UPDATE: McAfee intros first product in SpamKiller family

McAfee Security, a business division of Santa Clara, Calif.-based Network Associates Inc., released on Monday McAfee SpamKiller, the first product in the company’s new spam reduction portfolio.

SpamKiller works with Microsoft Exchange Small Business server to address the needs of medium-sized businesses in reducing liability, reclaiming storage space and allowing employees to work more efficiently, according to the company.

SpamKiller works by scanning incoming e-mail as it reaches the server using a pre-defined set of rules to detect and quarantine spam.

According to McAfee, the SpamKiller technology uses a scoring system to determine if an incoming e-mail is spam. A positive or negative score is given to each new e-mail to determine its overall spam rating. Once spam is detected, messages are filtered to the end user’s inbox, personal junk mail folder or a system-wide junk mail folder.

Jack Sebbag, Canadian general manager and vice-president, Network Associates Inc., said the key reasons organizations should invest in antispam solutions range from performance degradation and moral issues to employee productivity issues.

“As people are reading this mail, or going to the Web sites to buy products from the spam mail, they are not doing what they are supposed to be doing at the office,” Sebbag said.

When deciding on an antispam program, Eric Hemmendinger, research director, information security for the Boston-based Aberdeen Group said it is important to consider how well the solution is going to fit with the way a company runs its IT infrastructure.

“You need to look for something that’s going to be 100 per cent compatible with whatever [the company] is using for an e-mail infrastructure,” Hemmendiger said.

He added that it is also important when choosing a program for businesses to consider what they’ll be losing along with the spam.

“What do you block that you shouldn’t be blocking?” he said. “Some of that blocked e-mail may result in a loss of revenue…a loss of business relationships.”

Sebbag said SpamKiller uses black and white lists to ensure that valuable e-mail will not be missed, and unwanted e-mail doesn’t reach the endusers inbox.

Black and white lists are personalized sets of standards defined by the administrator and users to determine both acceptable senders of e-mail – or white list senders – as well as unwanted and unacceptable senders of e-mail-or black list senders.

Hemmendiger added that companies usually decide it’s time for antispam solutions when they realize how much storage space the spam is taking up, the legal liability that can occur if workers are unprofessional when opening or distributing spam, and more recently, the security implications.

“This hasn’t been a big [problem] in the past, but I think it’s starting to become more important for organizations,” Hemmendinger said. “A certain amount of this spam brings with it some fairly nasty stuff on the desktop and potentially opens up gaping holes from a security perspective.”

Including personalized black and white lists, SpamKiller utilizes five different methods of detection. Integrity analysis examines the header, layout and organization of every incoming e-mail message and applies thousands of algorithms to determine if the e-mail is spam. Heuristic detection uses a set of automated rules based on known spam characteristics to secure the network against spam. Content filtering is used as the administrator and uses a defined set of words and phrases to help further identify unwanted e-mail and inappropriate content.

Finally, self-tuning allows SpamKiller to adjust the overall spam score for messages received from known senders by learning the characteristics of e-mail received at the desktop.

Sebbag said immediately after implementation, SpamKiller can track 95 per cent of spam, and the percentage will increase with some training.

“You can get from 95 per cent to 99.9999 simply by teaching the application on an ongoing basis what mail you are not interested in receiving,” Sebbag said. “For instance, if you receive mail about construction, and for some reason this [topic] is not on your black list…you can just point and click on ‘add filter’, and those messages will also be known as spam, and [SpamKiller] will block those as well.”

Sebbag added that SpamKiller installs out of the box quickly.

“This application…gets installed at the e-mail server…you set up the user and administrative right, and you go through your black list and your quarantine list, and that’s it,” Sebbag said.

Hemmendinger said that because the Internet is largely unregulated, and spam so difficult to define, the problem will probably keep getting worse.

“To some extent, one company’s vision of spam is another company’s vision of legitimate business. Things that I might view as spam, someone in another company might look at it and say, ‘No it’s not spam. It’s not something I’m really interested in, but I don’t view it as spam,'” Hemmendinger said.

SpamKiller will be available in Canada in May with a price tag of roughly $15 to $18 per node.

Other McAfee SpamKiller products planned for release in 2003 include SpamKiller for WebShield appliances, SpamKiller for IBM Corp.’s Lotus Domino and SpamKiller for Exchange.

For more information visit McAffee online at www.mcafeesecurity.com.