Pages

Wednesday, October 28, 2009

Spam Filtering

Over the past decade, email has become a major form of communication, and a crucial tool for businesses the world over. People share thoughts and ideas, plan projects, build relationships, market their products, network with colleagues, stay in touch with loved ones, all at the click of a mouse. But what happens when the emais are dangerous??

According to a
Heinz Tschabitscer with About.com in an article posted here, back in 2008 there were around 210 billion emails sent per day. A little quick math here, divide that by the 86,400 seconds in 24 hours, that’s 2.43 million emails sent every second. That’s an awful lot of emails! Most of these emails never actually make it to their destinations of course, as around 70% of that number (in 2008) was spam. Since 2008, the numbers have only increased.

As you may imagine, with an increase in spam, comes an increase in anti-spam. There are several different ways of fighting spam.

Client-Side Software
Client-Side Software refers to a solution on the local machine to address spam issues after the message has been delivered to its destination. This does not prevent the message from reaching the end user, but allows for relatively safe management of spam and messages that may contain malware.

These solutions are generally low-cost, and common in small companies and residential environments, especially where mail is hosted offsite and retrieved via pop3 or imap.

Email Clients
Email clients, such as Microsoft’s Outlook, have some basic spam filtering capabilities built in. You can mark a message, a sender, or an entire domain as a spam source, and then anything that comes in from that source will hence forth be delivered to the email client’s “junk” or “spam” folder.

Pros:
  • The benefit to this is if you’re using an email client anyway, the functionality is built in. There’s nothing to purchase or install separately, and if that client is outlook, updates come in with the Windows Updates.
  • If you already have an email client that has this functionality, there’s no cost associated with updating the rules.

Cons:
  • This feature is not very accurate however and a lot of messages that are actually legitimate correspondence can be flagged as spam. Conversely, many messages that are actual spam can be overlooked, and will be delivered as normal.
  • In this situation, the message will still come into your organization and be delivered to your computer. If it’s identified as spam, the infectious content will usually be blocked from running, but you still have to manage it. You still have to decide if you’re going to leave the message in the folder or delete it. Also, this message required internet bandwidth to come in, only to be discarded or set aside. True, one little message isn’t going to do anything, but if you’re getting a lot of spam, or you’re a member of a large corporation, chances are there’s a lot of spam coming in, and it’s cutting into your internet speed, as well as storage space.

Client-Side Anti-Virus/Anti-Spam
A lot of today’s anti-virus programs come with anti-spam modules built in. These programs will keep a keen eye on your inbox, watching traffic come in and go out searching for messages it thinks may be spam. What it does when it finds something it thinks may be spam is a behavior you can usually set within the software. Typically, it will create a “spam” folder, or use the one that was created by the email client, though it can be set to simply delete the message.

Some Client-side Anti-Virus solutions that include anti-spam functionality include
Trend Micro’s Internet Security, and McAfee’s Internet Security.

Some Client-side Anti-Spam solutions include Sunbelt Software’s Ihatespam and Spam Blackout

Pros:
  • This functionality is usually more accurate than the simple email client filtering capabilities, and is updated as often.
  • This does not require installation on a server or any complicated networking changes. This is also typically an inexpensive solution.

Cons:
  • With the exception of better accuracy in spam identification (which is more robust than the email client, still can leave something to be desired) this method shares the cons of the email client. You still have to manage the messages yourself, it’s still delivered to the mailbox, and the message is still a burden on storage space and internet speed.
  • These solutions require regular updating, and there could be a cost associated usually in the form of a yearly subscription.

Server-Side Software
A Server-Side software solution involves installing software on the mail server. The software will integrate with the mail server software, and scan messages as they arrive and/or leave. This method is most commonly used by small to medium companies who host their own mail, although some outsourced mail companies, like
Mi8 may use it as well.

Server-Side software includes Anti-virus solutions, like Trend Micro’s
Office Scan, and Anti-spam solutions like GFI Mail Essentials.

Pros:
  • These solutions prevent the message from being delivered to the end-user’s mailbox, lightening the load on that user’s mail storage.
  • This provides a single point of management for delivery rules and spam identification. The administrator need only create one rule which then applies to all recipients. In most cases, users can be permitted to view the messages they would have received to determine if they were falsely identified as spam.
  • The software can also be set up so that the messages are only reviewable by the administrator.

Cons:
  • Even though this method lightens the load on the mailbox storage for the end users, the message is still delivered to the site, cutting into internet bandwidth. Also, depending on the quarantine rules on the software it can still require disk space for storage.
  • These solutions require regular updating, and there could be a cost associated usually in the form of a yearly subscription.

Hardware Spam Firewall
Basically a computer dedicated to scanning your mail as it comes through your firewall, an anti-spam device is a common solution for a medium sized business. There are many brands, some of the most popular include
Barracuda, Cymphonix, and Spamwall.

These devices are akin to your common network router, but they have a more sophisticated operating system. This device sits just inside your network, and your router sends all mail packets to it for scanning. The device finds the messages it thinks is spam, sets them aside, and then passes the good ones along to the mail server.

Pros:
  • These devices, if configured correctly can be highly effect and accurate.
  • This provides one central location for your IT team to manage spam. You’re able to set one rule that will apply to all.

Cons:
  • These solution can be relatively expensive, requiring new hardware and installation.
  • These devices require physical installation, and unless the person doing the install is familiar with the infrastructure and understands networking principals, this can be a daunting task.
  • These solutions require regular updating, and there could be a cost associated usually in the form of a yearly subscription. Beyond updating spam definitions, these devices will sometimes require operating system updates and service packs. This is not always available automatically, so an administrator will be required to update the operating system.
  • Even though this method lightens the load on the mailbox storage for the end users, the message is still delivered to the site, cutting into internet bandwidth. Also, depending on the quarantine rules on the software it can still require disk space for storage.
  • If the software is set so that only the administrator can review the quarantined messages, it adds another task to someone’s plate.

Third-Party
In a third-party solution, your mail messages are checked before they ever hit your mail server. This third-party receives your mail before you do. This is achieved by making a change to your public MX record. Instead of having mail.yourdomain.com resolve to your public IP address, it will be changed to resolve to a location that will be given to you by the third-party. Your mail is routed to the third-party’s servers where it’s scanned for spam content, viruses and malware, and it is then delivered to your mail server.

Similarly, your mail server can also be set up to send all your company’s mail through this third-party, and then your firewall can be locked down to allow outbound email only from the mail server. This can prevent machines on your network that may be infected with malware from sending out spam. This can help make sure that your IP address is not
blacklisted.

Some third-party spam solutions include
MxLogic and Postini.

Pros:
  • This solution does not require any changes to hardware or software on your end. There are no devices to install, no software to install, and spam gets stopped before it reaches your internet connection. Your bandwidth is not impacted. Your storage space is not impacted.
  • Users can log into the third-party’s system and manage rules and alerts for themselves.
  • The messages are stopped before they’re delivered to your site, freeing up bandwidth.
  • The messages are stored on the third-party’s end, so there’s no impact on your storage.
  • Management of rules and quarantined messages are available to both the end user for their own messages as well as an administrator for global administration.

Cons:
  • These services are generally more expensive than the other options, usually requiring a monthly subscription.
  • Configuration includes editing of public DNS settings, which is not something that is recommended unless the person making the changes if familiar with such things. A misconfiguration can lead to downtime.
  • Configuration of the mail server is required for outgoing messages to be routed through the third party, which is not something that is recommended unless the person making the changes if familiar with such things. A misconfiguration can lead to downtime.
  • This setup adds one more point of failure to the message’s journey. If the third party needs to update systems, or has an outage of some sort, this can cause mail to be delayed. Make sure you ask the third party what their policy on downtime is, and how often it’s likely to occur.

Email having become such a widely used medium for us in business and our personal lives, all of the solutions listed have value of some sort. If you’re unsure what solution is right for you, consult with your administrator or a knowledgeable source.