Spam drives users crazy, makes life difficult for mail administrators, and drives up costs. We evaluate five packages that aim to ease the burden on your mail servers.In this review we take a look at the software that attempts to take unwanted e-mail and puts it into a can--and not the type with the easy-to-open key, either. For some reason these annoying e-mails have increasingly been making more and more headlines over the past few months (while the actual level of spam has not really increased that much, or at least that's what some researchers say.)
Anti-spam products
|
How do they work?
Now you may be thinking how does the application know if an e-mail message is genuine or unsolicited? There are several ways, including reverse lookup, IP blocking (sometimes using blacklists), and heuristic scanning.
Reverse lookups
Reverse lookups basically take the return e-mail address from the sender of the e-mail strip off the name and the @ symbol and check to see if the domain name is firstly valid and secondly if there is a mail server listening on that given domain name. Spammers often use fake e-mail addresses to cover their tracks, so a reverse lookup eliminates those return addresses that are obviously fake.
IP blocking rules
IP blocking rules are relatively simple and can be set up in one of two ways. The first is in hindsight--once either an IP address or domain or even a specific e-mail address has been found to be generating unsolicited e-mail, that IP address, domain, or e-mail address can be added to the list and blocked for all future messages. This is very similar to the rules that can be set up in most popular e-mail client software applications.
Rules can be tricky to setup and administer and time consuming as well, and as mentioned are generally applied after an unwanted message has already gotten through or been quarantined.
The second way of applying rules is semi-automatic: there are companies who provide blacklists of domains and IP addresses that are known havens for spammers to send their bulk e-mails out from. These black lists can be used as plug-in to spam filtering software, to provide up-to-date blocking and trashing of unsolicited e-mails.
These black lists can prove to be a bit of a double-edged sword. Even though they can easily provide a readily updated and quite thorough list of domains and IP addresses to block, they may also automatically block some quite legitimate services that are trying to get through.
What's an open relay?
Spammers are generally considered a nefarious lot who will resort to any tactics to get as many millions of e-mails out to their e-mail address databases. And the majority of spammers do not want to have to utilise their own equipment and/or bandwidth--they prefer to leech off other legitimate e-mail servers that are running less than secure mail services. There are quite up-to-date detailed lists available on many cracker/hacker sites detailing the IP addresses of spammer "friendly" mail servers. Many of these open mail servers are unwittingly donating their services and resources to these spammers.
Most recent releases of mail server software have a separate section for configuring specific "relay" domains; these are single or multiple domain names and/or IP address ranges that the particular mail server is allowed to send mail for. You may have noted the "message could not be sent--relaying denied" error if trying to send e-mail from your notebook on an unfamiliar Internet connection such as in a hotel or at a conference.
However, not all mail administrators do this correctly, and if poorly set up, the server will relay mail from external IP addresses, an open invitation to spammers.
Blacklist providers--at least in theory--monitor for open relay servers and if they find one, it's added to the blacklist. Once an IP address or mail server is blacklisted, the administrator is usually notified, as naturally they may want to rectify the open relaying issue and have themselves removed from the black list.
This can be a big issue for mail administrators. If your mail server is put on a blacklist, then companies using that blacklist service to filter spam will not receive any mail from your server, no matter how legitimate it is. And this problem can take days to fix: firstly you need to fix your relaying problem, submit your request for testing and removal from the blacklist, and then wait for the test to pass and the IP address to be removed from the black list, and then wait again until the blacklist end-user updates its blacklist file on the anti spam application. So you can see that blacklists, while providing a handy tool to anti-spam applications, can also cause issues too.
Another factor to take into consideration is that these blacklists are not regulated or held to any standards, so it is worth checking the background of the company that you are subscribing to that is providing these blacklists. Find out how regularly servers are checked and updated, and what testing they take to ensure that a mail server that is reported to them is actually allowing spam relaying, and not just a victim of a rogue user who decided on a whim to get into the business of spamming.
Heuristic scanning
An emerging technique for dealing with spam messages is heuristic scanning of each message's content. Heuristic scanners operate on a list of rules that indicate a particular e-mail may or may not be spam. For example, they analyse the mail headers for tell-tale signs such as mail client software that is used for sending spam, or if the mail client has modified its headers to look like they came from a regular e-mail client such as Outlook. They analyse the content of the e-mail for giveaway signs such as being all in capitals, containing suspect phrases such as "no-risk investment", and many others. Depending on the complexity and accuracy of the rules, and how up-to-date they are, heuristic scanners can be a lot less hit-and-miss than the other techniques we discussed.
Anyway, enough of the background, let's have a look at the products. We received spam filters from the following vendors: SurfControl, McAfee, NetIQ, GFI, and Clearswift.
We installed all these applications onto a generic Intel Pentium 4-based server running Windows 2000 Advanced Server. This ran in conjunction with a Digital server running Microsoft Exchange 2000, via a live test e-mail system running records from external name servers across the internet.
