In the past few years, spam has gone from being a background nuisance to being costly, time consuming, and a generally pervasive problem.
Brightmail this week released the fifth generation of its popular Brightmail Anti-Spam software.
To illustrate how much spam has proliferated in the past two years, Brightmail President and CEO Enrique Salem shared some stats with ServerWatch. According to Salem, Brightmail processes about 10 percent of all Internet e-mail. So far this year that’s been about 63 billion messages. Of those 63 billion messages, 49 percent were considered spam based on Brightmail’s screening process. In 2001, only 8 percent of all messages processed were ruled to be spam.
Unlike many of the other vendors on the anti-spam scene, Brightmail has been in the arena for five years with its anti-spam solution.
Earlier this week, the vendor released the fifth generation of its popular Brightmail Anti-Spam software.
Like previous versions, Anti-Spam 5.0 takes a three-pronged approach to rooting out spam. It filters based on 1) the source of the spam, identifying and blocking IP addresses; 2) the content of the message; and 3) the call-to-action, which is based on the sites to which spammers are attempting to take the user.
Anti-Spam works at the server level, with (theoretically) little involvement from the sys admin required. The vendor sends a series of rules and signatures of what constitutes spam to the customer’s server at selected intervals (generally every five to 10 minutes). Each rule set is typically 10 MB, and Brightmail sends only the changes to the update with each transmission. Brightmail also sends “fingerprints” of the spam messages.
The rules and fingerprints are determined by the 1 million decoy addresses Brightmail has placed on the Probe Network.
The bulk of changes in version 5.0 are to improve Anti-Spam’s effectiveness while maintaining its low false-positive rate of one in 1 million messages.
Key new features are:
- URL Rules, a patent-pending algorithm that identifies e-mail messages containing spam URL addresses inserted into the body of the message. (90 percent of spam messages now do this, Salem said, and the new URL-based rules claim a 97 percent success rate.)
- A blacklist that rebuilds every four hours consisting of open proxies and IP addresses gleaned off of the Probe Network.
- Gen-two of BrightSig2 (Brightmail’s signature-based rule system that cleans polymorphic spam attacks by removing randomness inserted by spammers), which has been optimized to clean embedded HTML in spam messages and eliminate HTML-based spam attacks
Other key enhancements in version 5.0 include white listing and black listing on the sys admin side, a GUI editor Salem describes as “a wizard on steroids,” quarantining capabilities for Lotus Notes and Domino versions 5 and 6, beefed-up reporting functionality with a report viewer that is viewable online, an Outlook-plug-in option on the end-user side, and support for Windows 2003 and Exchange 2003.
Brightmail currently claims a customer base of 4 million enterprise seats and 275 million mailboxes across ISPs and enterprises.
Brightmail software is sold on a subscription-based service model. Anti-Spam 5.0 is priced starting at $1,499 per year for 49 users. This base fee of $15 per user, per year decreases to $4 per user, per year as additional seats are added.
Enterprises looking to try out the service can download a free 30-day evaluation version from Brightmail’s site.
An ISP edition of version 5.0 is being planned, Salem said.