E-mail as we know it is under duress. Ever-increasing loads of spam--estimated at up to 98% of all e-mail--is drowning out the messages business users need to see. Highly targeted phishing attacks are making news and leaving customers and employees jumpy. And for IT, concerns about sensitive data traveling the Internet unencrypted mean valuable e-mail business uses aren't even being considered.

We spoke with a variety of security vendors to see if there's any hope. Big trends include e-mail security in the cloud, led by Google's Postini; use of cryptographic signatures to thwart phishing; advances in encryption and key management; and merging of data leak prevention with mail systems.

One surprising finding is that the days of software-only e-mail security appear to be coming to an end. Even Sendmail, a descendant of the Internet's original Message Transfer Agent that has long been distributed as both open source and proprietary software, is now moving to an appliance model. Sendmail CEO Don Massaro ascribes this shift to simpler installation and integration as well as performance gains over software installed on commodity hardware and a stock operating system.

Form factor isn't the only place we're seeing evolution. Last week's--or even yesterday's--spam-control techniques can't keep up with constantly increasing attacker sophistication (see Our Take: Any Spam is too Much). As in the security infrastructure, spam-control vendors are banking on multilayered defenses. Barracuda Networks' Spam Firewall filters messages through 11 layers, while Sendmail employs an "anti-spam cocktail," where many individual tests combine to give messages a "spamminess" score, says Greg Olsen, the company's director of product management.

In the past, a significant portion of the anti-spam arsenal involved blacklists and greylisting, but the efficacy of those tactics has decreased, forcing vendors to add new twists. Replacing, or at least augmenting, blacklists is the concept of reputation. Using their vast reach into the Internet mail stream, vendors track the IP addresses sending e-mail. Addresses known to send large amounts of valid mail don't need to be checked as thoroughly, but a node that suddenly starts spewing millions of messages would warrant suspicion. Where an older system might have used greylisting to simply delay delivery of all e-mail in the hopes the spammer wouldn't bother resending, today's systems selectively delay mail from nodes believed to be sending spam, or throttle the bandwidth available to those it's unsure about, until a decision is made.

Once a connection has been accepted, messages are individually scanned. The companies we spoke with perform extensive analysis, though not by trying to interpret a message's meaning, as in the past. While vendors are leery of sharing specifics, they all scrutinize thousands of attributes of a message and compare them against those found in millions of other messages to identify common elements in spam.

(click image for larger view)