A New Era for Email Security Appliances?

Yesterday I saw an announcement that Trend Micro is going to cease selling the InterScan Messaging Security Appliance (IMSA), InterScan Web Security Appliance (IWSA), and InterScan Gateway Security Appliance (IGSA) in favor of software appliances and managed services. Pretty interesting development for such a major player to retreat from a hardware strategy but it is such a cluttered market with so many undifferentiated offerings that it must make business sense for them. If a Chinese company can’t make money selling hardware, where presumably labor and hardware costs are so much lower, then I think this a real harbinger for the industry.

Technorati Tags: trend micro, email security

Introducing MPPxpress

I am pleased to announce that we are launching an email filtering and archival managed service - MPPxpress. This service offers all of the benefits of MPP in a managed service. With MPPxpress there is no software to manage, no updates, no system requirements, etc. Just point your MX record to Message Partners and we do the rest. The service is launching with two service levels and we will add archival in a few weeks. Learn more here.

Search AmavisD and Postfix Mailing Lists with MPP!

I am pleased to announce a free service to search the popular MySQL, AmavisD and Postfix mailing lists using the MPP email archive viewer. To give it a try logon here:

http://herbie.raeinternet.com:20000
user: mknews
pass: search

Go to archive using the link on the top and search away.

The end-user view of Antispam

Today I read an article in the Wall Street Journal by Lee Gomes that gives an excellent view of the end-users perspective of the antispam fight. One of the biggest topics of discussions that I have with administrators of antispam solutions is the question of how to deal with spam. Should they quarantine, mark subjects, discard, reject, etc. It is a religious debate that has more to do with company policy, personal preference and IT budgets than anything technical, but it is interesting to me to hear Mr. Gomes prove how smart he is by agreeing with my general advice to people :-). My advice to all admins is taht users don’t care so much about getting extra spam but the minute you quarantine an important email you are dead meat.

With that precept in mind here are some general guidelines that I recommend.

1) Make sure that your antispam solution can fit everyone in terms of spam actions but start with the least restrictive policy. The least restrictive policy is either putting spam into a spam folder that is accessible by the users email client or marking subjects.

2) Only quarantine spam if your boss wants you to. Spam quarantine is expensive to manage and rarely checked. You will get a screaming call about a lost email and most likely the user has no idea how to check their quarantine and you will be the one clamoring around looking for the email and you will certainly have your head chewed off for being the sole cause of the malady. If you want to quarantine for all people make sure that users or admins can turn this off for themselves, as they can with MPP.

3) Mr. Gomes points to his experiments with changing filter levels from more restrictive to least restrictive and being disappointed with the results. My experience is that these knobs are mostly useless, especially the ones that make futile attempts to categorize spam. Give me the Viagra and Vicodin spam, but I sure don’t want to see the mortgage offers. Who thinks like that? In my experience spam companies to a horrible job of categorizing spam and it seems like a big waste of time anyway. Give your users the ability to change spam actions but these extra knobs will only bring problems as they did for Mr. Gomes.

4) Perfection is as elusive as the $40million that Barrister Hollings offered me from his hideout in Kenya. He points out that even the great Postini, which Google handsomely overpaid for, has false positives in the high sensitivity settings and misses lots when the sensitivity is set down. Don’t expect perfection and don’t back yourself into a corner by over promising and quarantine or rejecting too much spam.

5) If you decide to use quarantine systems less than 5% of your users will ever logon and of those 5% probably only a handful will ever dive too much around in the settings to see what’s available. Beware of a strategy relies on end-users learning your systems, they will mostly ignore them until it’s time to take off your head.

Email Archive Improvements

Want to give you a quick update on our email archive capabilities. First of all, we added an IMAP import option so that we can import email from your IMAP message store. We can do mass imports for multiple users or 1 user, 1 folder at a time if you like. Lots of flexibility with this feature and we are real excited about it.

Next feature to speak of is the enforcement of archive quota’s. Now we can set quota’s for domains and we can send warnings to an admin when the quota’s are being reached.

And still more…We have improved our translation capabilities so that it is easier to translate MPP Manger into other languages

Tracking Email Messages with MPP

I want to let you know about an MPP feature called Message Tracking that is quite useful for service providers or anyone that needs to have a compact record of each email message that they process. This feature was introduced in MPP quite some time ago but we never had a GUI interface for it until recently.

The idea with Message Tracking is that MPP will record a small record of each transaction in an SQL database. You can configure the level of detail that is stored, but the full detail is only a few bytes per message. MPP stores all types of information such as message id, remote relay IP, scan state, score of each scanner, message result, parse result and more. The database is very easy to query and very scalable.

MPP Available on DOD Emall

Our partner, Aglow Technologies, a Woman owned small business has successfully placed MPP on the Department of Defense Emall site. This means that anyone in the Department of Defense can enjoy the outstanding antispam protection of MPP and purchase with convenience of online access. Kudow’s to Aglow.

New Antispam Options for Mac OS X

I want to let you know that we have just released MPP with new antispam technology never before seen on the Mac platform. It is only available for Intel Mac’s (10.4 or 10.5) for now but it is significantly better than anything offered on Mac to date. Please check it out here

Backscatter Problems Persist

Backscatter problems are persisting and seem to be the new scourge of spam. They expose a lot of weakness in antispam filtering algorithms and require new approaches to truly stop them. Here’s why:

• Many backscatter attacks do not contain any message content, only bounce notifications. Stopping all bounce notifications or messages from mailer-daemon is dangerous
• Many backscatter attacks come from legitimate email servers so you can block the offending servers at the SMTP level without blocking legit email.
• Backscatter attacks can be extremely high volume and can crush a spamassassin/amavisd installation that is not micromanaged.

At Message Partners we have been working on some approaches to backscatter problems for our customers. The most heavy handed approach, and one that I have been utilizing on our site, is to block all traffic that originates from Mailer-Daemon with this regular expression for header filters: ^From:.*Mailer.*$ . This is annoying because you can’t see legit bounces, but I have taken an analogy from the US Post Office. If you need acknowledged delivery then you must send with delivery notification service. If you send a letter to the wrong address it may take weeks before it comes back to you, if it comes back at all. Anything I really care about I send with some delivery notification. I have decided that this should apply to email as well. If I really care about the email then I should send it with some delivery confirmation, hence, I have rationalized filtering out all bounces. This has ended my backscatter problem for the most part, but many messages do not come from mailer-daemon so the problem still exists, but on a much smaller scale.

We have a more intelligent solution in beta that utilizes our auto black list feature. With this approach a threshold is set that if x amount of messages are received that violate a content rule then all messages from any IP that sends with the same subject will be temporarily blocked. For example, if gmail.com sends me 400 bounces in 2 minutes (which they’ve done), and they all have Undeliverable Mail in the subject, then any message with Undeliverable Mail will be blocked during the block period. This is working pretty well, but not a complete solution by any means.

Some of our engine partners are quickly improving their backscatter detection, but when there is no actual message content they all seem to stumble.

Conclusion — Backscatter remains a problem but MPP is helping with our customers with a solution. In the meantime, administrators should be really careful about the rejection notices that they sent.

Technorati Tags: backscatter, spam, email security, mpp

Even More Amazing OS X Experiences

It sure feels like we are on a roll with our improvements for Mac OS X system administrators, so why should we stop? After listening to complaint after complaint about the difficulty of installing MPP we finally took the advice of Frank Zappa, though applied to software - ’shut up and play yer guitar’. Instead of explaining why our customers were just not getting it we shut up and listened and have created something that has exceeded our expectations.

Phase 1 was to redesign our admin GUI to make things more apparent, remove cryptic techno speak and drop the assumption that everyone has enough time to figure our product out. This is an ongoing battle, but we have conquered the initial campaign and now we are in clean-up mode.

Phase 2 was to redo our installers so that it was no longer necessary to have a compiler installed or to install any perl modules. This was a monster task believe it or not, but this is conquered thanks to Ovidiu, our main technical guru. This was great, but it still required an admin to use the terminal to run our configure scripts.

Phase 3 which we have now delivered has expanded on phase 2 by removing the need to run our configure script from the command line. Since our OS X customers are either using Postfix or CommuniGate we detect which email server is in use and make all of the appropriate configurations automatically. The installer is one click and it installs MPP, MPP Manager and all dependencies, configures our email server to use MPP and launches Safari at the end with MPP Manager opened up. Pretty slick if you ask me. You still need to disable the Apple junk mail filtering from the admin control panel, but this may change in the future as well.

Phase 4 has some surprises and I am hoping to announce them soon.

Technorati Tags: Mac OS X, MPP, Email Security, Spam Filtering, Mac Email Security

Next Page »

• Recent Posts

  • A New Era for Email Security Appliances?
  • Introducing MPPxpress
  • Search AmavisD and Postfix Mailing Lists with MPP!
  • The end-user view of Antispam
  • Email Archive Improvements

• Categories

  • MPP Releases and Fixes
  • News and Tidbits
  • Opinions on Email Security
  • Podcasts
  • Spam Wisdom
  • Uncategorized

• Archives

  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006

• Links

• Meta

  • Register
  • Login
  • WordPress
  • XHTML