Block Spam
Spam blocker services
Spam When the massachusetts department of education needed to
learn how to manage its spam problem, it turned to Zix Corp.'s Message
Inspector 3.17. The DOE, which serves all the school districts within
the commonwealth, saw a sharp increase in spam around April. The
anti-spam product it had been using to combat spam did not inspect the
message body and was letting a lot of unwanted (and often offensive)
e-mail through, according to Dave Mitchell, senior network engineer at
the department.
"In the second quarter of this year, we started seeing a huge amount of
spam hit the department," said Mitchell, who heads a team of network
administrators that is responsible for the day-to-day operations,
configuration, trouble-shooting, network planning and infrastructure
recommendations at the DOE.
"It's a mystery as to why, and some of it was particularly offensive.
Our users were calling us daily, telling us that they were getting 10,
15, 20 messages a day either trying to sell them something or that were
really offensive," he said.
The DOE LAN includes the main office in Malden, a satellite office in
Boston connected to the main office by microwave, an office in the
western Massachusetts town of Monson connected by frame relay, and a
second office in Malden connected by T-1.
The network serves staff within the DOE, while each educational
institution in the commonwealth is completely separate. "We don't
dictate whatsoever to them how they run their networks," said Mitchell.
Mitchell's group includes himself and two administrators. The department
also has a separate desktop user support group of approximately six or
seven people.
The DOE network includes 75 servers and 600 nodes. The servers, which
reside in the main office in Malden, run applications including
Microsoft Corp.'s Exchange 5.5, Oracle Corp.'s Oracle database, Web
servers, file servers and e-mail. The 600 desktops are spread among the
main office and the satellite offices.
On the desktop, the department uses a combination of Microsoft Windows
9x, Windows NT Workstation and Windows 2000 Professional. The desktops
run Office 2000 or 97, and staffers use Outlook 97, 98 or 2000 as their
e-mail client.
The department's spam problem increased about the time that the license
for its anti-spam/file-filtering product was due to expire, so Mitchell
and his team decided to look for something more robust.
So how do you come up with a short list when the product choices number
in the hundreds? Mitchell and his team focused on conversations with
others in the IT field and did some reading about various products.
Through these efforts, they were able to make a preliminary cut by going
with recognizable names.
"I determined pretty quickly that we wanted a product from a more
well-known organization, so we wound up looking at three different
products," said Mitchell. "We went back to [our vendor] because
they had in beta form an enhanced product that would look into the body
of a message, but it wasn't known when the product would be released. We
also looked at products from Trend Micro [Inc.] and Elron
[Software Inc.]."
The department's anti-spam evaluation began in early April, and its
pick—Elron's Message Inspector—was deployed in early June. (ZixCorp
has since acquired the business and assets of Elron.)
In the end, it was Message Inspector's straightforward interface and
flexibility that won over the DOE IT team, according to Mitchell.
"I just wasn't happy with the interface from Trend Micro, and the fact
that a lot of stuff was proprietary and you couldn't get in to see the
filters and easily adjust the filters," said Mitchell. The Elron product
was very straightforward, and it allowed us the flexibility we needed to
set up our own filters and make adjustments in certain of those
filters."
Mitchell said he is running Message Inspector on a fairly beefy box
(running Windows 2000) because he didn't want to create a bottleneck.
"Now that users are used to certain speeds in terms of how fast the mail
flows, I didn't want to slow that down," he said. "Message Inspector is
running on a Dell [Inc.] 4600, which consists of two 3GHz
processors, 4G of memory and tons of storage."
Mitchell said the department sees anywhere from 200,000 to 300,000
e-mail messages passing through the system every 10 to 14 days. He said
a recent Message Inspector report showed that, for the 10 days prior to
the report's release, Message Inspector stopped almost 48 percent of
these messages.
Any false positives? "We call it collateral damage—there's just no
way around it," said Mitchell. "There hasn't been a lot, though. We've
been able, over the course of time, to allow those kinds of e-mail
through as an exception to the rule. 'Refinance,' for example, is a
pretty common spam word, but someone might be expecting something about
an actual refinancing. We can tweak the application based upon the
sender, and we've done that and then closed it immediately after the
e-mail has been received."
Case File
Company Massachusetts Department of Education
Location Malden, Mass.
The problem Provide a more effective way to deal with an increasing
amount of e-mail spam
The solution Deploy ZixCorp's (formerly Elron's) Message Inspector 3.17
The tools Message Inspector 3.17 and Microsoft's Windows Server 2000,
Exchange and Outlook
What's next Evaluate the updated version of Message Inspector, Version
4.2, with a target deployment of fall 2003
Mitchell said that the DOE does not quarantine e-mail: "If it is blocked
for any reason or is infected, it is deleted."
Message Inspector Version 4, which was released in July and supports
Linux and Unix as well as Windows, has a published price of $7 per user
based on quantity, according to ZixCorp officials.
In justifying the cost of the product to the DOE, Mitchell said
productivity and liability were factors, as was spam's impact on
bandwidth within the DOE LAN.
His one gripe with Message Inspector, said Mitchell, is that it doesn't
block embedded HTML code very well. "[A message] will look
perfectly innocuous, but then all of a sudden a Web page will pop up,"
he said.
ZixCorp officials say Version 4.3 of Message Inspector, which is due
next month, will include an HTML parser. The DOE is evaluating a Message
Inspector update and plans to upgrade this fall.
End-user response to the deployment of the anti-spam application has
been positive overall, Mitchell said.
For the latest information about
spam
The Goals of spam
The goal of spam
is to determine the intrinsic grouping in a set of unlabeled data. But
how to decide what constitutes a good spam? It can be shown that
there is no absolute “best” criterion which would be independent of the
final aim of the spam. Consequently, it is the user which must
supply this criterion, in such a way that the result of the spam
will suit their needs.
For instance, we could be interested in finding representatives for
homogeneous groups (data reduction), in finding “natural
clusters” and describe their unknown properties (“natural” data
types), in finding useful and suitable groupings (“useful” data
classes) or in finding unusual data objects (outlier detection).
For the latest information about
The Goals of spam
Who uses spam?
Many different types of organizations use
spam as a vital
part of the work. A sampling of these include:
-
Marketing:
finding groups of customers with similar behavior given a large
database of customer data containing their properties and past
buying records;
-
Biology:
classification of plants and animals given their features;
-
Libraries:
book ordering;
-
Insurance:
identifying groups of motor insurance policy holders with a high
average claim cost; identifying frauds;
-
City-planning:
identifying groups of houses according to their house type,
value and geographical location;
-
Earthquake
studies: spam observed earthquake epicenters to
identify dangerous zones;
-
WWW:
document classification; spam weblog data to discover
groups of similar access patterns.
For the latest information about
block spam
