Increase Efficiency with Intelligent Email Traffic Control

Written by CipherTrust

Work Smarter, Not Harder

CipherTrust’s IronMail has helped some ofrepparttar largest enterprises inrepparttar 109511 world stemrepparttar 109512 flood of spam to their end users, as well as address a host of other e-mail threats. IronMail’s unique Spam Profiler tool provides maximum effectiveness by scrutinizing thousands of characteristics of every message to determine a spam score. Butrepparttar 109513 challenges for enterprises today do not stop at identifying and blocking spam. With spam volumes continuing to increase at an incredible rate,repparttar 109514 new challenge is to more efficiently handlerepparttar 109515 huge volumes of mail, without increasing costs.

The massive growth in spam in recent years is expected to continue exponentially well intorepparttar 109516 future. According to Radicati Group research,repparttar 109517 average corporate e-mail user sends 34 e-mails and receives 99 e-mails every day, a 53% increase over numbers from just one year ago. E-Marketer expectsrepparttar 109518 total volume of e-mail sent in 2004 to exceed two trillion messages, with steady growth rates of 13 to 15 percent annually through 2007. With this sort of massive e-mail volume traveling acrossrepparttar 109519 Internet andrepparttar 109520 reality that a vast majority is undesired,repparttar 109521 need for accurate and thorough spam protection has never been greater.

To handlerepparttar 109522 additional traffic, you could add more mail servers, or you could become smarter about how you utilizerepparttar 109523 equipment you already have, and double your return on investment. IronMail’s Connection Control isrepparttar 109524 first and only offering to combine network-based traffic shaping and reputation services to elegantly block e-mail from senders who consistently send spam. Reputation servers and traffic shaping are both emerging technologies inrepparttar 109525 fight against spam, and IronMail isrepparttar 109526 first product to effectively integrate them to fight spam and stop e-mail threats. And, Connection Control even offers an opportunity for a little payback against spammers.

Slamrepparttar 109527 Spammer

Connection Control takesrepparttar 109528 fight torepparttar 109529 spammers by forcing them to spend extra time and money to send spam. By removingrepparttar 109530 financial incentive of sending spam, IronMail forces spammers to rethink their approach or halt operations altogether. When dealing with spam assaults on their servers, network administrators can choose whether to take an offensive or defensive approach:

  • Tough Defense – In defense mode, Connection Control will simply not accept messages from IP addresses flagged as violators forrepparttar 109531 designated time interval. This vastly reducesrepparttar 109532 number of messages requiring scanning, which lowersrepparttar 109533 cost of spam defense forrepparttar 109534 customer.
  • Aggressive Offense – In offense mode, Connection Control turnsrepparttar 109535 tables on spammers by accepting a connection, but slowingrepparttar 109536 flow of e-mail to a handful of messages per hour. This forcesrepparttar 109537 spammer to expend resources despiterepparttar 109538 message having no chance of success. In this mode, Connection Control makes domains protected by IronMail very unprofitable targets for spammers.

How Spammers Fool Spam Filters

Written by CipherTrust

And How to Stop Them

Effectively stopping spam overrepparttar long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of tools spammers use coupled withrepparttar 109510 increasing number of spammers inrepparttar 109511 wild has created a hyper-evolution inrepparttar 109512 variety and volume of spam. The old ways of blockingrepparttar 109513 bad guys just don’t work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail asrepparttar 109514 efficient, effective communication tool it was intended to be.

There are several widely-used methods for filtering spam, each of which can be defeated by spammers to some degree. Understandingrepparttar 109515 strengths and weaknesses of each approach andrepparttar 109516 methods spammers use to defeat them isrepparttar 109517 basis of an effective, comprehensive anti-spam strategy.

Signature-based Filters

Signature-based filters examinerepparttar 109518 contents of known spam, usually derived from honey pots, or dummy e-mail addresses set up specifically to collect spam. Once a honey pot receives a spam message,repparttar 109519 content is examined and given a unique identifier. The unique identifier is obtained by assigning a value to each character inrepparttar 109520 e-mail. Once all characters have been assigned a value,repparttar 109521 values are totaled, creatingrepparttar 109522 spam’s signature. The signature is added to a signature database and sent as a regular update torepparttar 109523 e-mail service’s subscribers. The signature is compared to every e-mail coming in torepparttar 109524 network and all matching messages are discarded as spam.

The benefit of signature-based filters is that they rarely produce false-positives, or legitimate e-mail incorrectly identified as spam.

The drawback of signature-based filters is that they are very easy to defeat. Because they are backward-looking, they only deal with spam that has already been sent. Byrepparttar 109525 timerepparttar 109526 honey pot receives a spam message,repparttar 109527 system assigns a signature, andrepparttar 109528 update is sent and installed onrepparttar 109529 subscribers’ network,repparttar 109530 spammer has already sent millions of e-mails. A slight modification ofrepparttar 109531 e-mail message will renderrepparttar 109532 existing signature useless.

Furthermore, spammers can easily evade signature-based filters by using special e-mail software that adds random strings of content torepparttar 109533 subject line and body ofrepparttar 109534 e-mail. Becauserepparttar 109535 variable content altersrepparttar 109536 signature of each e-mail sent byrepparttar 109537 spammer, signature-based spam filters are unable to matchrepparttar 109538 e-mail to known pieces of spam.

Developers of signature-based spam filters have learned to identifyrepparttar 109539 tell-tale signs of automated random character generation. But as is oftenrepparttar 109540 case, spammers remain a step ahead and have developed more sophisticated methods for inserting random content. As a result, most spam continues to fool signature-based filters.

Rule-based (Heuristic) Filtering

Rule-based filters scan e-mail content for predetermined words or phrases that may indicate a message is spam. For example, if an e-mail administrator includesrepparttar 109541 word “sex” on a company’s rule-based list, any e-mail containing this word will be filtered.

The major drawback of this approach isrepparttar 109542 difficulty in identifying keywords that are consistently indicative of spam. While spammers may frequently userepparttar 109543 words “sex” and ‘Viagra” in spam e-mails, these words are also used in legitimate business correspondence, particularly inrepparttar 109544 healthcare industry. Additionally, spammers have learned to obfuscate suspect words by using spellings such as “S*E*X”, or “VI a a GRR A”.

It is impossible to develop dictionaries that identify every possible misspelling of “spammy” keywords. Additionally, because filtering for certain keywords produces large numbers of false positives, many organizations have found they cannot afford to rely solely on rule-based filters to identify spam.


The goal of blacklisting is to force Internet Service Providers (ISPs) to crack-down on customers who send spam. A blacklisted ISP is blocked from sending e-mail to organizations. When an ISP is blacklisted, they are provided with a list of actions they must take in order to be removed fromrepparttar 109545 blacklist. This controversial method blocks not justrepparttar 109546 spammers, but all ofrepparttar 109547 ISP’s customers. Blacklisting is generally considered an unfriendly approach to stopping spam becauserepparttar 109548 users most affected byrepparttar 109549 blacklist are e-mail users who do not send spam. Many argue blacklisting actually damagesrepparttar 109550 utility of e-mail more than it helps stop spam sincerepparttar 109551 potential for blocking legitimate e-mail is so high.

In addition torepparttar 109552 ethical considerations, there are other problems with blacklists. Many blacklists are not updated frequently enough to maintain effectiveness. Some blacklist administrators are irresponsible in that they immediately block suspect servers without thoroughly investigating complaints or givingrepparttar 109553 ISP time to respond. Another downside is that blacklists are not accurate enough to catch all spam. Only about half of servers used by spammers, regardless of how diligentrepparttar 109554 blacklist administrator may be, are ever cataloged in a given blacklist.

Blacklists are used because they can be partially effective against spammers who repeatedly userepparttar 109555 same ISP or e-mail account to send spam. However, because spammers often change ISPs, re-route e-mail and hijack legitimate servers,repparttar 109556 spammer is a moving target. Blacklist administrators are forced to constantly revise lists, andrepparttar 109557 lag-time between when a spammer begins using a given server and whenrepparttar 109558 blacklist administrator is able to identifyrepparttar 109559 new spam source and add it torepparttar 109560 blacklist allows spammers to send hundreds of millions of e-mails. Spammers consider this constant state of flux a part of doing business and are constantly looking for new servers to send spam messages.

Blacklists, therefore, have some utility in stopping known spammers. Because of their limitations, however, this data should only be used in conjunction with other sources to determine if a given message is spam.


Whitelists are databases of trusted e-mail sources. The list may contain specific e-mail addresses, IP addresses or trusted domains. E-mails received from a whitelisted source are allowed to pass throughrepparttar 109561 system torepparttar 109562 user’s email box. The list is built when users and e-mail administrators manually add trusted sources torepparttar 109563 whitelist. Once built,repparttar 109564 catch-rate for spam can be close to 100%, however, whitelists produce an inordinate number of false positives.

It is virtually impossible to produce an exhaustive list of all possible legitimate e-mail senders because legitimate e-mail can come from any number of sources. To get around this difficulty, some organizations have instituted a challenge-response methodology. When an unknown sender sends an e-mail to a user’s account,repparttar 109565 system automatically sends a challenge back torepparttar 109566 sender. Some challenge-response systems requirerepparttar 109567 sender to read and decipher an image containing letters and numbers. The image is designed to be unreadable by a machine, but easily recognizable by a human. Spammers would not spendrepparttar 109568 time required to go through a large number of challenge-response e-mails, so they droprepparttar 109569 address and move on to those users who don’t use such a system.

Whitelists are only partially successful and impractical for many users. For example, problems can arise when users register for online newsletters, order products online or register for online services. Ifrepparttar 109570 user does not remember to addrepparttar 109571 new e-mail source to their whitelist, or ifrepparttar 109572 domain or source is entered incorrectly,repparttar 109573 communication will fail. Additionally, whitelists impose barriers to legitimate e-mail communication and are viewed by some as just plain rude.

Whitelists are not widely used by e-mail users and administrators as a primary tool to fight spam because ofrepparttar 109574 high number of false positives, andrepparttar 109575 difficulties in creating a comprehensive list of e-mail sources. Because whitelists are not widely used, spammers typically do not develop countermeasures. As with other spam fighting techniques, whitelists are most effective when used in conjunction with other anti-spam tools.

Cont'd on page 2 ==> © 2005
Terms of Use