Postini Beefs Up Anti-Spam Managed Service

"Spam is what's driving enterprises to defend e-mail," said Andrew Lochart, Postini's director of product marketing, "but they're now looking for a complete set of e-mail boundary defenses."

Claiming that content filtering is a "bankrupt" means of protecting e-mail systems from spam and viruses, Postini said that its technology, which examines the behavior of the sender, specifically the sender's IP address, to help decide whether incoming messages are dangerous or desired.

The spam war, according to Lochart and Postini, is changing, from a content filtering battle to a real-time SMTP connection contest.

"Spammers are using even sneakier approaches," said Lochart. "With less data to evaluate -- many spam messages have only minimalist content -- filters can't come up with a positive evaluation. You have to look at the behavior of the sender at the IP address level.

"We have to move closer to the spammer, further up the IP connection," Lochart argued. "Since we can't actually get inside the spammer's firewall, the next best thing is to identify the IP address he's using."

Postini Perimeter Manager 5.0 features expanded IP blacklisting created not from static lists, but from real-time analysis of the 400-plus million messages Postini filters each day for its customers.

Previously, each of the four Postini data centers -- a customer is assigned to one of the quartet -- could only share its findings with other clients using that center. With Perimeter Manager 5.0, however, IP analysis done at one data center is shared with all the others.

"We're pooling four times as much data as before to see which IP addresses are naughty," said Lochart. Postini's approach, he added, eliminates about 53 percent of spam just based on the sender's IP address, without having to spend time filtering for content.

And once an IP address stops sending spam, it can be put back on the "good" list by subtracting from its "it's spam" score. "If an IP stops doing bad things, its mail is allowed through. That information is not going to be the same today as tomorrow," said Lochart.

The same techniques are used in Postini's new IP whitelisting, which provides a global list of addresses that are unlikely to send spam. This, said Lochart, reduces false positives -- legit mail being categorized as spam -- from being sent to quarantine folders.

"Even if some content rules get triggered, we'll let messages [from such IPs] through," said Lochart. "We give mail from these IPs the benefit of the doubt."

The new dynamic whitelisting is Postini's weapon in what it calls the current big battle in fighting spam. "Anti-spam solutions really need to dial down the false positives. That's where the fight is being fought. Most solutions can provide a 95 to 98 percent effectiveness in recognizing spam, but what enterprises are looking for is something that gives fewer and fewer false positives," Lochart said.

Version 5.0 also offers a new tool, dubbed "blatant spam blocking" that customers can turn on and off as they wish. Perimeter Manager scores messages on a 0 through 100 scale, and lets users scrub the most obvious spam without even bothering to quarantine it.

"About 50 percent of spam is so blatant that it gets a score of 99.9. We don't even put that spam in quarantine. ... It's our attempt to cut the amount of mail in quarantine in half," said Lochart. "The chances for a false positive on spam like this is about one in 100 million."

With fewer messages in quarantine, users are more likely to review that folder and enterprises can devote less storage space to obvious junk.

But it's the managed service approach that's selling Perimeter Manager, said Lochart, who claimed that the company has been booking about 700 to 750 new clients each quarter, and retaining 98 percent of current customers as their contracts come up for renewal.

"The market's voting with its wallet that managed services makes the most sense," he concluded.

*This story courtesy of TechWeb.com.