1 GFI White Paper How to keep spam off your network What features to look for in anti-spam technology A buyer s guide to anti-spam software, this white paper highlights the key features to look for in anti-spam solutions and why.
2 Contents Introduction 3 The growth and cost of spam 3 Choosing the correct anti-spam software 3 Bayesian filtering technology 3 How GFI MailEssentials tackles spam 5 About GFI 6 2
3 Introduction This paper helps you identify key features needed to effectively deal with spam. The growth and cost of spam According to M86 Security Labs, spam volumes increased dramatically in 2009, to over 200 billion per day, while the Radicati Group estimates that more than 80% of global traffic will consist of spam mail by This means that employees must dedicate part of their work time to dealing with spam, which results in a decrease in productivity (and an increase in frustration!). Loss of productivity is the main cost of spam, particularly as so many spam mails are received per day. There is also the cost of bandwidth wasted by spam, as well as other storage and network infrastructure costs. Furthermore, with the influx of spam and its deletion, an important message could accidentally be trashed along with the unsolicited mail in the rush to clear one s inbox of junk mail. Ferris Research calculated that if an employee receives just five spam mails a day and spends 30 seconds on each, he will waste 15 hours a year on junk mail - now multiply that by the hourly rate of each employee in your company and you will have a very conservative idea of the cost of spam to your organization. Ferris Research, a San Francisco-based IT market research firm, estimates that spam cost a total of $130 billion worldwide in It is essential to put a stop to spam to save time, money and bandwidth. One step towards achieving this is to advise your network users to keep their address private (no postings to message boards etc.). However, apart from applying common sense, you also need to deploy an effective server level anti-spam tool. Choosing the correct anti-spam software Many software packages are available on the market to help you combat spam; but not all are incisive enough in dealing with spam. A number of key features/issues that you should look for are discussed below. Server-based or client-based? Battling spam at client level is much more time-intensive than at the server level. It requires you to deploy anti-spam software to all workstations on your network and involves frequently returning to those workstations to update the anti-spam rules on each of them. It also means that your infrastructure is being taxed by spam, as your server message stores are filling up with useless s waiting for deletion. What s more, it also involves time on the part of your users, who have to identify spam or update their rule sets: This is the very thing you are trying to oppose in your bid to block spam! In addition it does not have the information and resources that a server-based anti-spam software has - it does not allow you to perform sending server checks, for example. To block spam effectively, you need to have a server-based anti-spam product, because it offers these advantages: Installation at the gateway eliminates the deployment and administration hassle involved with desktopbased products Far cheaper to license Prevents spam from even entering your infrastructure, meaning that your stores are not full of spam messages Server-based anti-spam software has more information, and can do more to detect spam effectively. Bayesian filtering technology A few years ago, most anti-spam products simply used a list of keywords to identify spam. A good set of keywords could catch plenty of spam. However, nowadays keyword-based spam catching generates too many false positives and requires too much manual updating. It s now widely acknowledged by leading experts and publications that the best way to catch spam is using 3
4 a Bayesian filter. A Bayesian filter uses a mathematical approach based on known spam and ham (valid ). This gives it a tremendous advantage over outdated spam technology that just checks for keywords or relies on downloading signatures of known spam. More information about Bayesian filtering can be found in the whitepaper Why Bayesian filtering is the most effective anti-spam technology at In short, Bayesian filtering has the following advantages: Looks at the whole spam message, not just keywords or known spam signatures Learns from your outbound mail (ham) and therefore reduces false positives greatly Adapts itself over time by learning about new spam and new valid mail Dataset is unique to company, making it impossible to bypass Multilingual and international. Tailored ham data file for Bayesian filter It is very important that the Bayesian filter uses a dataset that is custom-created for your installation: the ham data MUST be collected from your outbound mail (this way, the Bayesian filter is tailored to your company through an initial training period). Some anti-spam software uses a general ham data file that ships with the product. An example is the Outlook spam filter or the Exchange Server Internet Message filter. Although this technology does not require the initial learning period, it has two major flaws: The ham data file is publicly available and can thus be hacked by professional spammers and therefore bypassed. If the ham data file is unique to your company, then hacking the ham data file is useless. For example, there are hacks available to bypass the Microsoft Outlook 2003 spam filter. Secondly the ham data file is a general one, and since it s not tailored to your company it cannot be as effective as a customized one. You will suffer from noticeably higher false positives. For example, a financial institution might use the word mortgage many times over and would therefore get a lot of false positives if using a general ham data file. Reviewing spam is easy if it s stored in a subfolder of a user s mailbox 4
5 Automatically updated spam data file for Bayesian filter The spam data file of the Bayesian filter must be constantly updated with the latest spam by the anti-spam software. This will ensure that the Bayesian filter is aware of the latest spam tricks, resulting in a high spam detection rate (note: this is achieved once the required initial two-week learning period is over). Choose an anti-spam product that will collect this spam data for you and allow you to automatically download these updates! Spam handling to efficiently review spam Inherent in anti-spam technology is the fact that there will be false positives, i.e., mail being flagged as spam even though it is not actually spam. Therefore good anti-spam software should provide an easy way for users to review mail marked as spam in a fast and efficient manner. To save administrators time and hassle, anti-spam software had best include an option to direct mail identified as spam to individual users junk mail folders. In addition, the software should sort the spam into different folders depending on what identified it as spam. This quick access to mail marked as spam greatly helps the user review his/her spam efficiently. Some anti-spam products require the user to login to a web-based system and review their mail one by one in practice; this is cumbersome for the user and will lead to the feature being rarely used. Flexible whitelists to reduce false positives Anti-spam software must have an efficient way to automatically build extensive Whitelists. Whitelists should identify all valid business partners, so that their mail is never flagged as spam. Good anti-spam software should include the facility to automatically create and update these whitelists. How GFI MailEssentials tackles spam GFI MailEssentials approach to spam detection is based on the following key methods and technologies:»» Tackles spam at the server level GFI MailEssentials installs on your Exchange 2000/2003 Server, or in front of your mail server (if using Exchange 5.5 or another mail server). It detects spam BEFORE it reaches your mail server. This way, spam does not tax your infrastructure, and any spam detection rule updates need only be deployed on the GFI MailEssentials machine. Whitelists (domains/ addresses you always wish to receive mail from) and blacklists (domains/ addresses from which you do not want to receive mail) can be used at server level. Greylisting For each incoming message, three elements are examined in the early part of the SMTP conversation: the IP address of the sender, the sender address, and the recipient address. If this is the first time this relationship has been identified, a temporary deferral message is issued to the sending mail server, before the DATA portion of the is sent. That relationship is then greylisted. If or when within a finite period that same set of sender IP address, sender address, and recipient address is seen again as would be expected with any legitimate that combination is whitelisted, so that that message, as well as any future message with that relationship, is passed through without the temporary deferral. After a message passes through the greylisting, that message is processed as usual, so that any spam message that is retried will still be subjected to the same message analysis techniques as in cases where greylisting is not used. Analyzes the content of the mail using Bayesian filtering and uses ham data specific to your company. The spam data is automatically updated by downloading the latest spam data from the GFI website. For more information on Bayesian filtering, check this white paper at Reduces false positives through an automatic whitelist GFI MailEssentials includes a patent-pending automatic whitelist management tool. This means that all business partners are automatically added to your whitelist without any need for administration and their mail will not be passed through the spam filter, greatly reducing false positives. 5
6 Flexible spam handling After a mail is found to be spam, it can be forwarded to a sub folder in the user s mailbox. If they find a valid (for example, a newsletter which they wish to receive), users can add the sender to the whitelist. GFI MailEssentials includes keyword checking capabilities so that administrators can further tune their anti-spam filters. For added protection, Bayesian filtering is supplemented by a number of other spam detection technologies, including intelligent mail header analysis and by checking senders against custom blacklists and public blacklists such as ORDB or SpamHaus. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at 6
7 USA, CANADA AND CENTRAL AND SOUTH AMERICA Weston Parkway, Suite 104 Cary, NC 27513, USA Telephone: +1 (888) Fax: +1 (919) UK AND REPUBLIC OF IRELAND Magna House, London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) Fax: +44 (0) EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: Fax: AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: Fax: Disclaimer GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, outof-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.
GFI White Paper Social networking at work: Thanks, but no thanks? Millions of people around the world with access to the Internet are members of one or more social networks. They have a permanent online
GFI White Paper Why organizations need to archive email The underlying reasons why corporate email archiving is important Over the past few years, email has become an integral part of the business workflow.
GFI White Paper Sending faxes in real time over an IP network How to benefit from Fax over Internet Protocol (FoIP) to send faxes This technical white paper gives an introduction to Fax over Internet Protocol
A Trend Micro Research Paper Suggestions to Help Companies with the Fight Against Targeted Attacks Jim Gogolinski Forward-Looking Threat Research Team Contents Introduction...3 Targeted Attacks...4 Defining
Identity and access management as a driver for business growth February 2013 Identity and access management (IAM) systems are today used by the majority of European enterprises. Many of these are still
White paper The future of Service Desks - vision Service Desks require strategic consideration and innovation to raise user productivity and to support business goals. Fujitsu has the experience and feedback
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda EURECOM Sophia Antipolis, France firstname.lastname@example.org, email@example.com,
Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use
Front cover End to End Performance Management on IBM i Understand the cycle of Performance Management Maximize performance using the new graphical interface on V6.1 Learn tips and best practices Hernando
Google Apps as an Alternative to Microsoft Office in a Multinational Company The GAPS Project Thesis presented in order to obtain the Bachelor s degree HES by: Luc BOURQUIN Supervisor: Thierry CEILLIER,
Top Ten Technology Tools (And Tips On How to Use Them) By Dan Pinnington Richard G. Ferguson David J Bilinsky and David Masters Are you familiar with the various available legal technology options, and
TheFinancialEdge End of Year Guide 121213 2013 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical, including
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
An Oracle Best Practice Guide March 2012 Best Practices for Improving Survey Participation Introduction... 1 Top 7 Best Practices for Question Creation... 2 1. Keep It Relevant... 2 2. Make Your Questions
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
About the Authors: Since 1999, Worldwide Brands has been researching, locating and certifying real Factory Authorized Wholesalers that are willing to work with online retailers and we continue to do so
Today s State of Work: The Productivity Drain We asked nearly 1,000 managers at companies in the US and UK with at least 500 employees whether today s work processes are efficient or whether they sap their
Business Planning and Financial Forecasting A Start-up Guide Ministry of Small Business and Economic Development Ministry of Small Business and Economic Development Business Planning and Financial Forecasting
TABLE OF CONTENTS Introduction... 3 The Importance of Triplestores... 4 Why Triplestores... 5 The Top 8 Things You Should Know When Considering a Triplestore... 9 Inferencing... 9 Integration with Text
Enterprise Anti-Virus Protection APRIL - JUNE 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware
Climate Surveys: Useful Tools to Help Colleges and Universities in Their Efforts to Reduce and Prevent Sexual Assault Why are we releasing information about climate surveys? Sexual assault is a significant
Data Breach Response Guide By Experian Data Breach Resolution 2013-2014 Edition Trust the Power of Experience. 2013 ConsumerInfo.com, Inc. Table of Contents Introduction 3... Data Breach Preparedness 4...
Card-Not-Present Fraud Working Committee White Paper: Near-Term Solutions to Address the Growing Threat of Card-Not-Present Fraud Version 1.0 Date: April 2015 About the EMV Migration Forum The EMV Migration
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
A Simpler Plan for Start-ups Business advisors, experienced entrepreneurs, bankers, and investors generally agree that you should develop a business plan before you start a business. A plan can help you
Cisco Registered Envelope Service 4.4 Recipient Guide March 21, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800