Messaging tools get tough on spam

With unwanted e-mail messages continuing to flood corporate messaging systems, vendors are stepping up efforts to thwart spam...

With unwanted e-mail messages continuing to flood corporate messaging systems, vendors are stepping up efforts to thwart spam from a variety of fronts.

According to research by Meta Group, the percentage of overall inbound Internet corporate e-mail classified as spam is between 2% and 10%, with that number predicted to reach as high as 20% during the next five years.

IBM Lotus Software Group this week announced that its forthcoming Lotus Domino 6 will include anti-spam technology that resides on the server.

Server-side anti-spam tools are designed to give IT administrators more power to wrestle spam, instead of leaving all the work to end-users, according to Lotus officials.

"Spam seems to be one of the biggest problems in the messaging environment," said Ed Brill, senior manager of enterprise messaging at Lotus.

But, spam-fighting tools are "a control point that needs to live at the server, and be more managed by the IT staff rather than every individual corporate user," he said.

The spam-fighting features in Lotus Domino 6 include increased support for administrators to control incoming messages from certain distribution lists, the capability to use real-time "black hole" lists that identify known spammers, server-based rules processing to allow filtering of message content based on keywords in the message body, and enhanced capabilities to look up inbound addresses in the Lotus directory to prevent spam from being routed through the corporate system.

Although spam fighting is an inexact science that cannot catch every unwanted message, "every step we can take at the server will make all the Notes users more productive", Brill said.

With a different approach to combating spam, IronPort Systems announced a service designed to identify legitimate e-mail rather than spam. In the BondedSender Program, content providers post a financial bond that stamps a seal of legitimacy on messages, company officials said. A third-party financial partner holds the bond.

The e-mail gateway company hopes to deter spammers by allowing spam recipients to charge companies for sending unsolicited e-mail.

"Companies you would want to hear from will have no problem posting the bond," said Scott Weiss, chief information officer of IronPort.

IronPort is responding to enterprise concerns that traditional spam controls frequently block legitimate e-mail messages that could be business-critical, according to company officials.

"The biggest issue with corporate adoption of anti-spam solutions is false positives," said Weiss. "Most enterprises are worried about missing important e-mails in the spam filter."

"We are turning the spam problem on its head. Instead of identifying the bad guys, we are opening up a new front by identifying the good mail - people you know and trust," Weiss continued.

BondedSender taps the IronPort AsyncX technology. Individual e-mail gateways communicate with IronPort's AsyncX network to get real-time information on the state of any BondedSender participant.

Meanwhile, has integrated its Spamkiller service into the SecurityCenter suite of security tools for personal computers. Spamkiller is designed to block unsolicited messages from entering users' inboxes and track spam back to the source ISP. In addition, the service returns a false "bounced" e-mail message to the spammer.

Cloudmark has also launched a tool that taps peer-to-peer technology to fight spam. The company's SpamNet is a Microsoft Outlook add-in tool that leverages a peer-to-peer architecture to develop a community-based approach to fighting spam. SpamNet allows users to block spam messages from their inboxes and automatically share that information with the SpamNet network.

Read more on Antivirus, firewall and IDS products