SmartAdvice: Look Beyond Filtering Techniques When Evaluating Anti-Spam Products - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
Commentary
4/8/2005
12:15 AM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: Look Beyond Filtering Techniques When Evaluating Anti-Spam Products

From blacklists to Bayesian learning, look at the kind of spam problems your company has and evaluate products based on business need, The Advisory Council says. Also, plan for the company's continuation when drafting disaster-recovery plans.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]


Question A: What factors should we consider in selecting an anti-spam solution?

Our advice: Fighting spam is a lot like maintaining a healthy weight -- it's a constant problem and there are no quick solutions. A year after CAN-SPAM, we are besieged with spam E-mail, some claiming compliance with the law and some flouting it. Although top spammer Jeremy Jaynes recently was convicted under Virginia's anti-spam law, the spam cases against his sister and another business partner have been thrown out. Anti-spam measures seem to make one big step forward and two small steps backward.

Businesses still face problems of lost productivity, compliance risk, and security hazards resulting from spam. Yet successful elimination of spam can result in immediate payback from improved productivity. It also will result in reduced legal and financial liability.

Currently there are four classes of technical solutions to provide spam-free E-mail: desktop software, server software, gateway appliances, and managed services. Desktop software is most appropriate to small businesses. Server software provides an Internet E-mail gateway for larger businesses. A spam gateway appliance provides the same capability as server software, without the need to install and maintain software. A managed E-mail service filters all incoming mail at the service provider's data center; only spam-free mail enters the client firm's infrastructure.


Related Links

MIT 2005 Spam Conference


All of these products use a cocktail approach to fending off unwanted E-mail. Anti-spam techniques include blacklists, whitelists, Bayesian learning, and heuristic rules. Vendors have access to the same anti-spam research. To evaluate anti-spam products, you need to look beyond simple filtering statistics and consider factors that are specific to your business.

Evaluating Anti-Spam Techniques
Our recommended list of evaluation criteria includes:

  • Total cost of ownership: How much time and manpower will be needed to maintain the solution's effectiveness?


  • Performance and availability: E-mail is mission critical in many businesses; will the solution scale in messages/second and guarantee the required uptime?


  • Response to new attacks: How fast is the solution updated as spammers introduce new methods?


  • Technical support: What is the service level that the vendor can guarantee for software, hardware, or service support?

In addition, each firm must evaluate the anti-spam solution's feature set against its own business needs. Postini, for example, is a managed-service firm that has done a good job in meeting the anti-spam needs of the legal community. Its service has a number of anti-spam features that should be considered in selecting an anti-spam solution. These features include: proactive detection of mail zombies, flexible policies, user-selectable thresholds and rules, per-user mail quarantine, support for encrypted mail, memory-based mail filtering, and WebTrust security certification.

To effectively eliminate spam in your organization, start with the users, and determine exactly what types of spam are causing problems for them. Then evaluate the available solutions to your spam problem, using the criteria we have outlined.

-- Frederick Scholl

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll