E-mail inboxes at the City of Richmond, B.C., are a lot less cluttered with unwanted spam since implementing a combined messaging and security system.
Since being rolled out last April the new system has also increased the speed of message delivery.
The system is based on MailChannels’ Traffic Control and Cloudmark Authority’s anti-spam, anti-phishing and anti-virus protection technology.
It controls the daily influx of some 200,000 e-mails, ensuring unwanted ones don’t find their way into employees’ Inboxes.
Since the rollout, the 1,500 City staff have seen at least a 50 per cent decrease in spam, viruses, and phishing e-mails, as well as fewer false positives (when a legitimate e-mail gets wrongly identified as inappropriate).
Furthermore, this lightened load means the City’s mail server is not bogged down and the delivery of legitimate e-mail isn’t impeded.
The City of Richmond – that includes the departments of Engineering, Waste Removal, Parks and Recreation and Cultural Affairs – functions much like a service provider to its employees, making Internet access and other communication services available.
The technology is based on a ‘division of labour’ whereby e-mails pass through a traffic control component before being sent to a filtering system, and finally to the mail server that then distributes the messages.
Vancouver-based MailChannels Corp., a developer of e-mail infrastructure protection products, partnered with Cloudmark Inc., a developer of anti-spam, anti-phishing and anti-virus products, in May 2006.
The approach of MailChannels’ Traffic Control is to identify sources of abusive mail by observing the reputation and behaviour of senders, says Ken Simpson, CEO of MailChannels.
“Spammers will send e-mail from thousands of different IP addresses for very short periods of time.” Legitimate senders, on the other hand, send mail from a predictable list of IP addresses across an extended length of time.
Once sources are identified, Traffic Control assigns network and e-mail server resources to slow – or even stop – abusive mail traffic, while freeing the channels for legitimate mail.
The idea, says Simpson, is that spammers will lose patience waiting for messages to feed through the tightened channels, and decide to focus their attention elsewhere.
The technology doesn’t just grant passage to good mail, it also speeds delivery by allocating extra bandwidth, he says.
Once e-mail traffic has been controlled, the Cloudmark filtering component tackles the remaining message flow by distinguishing the good from the bad.
It accomplishes this by “intelligent fingerprinting” that’s based on algorithms that identify and track unwanted e-mail.
The difference, here, is that Cloudmark deviates from the traditional approach of “static” content filtering – identifying keywords in a message – to catching those e-mails that have undergone polymorphic mutations, says Dave Champine, senior director of product marketing at Cloudmark.
For instance, spammers’ techniques have evolved to include “image spam” that relays a message and hyperlink in image form, as opposed to text.
Cloudmark’s algorithms, says Champine, would identify an image spam by evaluating whether it’s a repeat visitor based on the number of bits and bytes, or the number of coloured pixels.
Once the filtering component has placed identifiers – good and bad – on messages, they are routed to the mail server which then distributes the good mail to the recipient’s Inbox, and the bad mail to the junk folder.
The advantage to implementing this joint messaging security system is that e-mail administrators will have but one vendor to deal with.
“They’ll have one piece of software to maintain, rather than two components residing in two different places,” says Simpson.
A multi-layered messaging security system, such as the City of Richmond’s recent implementation, is definitely a direction the entire industry will gradually take, says Carmi Levy, senior research analyst with London-based Info-Tech Research group.
“Relying on one particular tool, class of tools, or one layer of protection is not adequate in this day and age when the types of abuses of messaging are so varied and constantly changing.”
The rate of message-borne attacks – e-mail, instant messaging, voice, unified messaging – are on the rise, says Levy.
“These are all vectors for attack and they need to be locked down in an increasingly stringent manner.”
The City itself declined comment saying it “did not want to invite activity” around its e-mail security strategy.