Stop spam at the source

Catching spam is a game of cat and mouse. The anti-spam vendors plug one opening, and the spammers find a new one to exploit. (Mice are clever; just think The Hitchhiker’s Guide to the Galaxy.) The cats throw more hardware at the problem, and the mice simply overwhelm the system by boosting the volume of mail. Move and countermove, thrust and parry; the cycle continues, seemingly without end.

But now, some clever cats are seeking to change the rules of engagement. Instead of simply filtering spam, new protocol-level technologies go straight to the source, rejecting reams of spam before it reaches the network. These “pre-filters” don’t need to be perfect — or even close to it. Given that spam can comprise as much as 95 percent of all mail, an appliance that eliminates even half of that stream relieves pressure on spam filters, mail servers, and anti-spam services. That translates into less hardware, less traffic, and big savings.

The four newfangled devices we reviewed this week (see Next-Gen Appliances Put Spammers in the Crosshairs) take varied, but ingenious approaches. CipherTrust and Symantec employ a reputation service, throttling bandwidth from questionable senders. Tumbleweed Communications relies on a reverse DNS lookup to make sure a sender is kosher and also checks addresses to verify that e-mail is addressed to a valid user. Mirapoint sends SMTP messages back to the sender, asking for a retry — a request few spambots can handle.

These four aren’t the only players. IronPort’s C-Series appliances also use a reputation service to rate sender IP addresses. MailFrontier’s Gateway 4.0 takes a similar tack to Tumbleweed; the Kerio MailServer 6.1 uses a delayed SMTP handshake, a la Mirapoint; and Reflexion Total Control has its own approach to sender validation. So stay tuned for additional reviews. And until then, watch out for those clever mice.