The case for a spam firewall:
World-class spam filtering comes of age.

Spam is out of control. No, not the meat product, but the email variety. Every organization with email has been subject to an ever-increasing volume of spam or UCE (Unsolicited Commercial Email). Spam has become more prolific than junk mail used to be in your “snail” mailbox (remember junk mail?). Mass marketers continue to embrace email, as it is simple, fast, lower-cost and can be sent, albeit illegally, completely anonymously.

As email users, the solutions we used to block SPAM in the past were either very hard to administer, prone to false positives or letting email through. In 2005, Hagerman & Company, Inc. used software-based solutions to weed out the hundreds, even thousands of unsolicited emails that we receive weekly. In just a year, we have seen that volume of SPAM increase to tens of thousand of pieces per week.

An August, 2003, Wall Street Journal article stated that spam, “Accounts for 45% of all e-mails, or 15 billion messages every day, and costs business world-wide a total of $20 billion a year in lost productivity and technology expenses, according to the Radicati Group, a market research firm in Palo Alto, CA. The firm predicts the number of daily SPAMs will rise to more than 50 billion by 2007, and costs will reach almost $200 billion per year." 

So, how can your organization get a handle on SPAM and return your workers to using email productively?

What is spam?
Spam or Unsolicited Commercial Email (UCE) covers a lot of ground. It can include electronic junk mail or junk newsgroup postings. As they say on Webopedia, “If a long-lost brother finds your e-mail address and sends you a message, this could hardly be called spam, even though it's unsolicited. Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.”

Who among us has not gotten an email that promises to increase or decrease the size of some part of the body, turn our computer into a money-making machine, received an offer to share money in an account left in a country on the African continent by a deposed or deceased leader, buy Genuine South African Hoodia or low-cost drugs from Canadian Pharmacies? Spam wastes and eats a lot of network bandwidth. Current estimates are that SPAM accounts for more than 70 percent of all email sent worldwide.

Anti-spam starts with your email provider
The solutions available for blocking SPAM are still just as different as the solutions that are available for email. Workstation and server-based solutions drag down the resources of the PC or server running then, resulting in an ever-increasing processor load that is in direct correlation to the increasing amounts of SPAM. How do you get a handle on the problem? Well, the first and most important step you can take to controlling spam is to take control. If you are a business, talking control involves one of two choices:

    1. Host your own email server
    2. Have your email hosted by a     professional ISP

Not to bash brands, but providers of ‘free’ email or services that are targeted at the consumer marketplace are much more difficult to control yourself. If your email address ends with hotmail.com, msn.com, aol.com, netscape.com, aim.com, gmail.com or yahoo.com and you are using that service for business email, this is the first change you need to make. These providers either let everything in, allow limited user controls or worse yet, control what they deem to be spam.

Anti-spam solutions are still not created equal
Just as there is a difference in quality when you buy an appliance, home theatre system, car, etc., there are also differences in quality with regards to anti-spam solutions. Many of the lower-cost desktop software that helps to stop spam starts by blocking some or all of the domains listed in the section above. While they do control spam, they result in a lot of false positives. Tools for people who use Microsoft Outlook 2003 with their ISP or internal hosted email may include the Junk E-Mail folder and rules from Microsoft. While far from perfect, this software does have many good points, like allowing user control of whitelists and blacklists (used to allow or disallow email from individuals or domains). Server-based solutions exist too, and add overhead to your email server(s). In all these cases, your users and IT team must watch for changes, updates and spend time determining what email is real and what is not. Most server-based solutions use rules that:

1)       Analyze keywords and phrases

2)       Look for specific subject lines

3)       Run complex algorithms to determine the likelihood that the picture embedded is pornographic in nature and not just a picture at the beach, based on the colors in the graphic

4)       Employ blacklists and whitelists

5)       Check for Valid senders

6)       Verify sending domains

The unfortunate part is that the more sophisticated software requires more administration to run and is more expensive to purchase and implement. It also takes a toll on the speed of your email server. What if you could block that email, run those rules and control what email your organization receives before it ever makes it to the email server? Enter the Spam Appliance.

Spam firewall
For the purpose of this article, I will focus on the SPAM Firewall from Barracuda. http://www.barracudanetworks.com/ns/products/spam_overview.php  This is one of the most impressive devices I have ever seen. The capabilities is has for watching, detecting and dealing with SPAM are phenomenal. The Barracuda Spam Firewall truly does provide comprehensive protection. They have a ten-layer defense system which allows for optimized performance of your email server while still providing protection against SPAM. In fact, algorithms and methods used by the Barracuda Spam Firewall are the most comprehensive and most advanced in the industry at detecting and filtering spam, resulting in the lowest rate of false positives.

It filters for virus-infected email, forged or "spoofed" sender addresses, protection against phishing schemes, scans all attachments for spyware executables and removes them and even stops denial of service attacks using rate control systems. The Barracuda Spam Firewall allows local control so spam policies can be set by the end users (on an individualized basis) or on a global corporate level.  Individual Spam scoring, personal allow and block lists, email quarantine, even integration with Outlook and Lotus notes for filter editing and false positive control. Best of all, this device handles the email and only passes the good stuff on to your email server. That means it runs better.

What do you do if a piece of mail gets blocked? You can perform a sort of sender, recipient, subject, etc. and tag that message to be delivered. You can also strengthen the tagging of email as SPAM, blacklist or whitelist users and domains with the click of a mouse. While this solution may be more expensive than you might have anticipated, take a look at their ROI calculator (http://www.barracudanetworks.com/ns/resources/spam_cost_calculator.php ). 

A simple example would be that if you have 60 users who received 200 pieces of SPAM per day and those workers had an average salary of $40,000, you are losing $100,000 in productivity annually to SPAM alone, not including loss of bandwidth, storage and processing costs and the inevitable downtime. Check out their link and see just how quickly you can justify the return on investment for this kind of purchase. Best of all, the system can stay updated with new rules and you can provide feedback to Barracuda that will help them see the trends in SPAM traffic and tighten the detection even further.

How to be safe and not sorry
Unfortunately, just as I mentioned in 2005 (link this), as with anything else, the solution you choose is very important. The cheap solutions provide the worst results, so the adage is true; you get what you pay for. Just as you will be more likely to get spam by using email from one of the “free” services rather than having a legitimate domain for your company, the free or low cost solutions do a very basic job, but they do not have the intelligence to make a decision about what is real email and what is not. We at Hagerman & Company, Inc. find that many companies we do business with have implemented solutions that the end users do not even know about. Often times, they block all addresses unless they have been added to a whitelist. While this does solve the inbound problem of SPAM, it results in a number of emails blocked for no good reason. Even worse, users at these companies can send us (in this example) emails but will not get our replies, and they often believe the problem is at our end. In truth, the best solution is a multilayered one, that is, some user control at the desktop (such as with Outlook 2003, etc.), a server-based solution (McAfee, Symantec, Surf Control, etc.) and a network-based solution, one that blocks the IP addresses of known SPAMMERS, their servers and domains. Even then, you must remain diligent to make certain real emails you want to receive are not blocked!

How can I get more information on this subject?
You can get more information about this subject? Check out the products offered by any of the big anti-virus / anti-spam vendors. You can start using this query on Google (http://www.google.com/search?hl=en&lr=&q=spam+solutions ). Check out the links.  Look at the features and compare the $15 software solutions up to the enterprise solutions which will have a price tag of several thousand dollars, but do realize that you get what you pay for. The bottom line is that if we all take control of spam control, we can stay ahead of this scourge on the face of the Internet. If you have questions or comments about this article, contact me.

All product names / logos, company names / logos are copyrights of their respective holders.  John Boline is an MCSE, CNE, USE and a member of the Network Professional Association.

The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents 2006 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden

 

 

 

 

This page last edited on Tuesday, March 09, 2010