Other mitigating factors were behind decline in blacklist and whitelist effectiveness. In end, failure of these lists as email security solutions was largely due to their inability to factor message quality into equation.

Second-Generation Reputation Systems

The next iteration of reputation systems built on failure of blacklists and whitelists to maintain control over spam flood. While lists remained an integral component, new features briefly increased second-generation reputation systems’ efficiency and effectiveness. With time, however, spammers adapted their habits to evade detection.

Among improvements seen in second-generation reputation systems were dynamic lists, necessary to combat introduction of “zombies” into email security landscape; automatic updates, which removed administrative burden of manually uploading lists; and message scoring, which assesses a message’s likelihood of being spam and assigns a corresponding “score.”

The Next-Generation Reputation System

Today’s spammers are more clever than ever, so today’s reputation systems must be equally sophisticated. An effective reputation system must be dynamic, comprehensive and precise, and based on actual enterprise email traffic in order to keep spammers from gaining any advantage. To that end, CipherTrust developed TrustedSource, most precise and comprehensive reputation system available. TrustedSource keeps enterprises ahead of spammers by leveraging research generated by CipherTrust’s industry-leading network of customers. In developing TrustedSource, CipherTrust has succeeded in defining to a reputation for every IP address in use across Internet (all 4.2 billion!), not just those that have been encountered in past.

By combining years of industry-leading research with unmatched capabilities of IronMail’s Message Profiler, CipherTrust has made some ground-breaking discoveries about email sending behavior of IP addresses. TrustedSource merges CipherTrust’s unmatched knowledge base and global customer network of over 1,400 companies with generally available data such as traffic patterns, white/blacklists and network characteristics. This powerful combination allows TrustedSource to assign accurate scores to any IP address encountered by IronMail, considering both sender history and message characteristics.

Trust Your Reputation to Ours

A traditional email security approach that relies solely on identifying messages based on content and/or characteristics, or an approach that relies solely on blacklists and whitelists, is incapable of generating adequate data about senders. In order to accurately identify messages as wanted or unwanted, corporations must embrace an approach that includes a comprehensive reputation system like TrustedSource. To learn more about TrustedSource and how it can help you take control of your enterprise email security, download CipherTrust’s free whitepaper, “TrustedSource: Reputation Redefined.”

State and federal regulations targeting financial and personal data affect almost every enterprise, with mandates to protect and secure all forms of information. While these regulations rarely explicitly mention email, laws are broadly written and generally interpreted to cover email and other forms of electronic communication.

Publicly traded enterprises, particularly those in banking and healthcare industries, must guarantee privacy and security of customer or patient information in email by encrypting message and monitoring outbound email for unencrypted or inappropriate patient or customer information. In addition to protecting private information through policy enforcement, companies are responsible for protecting private information while in transit across Internet.

Failure to encrypt confidential information that results in a violation of regulatory policy can lead to steep corporate fines as well as possible criminal charges, fines and jail time for company executives. In addition, company faces likely lawsuits from customers and patients whose confidential information is compromised.

To help ensure security of confidential information and compliance with regulations, businesses must ensure that:

• Email messages containing confidential information are kept secure when transmitted over an unprotected link
• Email systems and users are properly authenticated so that confidential information does not get into wrong hands
• Email servers and message stores where confidential information may be stored are protected

Make Sure it’s Greek to Them

A comprehensive email security approach including encryption is most effective defense against all external and internal threats. For more information on how to encrypt information entering and leaving your enterprise email network, download CipherTrust's FREE whitepaper, "Protecting Email Privacy: Overview of IronMail Privacy Architecture".

CipherTrust and The IronMail Insider wish you and yours a safe and happy holiday season and all best for a prosperous 2005!