For more information please contact sales@alltec.com

PerfectMail & Antispam - Executive Overview

The Spam Problem

Spam and spam related malware pose a significant risk and cost to business. There are three categories for which spam poses a threat to your organization:

• Wasting between 10-30 minutes of of every e-mail users time as they clean their in basket, review, delete and/or file spam or cruise web sites promoted by spam.
• Administrators waste precious time dealing with e-mail problems, overloaded mail servers, congested network links, viruses delivered by spam, etc.
• Customers spend time waiting for replies to e-mail messages that were mishandled, stuck in quarantines or quietly deleted.

• Overloading your infrastructure so that legitimate messages are delayed or lost
• Exposing your users to time wasting, fraudulent or immoral content
• Introducing additional virus risks to your business
• Delivering sexually explicit, immoral or illegal content to your users. This material puts your organization at risk of a Workplace Health & Safety complaint.
• Putting so much stress on your mail server that it crashes. This could force you into an expensive and time consuming recovery process

• Over-provision mail server infrastructure to account for the additional resource consumption that spam causes.
• Stressed mail servers may slow their delivery of mail. Extremely stressed mail servers may even crash
• A crashed mail server may be down for days and cost thousands of dollars to recover
• Business lost due to a crashed mail server may be many more times as costly as recovering your server
• Expensive network bandwidth is wasted as spam traffic must be considered when provisioning your WAN link
• Spam borne viruses must be defended against using expensive server and desktop based antivirus solutions
• Again, staff. Their time is precious and should not be wasted with spam handling tasks.

Typical Spam Solutions

There are two general strategies in use today for blocking spam; Spam Signatures and Bayesian filters. Neither is especially effective... lets see why:

Spam Signatures

Spam Signatures is an antispam technique that is championed by the major Antivirus vendors. The idea is to seed the Internet with Honey-Pot accounts (that attract spam). E-mail is harvested from these accounts and signatures are developed (similar to antivirus signatures). Vendors then push these antispam signatures to their customer base so that a message that matches a spam signature can be safely rejected.
This strategy is flawed because:

• Spammers must hit the honey-pot account before an average user or no spam signature is available
• Even if spammers hit the honey-pot first, there is a time lag as the antispam vendor fetches the message, reviews it and pushes a signature for it to their customer base
• Spammers can (and do) add random elements to their message to defeat spam signatures.
• Vendors are constantly pushing signature updates to their many thousands of clients.

The result is a race that the spammer often wins. Vendors who rely on strategy typically achieve no better than 95% accuracy.

Bayesian Filters

Bayesian filters work by analyzing the distributions of words found in legitimate messages vs. words used in spam messages. Bayesian filters then use this database of words to review and categorize new messages based on the words it contains. If the message contains a lot of words typically found in spam - then the message is spam. If the message contains worlds mostly found in wanted messages - then the message is delivered.
Like Spam Signatures, Bayesian filters are easily defeated. Here's how:

• Spammers also have access to Bayesian filters. They routinely wash their messages to ensure that few spam words are used in their messages
• Bayesian filters require lots of training. One popular Bayesian filter based product advises its customers to feed the filter at least 25,000 messages before the filter becomes effective.
• Spammers poison Bayesian filters by adding blocks of random text to their messages.
• Spammers beat Bayesian filters by sending messages that contain images, and no words.
• Spammers misspell in their message hoping that a Bayesian filter won't have a record for the misspelled word.

The result is that, like Spam Signatures, Bayesian filter based antispam products are hard pressed to achieve better than 95% accuracy.

PerfectMail Uses a Reputation Engine

PerfectMail's key difference is the inclusion of a sophisticated reputation engine that forms the core of its filter strategy. In a nutshell, PerfectMail's reputation engine learns everything about your e-mail traffic including; your protected users, their regular e-mail peers, legitimate mail servers, spam e-mail servers, etc. The result is that PerfectMail overcomes the problems associated with Spam Signature and Bayesian filter engines because PerfectMail:

• Ensures that messages between e-mail peers is always correctly handled (so false positives never occur)
• Learns by watching e-mail flows so users don't need to spend time training and tuning the filter
• Gets more accurate as it handles more e-mail
• Self tunes by watching for changes in the strategies used by spammers
• Is not reliant on one key test (such as Bayesian filters or Spam Signatures) so it is very hard to sneak spam through the filter.
• Watches for repeat traffic from inbound only senders - so newsletters are not blocked as spam
• Rewards senders who send clear, unobfuscated, verifiable messages
• Punish senders who send messages with references to spam networks or hosts, obfuscated text and e-mail headers that cannot be independently verified.

As a result, PerfectMail typically achieves better than 99.9% accuracy. Even better, most customers experience false positive levels that are well below one message per 100,000 connections.

My Antispam Solution is 95% Accurate - Should I Switch?

In a word - yes, and here's why... A busy mail server could receive 50,000 to 500,000 connection attempts per day. If you settle for a less accurate filter, you give up the benefits you expected to receive when you purchased your antispam solution. The result:

mail server will handle by 2,500 to 25,000 messages per day.

• Since spam makes up 75% to 90% of all e-mail traffic, that's 2,250 to 22,500 additional spam messages per day that your users must review if your antispam solution is only 95% accurate
• These additional messages waste time, introduce risk and consume your facilities, etc.