Cloudmark Aims To Dry Up Spam Deluge
Nov. 19, 2002
By Greg Keizer, Techweb News
Spam-hunter uses new approach to identify and eliminate junk E-mail – Cloudmark, best-known for SpamNet, a community approach to sniffing out junk E-mail, this week released an enterprise spam hunter/killer engine that identifies unwanted messages by their structure–or spam DNA–rather than by their domains or keywords.
Authority, as the engine is dubbed, blocks spam at the gateway, preventing it from entering a company’s network and eating up precious employee productivity.
“Spam’s an incredible waste of [enterprise] resources,” Cloudmark CEO Karl Jacob says. “It saps employee productivity to the tune of billions of lost dollars. We call it the silent productivity killer.”
Authority approaches spam detection in an entirely different way than other anti-spam products, Jacob says. It predicts whether a message is spam by examining its structure and looking for the kind of mutations–composition tricks, essentially–that spammers commonly employ in order to outwit more mundane spam defenses.
“The basic idea is that E-mail messages have structure, just as human DNA does,” Jacob says. “DNA can be mutated, and so can E-mail messages.” Spammers, he says, commonly mutate traditional message structures, which is what Authority looks for. “Rather than analyze words, we look at the packaging of the message,” he says.
Cloudmark relied on its experience with SpamNet, a peer-to-peer network of more than 200,000 users who report spam to a central database, to identify probable spam structures. “These spam ‘genes’ are derived from years of looking at millions of messages,” Jacob says.
Some spammers encode the body of the message in binary, which the receiving E-mail client–not knowing any better–happily decodes. Traditional anti-spam software lets such messages through, because it sees only the binary numbers, not offensive words.
Another technique that spammers use to make messages stand out or attract attention, Jacob says, is to use repetitive characters, such as multiple spaces between words or exclamation points. If a message’s subject line contains a character such as an exclamation point that makes up more than a third of the total characters in the line, it’s probably spam.
Authority looks for these characteristics–Jacob estimates that there are only about 150 such spammer “genes”–then assigns a confidence level to each message to let IT managers decide which to block, which to detain, and which to pass along to employees.
While other systems require new hardware–gateways equipped with spam defenses, for instance–and chew up company IT time spent tweaking software or constantly updating the filtering rules, Authority runs on the gateway’s hardware and software and doesn’t require a connection to an outside service.
“Does it work? In our beta tests at several corporations with over 10,000 users, we saw 90% effectiveness [in identifying spam], and only about 1 in 100,000 false positives,” Jacob says.
Authority is available in versions for Unix and Linux servers immediately, at a cost of $10 per mailbox per year, with a Windows edition set for release by year’s end.