Network administrators and security staff now have additional tools with which to fight unwanted e-mail following the recent announcement of new anti-spam features in CipherTrust Inc.’s IronMail e-mail security appliance.
The appliance runs a customized, hardened version of Unix along with other CipherTrust software, and offers a suite of e-mail security options including an e-mail firewall and antivirus features. Users purchase licenses to the various options individually and are issued “license keys” to turn those features on, though the boxes ship with all the software pre-installed, said Matt Anthony, director of marketing at the Alpharetta, Ga., company.
The new anti-spam features use a few relatively new methods for fighting unwanted email, such as signatures and “checksums.” These are combined with methods that have been used in the past including lists of addresses commonly used by spammers, content filtering and so on, Anthony said.
IronMail uses the Razor distributed spam detection and filtering network from Cloudmark Inc., he said. Razor builds signatures to identify and block spams in much the same way that antivirus software and intrusion detection systems work, by using a series of automatic and self-reporting systems spread throughout the Internet. Once a signature for a spam mail is created, it can be distributed and blocked in the future.
Also included by IronMail’s anti-spam package is information from the Distributed Checksum Clearinghouse (DCC), Anthony said. The DCC uses checksums, unique mathematical identifiers that are created by a distributed network of systems to identify, filter and block spam e-mails.
The new features augment more traditional anti-spam measures already used in the appliance such as the MAPS LLC Real-time Blackhole List, a list of IP addresses that have been identified as relentless sources of spam which are provided to administrators for blocking, Anthony said.
The system also uses reverse DNS (Domain Name System) lookups, which attempt to authenticate the source of spam e-mails, he said. Many spam e-mails do not include their real source addresses and can thus be blocked based on reverse DNS information.
IronMail has succeeded in blocking a large amount of spam – around 15 percent of the total e-mail traffic into the company – at Norfolk Southern Corp., according to Tony Samms, director of security information technology at the freight and natural resources company, based in Norfolk, Virginia.
Norfolk Southern began looking for a way to filter spam after an increase in unsolicited sexually-explicit e-mail, Samms said.
“In the last nine months, we saw a tremendous increase in the number of objectionable emails coming through,” he said.
Only one to two per cent of the traffic still getting through IronMail to users is spam, said Samms, calling IronMail “very successful” in that regard.
CipherTrust’s new anti-spam features are available immediately. They are priced based on the cost of the appliance and the cost of the email security options chosen by the customer, Anthony said. A typical anti-spam installation will cost in the middle to high US$30,000 range, he said.
