August 12, 2003

Antispam services: Analyze their focus, expertise, and breadth of view
Jan 22, 2003 | Gartner | Joyce Graff

The goal of an enterprise antispam program is to sort out the "good guys" from the "bad guys" and empower the end users to control their own desktop environments. The bad guys of e-mail consist of:

• Pure trash spam (messages from senders that don't exist, confidence games).
• Chain letters, hoaxes, and "urban legends."

There are three primary approaches to fighting spam:

• Hire a service
• Install an appliance
• Install layered software

Fighting spam takes focused attention and breadth of view. You can't tell by looking at a message whether the tale it tells or the offer it tenders is legitimate or specious. Services that deal with literally millions of messages daily have an opportunity to see the behavior of a spammer, to see how many copies of a message were sent, where they were posted, and whether their origin and their Sender field match.

Smaller enterprises in particular (those with fewer than 5,000 employees) should seriously consider using a service. It can be implemented rapidly, in little more than the time needed to negotiate the contract. The service brings to bear highly skilled staff and focused attention on the problem. For a small enterprise to undertake spam control by itself, the activity will require more people-time and skill than most smaller enterprises will want to dedicate to this job, and there will be fewer people across whom to amortize the expense. Because of the level of skill, even many large enterprises (50,000 to 100,000 and more employees) prefer to use a service than to do it themselves.

Brightmail uses a collection method that ensures that only truly unsolicited messages will be labeled spam. It has the strictest definition of spam, and takes great care to eliminate the bad guys with great accuracy, and not impinge on the "personal choice" categories. It can identify unsolicited commercial e-mail as well (legitimate companies that have not done double-opt-in list registration) and sends them warnings to pay greater attention or risk being labeled a spammer. Brightmail has the dominant share of the service provider market, updating rules many times a day. EDoxs provides an enterprise service using the Brightmail logic.

Postini is also scrupulous about focusing on the bad guys. Postini tracks the relationship between directory-harvesting attacks and spam attacks. According to its findings, when it sees directory-harvesting attempts from a particular IP address, there is a very high likelihood that within the next 24 hours there will be a spam attack from that same IP.

Similarly, MessageLabs, MX Logic, and Syntegra serve many clients of varying sizes and watch the spam game closely. MessageLabs has particular strength in heuristics. Commtouch Software is coming back as an antispam service with a real-time lab. This is a very fast-moving market, and spam is a very fast-moving game. Products and services that were doing an adequate job in 2001 have either changed radically in the course of 2002 or are no longer controlling spam.

By 2005, the antispam market will coalesce to four or five primary sources of antispam logic that will be used by all the content-scanning products. This is the model we find today in the antivirus market. Over time, it is unlikely the market will be able to support more than four or five real-time diagnostic labs watching the action, seeing the next evolutionary turn in the escalation of the game, and taking action to protect their clients. The services are in a key position to obtain dynamic information as the game evolves, and they have the economic motivation to respond rapidly.

Jump to Page: 1 2

Back to the August Newsletter

--------------------------------------------------