, for every antispam solution created to date, spammers have launched a counterattack that continues to put strains on network bandwidth, storage, processor time and man-hours.

And when it comes to precanned antispam products, no single solution is all things to all customers. Most e-mail servers include basic antispam filtering, and numerous ISVs have entered the fray with add-on filtering products. But solution providers report that these precanned solutions only go so far. They're either targeted at businesses of a specific size or address only a small number of the issues companies face as they drown in spam.

Yet we certainly found what we were looking for. Solution providers are filling in the gaps among the current crop of spam-fighting products with a broad variety of homespun antispam solutions.

While the solutions we evaluated were allowed to contain off-the-shelf core products and services, they were required to show significant original effort from solution providers to extend the products' capabilities and/or integrate additional products. No restrictions were placed on the form the solution could take or where it resided on the network, so custom appliances, firewall servers and services were all acceptable.

The Winner
After a 10-week evaluation process, the CRN Test Center determined that solution provider Syntegra had the most innovative, scalable and thorough antispam solution of all of the contest respondents. Syntegra's extensive experience obviously worked in its favor,the Arden Hills, Minn.-based company has been managing enterprise messaging environments for 10 years and selling antispam solutions for five.

One of the chief features of Syntegra's winning Detect Undesirable E-mail (DUE) solution was its level of sophistication. Heuristics layered on top of standard filtering techniques created a robust solution that stood out from the other submissions.

Syntegra's antispam solution is also scalable and applicable to a wide variety of environments. It is deployed between the enterprise e-mail server and the Internet. The solution works with any mail server that supports SMTP, making it a good fit for a large number of potential customers. It also allows the solution to scale to meet customers' needs and opens the door to return engagements. The solution is currently in use at more than 100 enterprises, including Visa and United Health group.

AT&T Wireless uses DUE to prevent spam from reaching the 25 million subscriber mailboxes in its wireless-messaging network. The solution offered AT&T Wireless ROI in the form of decreased network congestion, increased customer satisfaction and increased customer usage.

The DUE solution automatically detects, throttles, prevents and reports spam and denial-of-service attacks based on predefined rules and filters. Rules used to determine if a piece of mail is spam include administrator-entered rule sets, rule sets from other public or private sources, Trend/NAI automatic pattern file updates and Brightmail automatic rule-set updates. Additional rules are automatically generated based on the characteristics of e-mail that has already been filtered.

Following theses rules, DUE filters e-mail based on the sender's address and domain, arrival rate and Brightmail criteria, along with the content of a message's header, body and attachments. Administrators also can modify the response that DUE takes after identifying a message as spam. The message can be automatically discarded, discarded with notification, placed in a queue for further examination, delivered with an altered subject to indicate that spam was detected or delivered to a separate spam mail folder.

The DUE system can be remotely managed, monitored and configured through a Web application, and it allows for the creation of customized end-user interfaces so that end-users can maintain their own mailboxes and rules. Customization and remote management help lead the way to potential value-add and services revenue. Another commendable feature of the solution is that it automatically checks incoming mail for viruses while filtering spam.

Overall, Syntegra has generated a lot of homespun code and integrated various technologies to produce a robust, unique spam-fighting solution.

Honorable Mention
In addition to identifying the contest winner, the CRN Test Center also awarded an honorable mention. That award went to Ft. Worth Texas-based solution provider YCC for a small-business offering that's both straightforward and novel and has the potential to block 100 percent of all unwanted e-mail.

YCC's SPAMstomper is an e-mail server through which all of a company's Internet e-mail flows. SPAMstomper examines every piece of inbound e-mail, and if the sender is on a user's "friendly" list, the e-mail passes through the server. However, if the sender is on a user's "nuisance" list, the e-mail is automatically deleted.

If senders are on neither of these lists, SPAMstomper sends a challenge e-mail to them asking them to confirm that they want their original message to be sent to the recipient. If the sender responds, the e-mail is then sent to the intended recipient.

SPAMstomper's strength is that neither bulk mail robots nor humans sending spam messages from bogus addresses are able to respond to the challenge e-mail. This blocks all but legitimate human senders. If an e-mail is accepted, the sender is automatically added to the recipient's friendly list to allow future mail to flow through the server. SPAMstomper builds its friendly list from a user's address book, and users can modify their friendly and nuisance lists via a Web interface. That allows an unwanted spam sender to be added to the nuisance list even if they responded to the challenge e-mail.

The SPAMstomper solution is generally a very useful and innovative solution. One market in which it may not be as applicable is in companies such as sales organizations, which rely on receiving unsolicited e-mails from potential customers and would not want to burden those senders with having to respond to challenge messages.

Alternative Solutions: There's More Than One Way To Can Spam
One thing that became apparent from examining the solutions submitted to our antispam contest is that there are many ways to ward off unsolicited mail. Solutions evaluated by the CRN Test Center ranged from services to software to appliances, as well as intriguing combinations of the three. The complexity of the solutions and the form they took depended largely on their target market, which also often determined the key value behind each offering. The following are some other novel approaches reviewed by the Test Center.

Rosco Associates Technology Staffing, Edmonton, Alberta, delivers its solution in multiple ways. The company has a business unit offering a mail hosting service protected by its homespun antispam software solution for small and midsize businesses. For larger customers, Rosco sells the technology installed on gateway-style appliances or full e-mail servers. It will also install its solution on customers' existing hardware. As a value-added service, Rosco will remotely administer any of the customer-side solutions. The Test Center appreciated this multipronged approach, which enables the company to open up its customer base and handle a variety of different customer needs.

All of the solutions are based on Linux and mail transfer agent qMail, but the company is looking to integrate OpenLDAP and MySQL in the future. When a piece of mail arrives, the sender is sent a challenge message. If senders respond correctly, their addresses are automatically added to the recipient's white list (as opposed to blacklist) and the e-mail is released to the recipient. If the challenge cannot be sent because the e-mail address is fake, or if the challenge isn't correctly responded to, the original message is deleted after a time-out period set by the administrator. End users can manually intervene to validate the challenged mail, should they choose to do so. Users manage their accounts through a script-driven Web interface.

Alvaka Networks, Huntington Beach, Calif., delivers a well-rounded solution, called the TrueProtect Enterprise Message Management Service, which was developed by FrontBridge Technologies, Marina del Rey, Calif. More than just a spam filter, the service suite offers attribute blocking, disaster recovery, e-mail policy enforcement, mail-server protection, multiengine virus scanning and outbound-mail-relay support.

A service approach has many advantages, the Test Center found. It only requires a redirection of e-mail traffic. Nothing is installed at the customer site, so there's no significant interruption of service and no hardware to maintain. The customer's server and firewall loads are also reduced to only supporting validated e-mail. Any mail server using SMTP can be supported, so the solution is server-agnostic. Redirection also allows value-added services such as virus scanning to be layered onto the antispam service.

Alvaka chose the service approach to address the paradox that increasing IT return on investment usually requires increased IT support, which in turn cuts into already stressed resources. Companies implementing and managing mail filtering and other antispam technologies are throwing IT management resources at the problem to stem the tide of e-mail to end users. The CRN Test Center found that a service approach takes the burden completely off a company's staff and network,a compelling alternative to offer customers seeking greater ROI.

Central Florida Computer Services (CFCS), Orlando, Fla., took a more traditional approach to fighting spam, but targeted its solution at cost-effectively handling the needs of the five-to-10-mailbox business. The Test Center recognizes that this is a drastically underserved market, ripe with opportunity for solution providers that build turnkey solutions of their own.

CFCS found that no commercial or open-source products currently on the market filled the need for inexpensive server-based mail filtering for a small business with marginal Internet connectivity. Commercial server-side products were too expensive; personal, or single-client, products had too high an administrative overhead; and open-source products were either too complicated or bandwidth-intensive.

Relying on Perl scripts to detect and quarantine spam mail, CFCS' solution integrates Fetchmail, Procmail and Sendmail. The solution builds separate blacklists for subject lines, senders' addresses and message bodies from received mail that recipients identify as unsolicited. Users forward the headers of junk mail to an administrator, who adds them to the block list. When a message is suspected of being junk mail, it's quarantined to a single account,preventing the loss of false positives,and the sender is notified.