Spam -- stop it at the network edge

Spam has become much more than just a nuisance; it can slow or crash the network. F5 recently added a module to its Big IP platform to stop spam at the network edge.

Most network managers think of spam as somebody else's problem. It's an annoyance and a definite IT concern, but mostly just something you constantly delete from your inbox. That's rapidly changing as the amount of spam skyrockets to the point where it can slow even the best-performing network.

According to Jason Needham, director of product management for F5 Networks, recent research has found that 70% of all email messages are spam, and 80% of those are zombies. Needham said F5 customers are finding themselves under a siege as effective as a perpetual denial-of-service attack.

F5 wants to defeat the spam and zombies with the Big IP Message Security Module.

The module runs on top of Big IP, a load-balancing platform that offers a single hardware and software platform for making application performance decisions. The module communicates in real time with Secure Computing's TrustedSource multi-identity reputation engine and uses the load balancer to offload mail inspection and processing.

Essentially, mail is examined, compared against the TrustedSource database, and given a reputation score -- a grading that tells whether a message poses a potential threat. The score, which takes into account the reputation of the message's originating IP address, domain and URL, and the message itself, determines what action the system will take. If it is not from a known or trusted source, it will be blocked completely. If it's suspicious, it will be passed on for deep inspection by an enterprise's email filter. If the rating is good, the message will be examined, fast-tracked through inspection and delivered.

According to Needham, one large insurance company found it was able to block 70% of spam at the network edge, before it had any impact on internal networks and systems. Twenty percent of email was deemed suspicious and needed deep inspection. The company was thus able to cut its spam appliances by half.

Integrating the module with Big IP allows businesses to integrate their message delivery with applications traffic management that they are already doing, Needham said.

Franklin Warlick, Internet postmaster for Cox Communications, lives and breathes spam. He said it's the biggest problem he deals with. Cox Communications receives roughly 200 million attempted incoming messages a month, according to Warlick. Of those, more than 95% are junk email.

For the past couple of years, Warlick has been using the Message Security Module. He said that last week alone it stopped or blocked 8.5 million messages. Between the module and other spam fighting tools, Warlick said he stopped roughly 27 million spam messages just last week As a comparison, he said, Cox employees received a mere 1.3 million legitimate email messages last week.

Putting a spam blocker at the network edge, Warlick said, eases the burden of catching spam when it's deeper into the network and having to buy more expensive software and hardware to do so.

"The placement is great," he said. "The further out you can get rid of this stuff, the better."

Warlick said that if he turned off spam filters for just one day, the network and the email servers couldn't handle the volume and would overload. The network traffic would slow to a crawl, if it moved at all.

Even if the volume could be tolerated, many end users couldn't be trusted to delete every spam message that comes in, he said. Some would fall victim to them or would accidentally delete real mail while muddling through hundreds of bad messages.

"There are always going to be users who fall for phishing attacks," he said, adding that a lot of spam messages also contain explicit content, which could become a broader Human Resources issue. Also, spam often contains viruses or spyware, creating more problems.

"Spam is one of the core problems we have to deal with every day," Warlick said. "My advice is to find a good vendor, get a good product and keep an eye on it every day. The spammers, they're always changing. They're so tricky, and they're good at adapting."

Read more on Network security management