CipherTrust Uses Reputation To Catch Spam

E-mail security company CipherTrust Inc. on Monday rolled out an upgrade to its E-mail reputation filter, TrustedSource 3.0.

The upgrade, which is available to existing customers and will be integrated into the company's IronMail message security appliance, tracks some 50 million IP addresses that send E-mail to CipherTrust's network of customers. TrustedSource 3.0 uses the data gathered to help determine whether a message is spam.

A number of other E-mail security companies also filter based on reputation, including IronPort Systems, Postini, MessageLabs, and Symantec's Brightmail. Not all anti-spam vendors, however, handle enough messages to effectively evaluate senders' reputations.

"The key thing in establishing an effective reputation service is it's all about the volume," says Matt Cain, senior VP at research firm Meta Group. "The more data points you can gather, the more reliable that information becomes over time. Given that CipherTrust has one of the best-selling products out there, they do have a broad enough network where they can build a fairly effective reputation service."

CipherTrust has found that 30% of the average enterprise's incoming messages come from IP addresses that seldom send E-mail. These addresses, the company says, have a high probability of being "zombie" machines. Given that its network detects 18,000 new zombies an hour, it makes sense that such information might prove useful in blocking spam.

Reputation is only one of many metrics used to determine whether an E-mail message should be blocked. Bayesian analysis, heuristics, header analysis, content filtering, and spam signatures all have their uses in evaluating messages. But because spammers have become so sophisticated in the techniques to bypass content filters, many in the industry see reputation as a more promising approach. That's because bad behavior is more evident than deceptive text.

Says Matt Anthony, director of product marketing at CipherTrust, "We think reputation is really going to be critical to E-mail security going forward."