Brightmail Tries to ID Spam Sources

With the deluge of unwanted e-mails that flow into corporations showing no signs of easing, antispam software maker Brightmail is offering a new service designed to identify IP addresses that send mostly junk mail.

Called the Brightmail Reputation Service, this new feature monitors hundreds of thousands of e-mail sources to determine how much mail sent from these addresses is legitimate and how much is spam, says Ken Schneider, chief technology officer of Brightmail. The company gathers information from user reports and from its Probe Network--a collection of decoy e-mail in-boxes designed to catch spam--to determine whether a given IP address sends valid or junk messages. There are about 300 million end users of Brightmail's software, the company says.

"Enterprises hate seeing the same IP addresses banging them all day long. . . . Now they can terminate the conversation a lot earlier," Schneider says.

Change of Preferences

The service creates a profile of each e-mail source from which administrators can decide whether to block mail from these sources or allow it into the company. Brightmail also will make available a "safe list" of e-mail addresses that have never sent spam to users of the Reputation Service free of charge, Schneider says.

"If an [IP address] produces 99 to 100 percent spam day after day . . . our enterprise product uses that as strong evidence" for blocking that address, Schneider says. "On the opposite end, we also track IP addresses that produce nothing but legitimate mail for the last six months. Users might want to route those [messages] around the filters and not pay the processing hit."

With its new service, Brightmail is attempting to strike a balance between blocking IP addresses that send spam and ensuring that legitimate mail gets through to its destination. To avoid "over-blocking," the Reputation Service continuously monitors e-mail sources and will update the profile of a given IP address if its status appears to change, the company says. For example, if an address considered to be a spam source doesn't send unwanted messages for a given time period, Brightmail will update that source's profile, Schneider says. The service will update the status of IP addresses on an hourly basis.

Not Enough

Brightmail says that one form of spam fighting--such as its Reputation Service--isn't enough; companies trying to bring the amount of spam in their in-boxes down to a miniscule level must use many filters.

The company's spam-filtering effectiveness recently won an "excellent" rating from The Yankee Group in its December report on anti-spam vendors. But the research company gave Brightmail's enterprise software a "fair" for flexibility and labeled its e-mail server security features as "limited."

Brightmail's enterprise software, which began as a product for ISPs, competes with packages from companies such as Cloudmark, MailFrontier, and Proofpoint, and with services from FrontBridge Technologies and Postini.

The Brightmail Reputation Service, slated for release at the end of the month, is free to Brightmail Enterprise customers. Customers can download the set of rules associated with the service.

In a separate announcement, Brightmail announced it has struck a deal with Voltage Security to provide its antispam software with Voltage's SecureMail software. Brightmail's software is available now with Voltage's e-mail software.

This story, "Brightmail Tries to ID Spam Sources" was originally published by Network World.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon