IT Turns to SMTP-Level E-mail Blocking

New approaches focus on stopping unsolicited e-mail before it's even received

Call this the era of Spamalot.

Horrible puns aside, “Spamalot” is a Broadway-bound musical from Monty Python veteran Eric Idle. To channel the original Monty Python skit, Vikings seated in a restaurant sing the virtues of “spam, lovely spam” until told to shut up.

How “spam” jumped the zeitgeist from British skit to a term meaning large amounts of junk e-mail is a subject well-studied by Internet researchers. Unfortunately, no one is sure how exactly to stop spam, and some experts have predicted spam could ultimately swamp e-mail, simply making it impossible to use.

Recent figures frame the problem. Postini, an enterprise e-mail security and management provider with 3,300 customers, reports it’s blocking 53 percent of all e-mail connections via SMTP today. The company warns that the most-prevalent technique for managing spam—using filters to analyze received e-mail and “junk” suspected spam—is rapidly becoming ineffective.

Postini’s spam-blocking approach includes tracing suspected spam back to its originating IP addresses, then blocking those IP addresses. “The spam story today is one of connections, not content,” says Scott Petry, Postini’s senior vice president of products and engineering. “Since we can’t get behind their firewalls, the best thing we can do is watch the spammer's behavior at the connection layer and preemptively shut them down before they do any harm.”

In June, of 10.8 billion SMTP requests received, Postini discarded 53 percent as spam, based on the sender’s IP address. Even so, only 11 percent of the remaining e-mails were legitimate. Of the leftover 5.7 billion messages, 76 percent were definitively classed as spam.

Spam isn’t the only e-mail-related security problem, of course. In June, e-mails received by Postini carried a total of 110 million viruses, an increase of 1.7 percent from May.

Yankee Group estimates spam costs $4 billion per year in corporate productivity. Organizations, especially in regulated industries, are beginning to fight back, adopting products to better manage their e-mail and reduce their spam, or e-mail messaging services such as Syntegra and MessageLabs.

“Anti-spam and content filtering are critical new components in enterprise security defense, helping to reduce corporate liability related to offensive content,” notes Phebe Waterfield, a Yankee Group analyst.

As the arms race between spammers and spammed continues, the industry is planning next-generation defenses. One proposal—from Microsoft, but also other organizations—is a so-called Caller-ID, or sender verification system, for e-mail. The free Sender Policy Framework (SPF) is one such approach already in use; it allows participants to verify each other’s e-mails as being of legitimate origin. Such approaches, however, will have to become more widespread to really stem unwanted e-mail.

In the short term, at least security managers trying to tame spam will soon be able to drown their sorrows in thematically appropriate music from Spamalot.

Related Articles:

Security Battle Lines for 2003
http://info.101com.com/default.asp?id=8407

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.