Put an End to Spam
Use Sybari Advanced Spam Manager to put an end to spam in your organization.
by Danielle Ruest and Nelson Ruest
December 13, 2004
Spam might not be as damaging as viruses, but it has become a major problem in most organizations. Unwanted e-mail consumes bandwidth and productivity, especially in organizations where e-mail is a mission-critical tool. Filtering unwanted e-mail manually is unproductive, offensive, and boring. Fortunately, much has improved since this problem became so apparent. For example, Microsoft includes filtering enhancements in both Exchange Server 2003 and Outlook 2003, especially in the service packs for each. However, these tools might not be enough for many organizations.
Enter Sybari with its Advanced Spam Manager (ASM). ASM is a designed to filter spam or unwanted e-mails at the server level (see Figure 1). When ASM is configured properly, spam won't even reach users' mailboxes, making the process completely transparent. But if some spam does pass through the filtering gateway, users can manage spam with their own Junk Mail folder. Whenever a user assigns a message to the folder, it updates the spam list for that user automatically. This means the user will never have to deal with this message again.
Sybari is well-known for its integration of multiple scan engines into a single interface (see Figure 2). Its Antigen antivirus engine includes multiple antivirus scanners from multiple third-party firms. They use this same strategy for their anti-spam tool. ASM includes a special third-party engine called SpamCure from Mail-Filters.com. This engine can detect spam at a rate of 95 percent or higher and has failure rates as low as one in 100,000. Not bad for a start. You can also schedule the delivery of updated spam signatures, ensuring that your spam protection tool is always up to date through an automated procedure. In addition, administrators can configure whitelistsdomain name system (DNS) addresses or domain names that are legitimate addressesto override the spam detection engine and allow messages through.
ASM supports filtering based on keywords as well as word counts. For example, if you enter "holidays (4)," ASM will block messages that include four or more occurrences of the word holidays. Finally, you can integrate Realtime Blackhole Lists (RBLs) in the Antigen SMTP jobs. This lets you subscribe to updated RBLs to ensure your protection levels are at their highest at all times. If this isn't enough, you can create your own rejected mailhost lists to block even more content. ASM also supports file filtering and blocking file types as attachments in messages. ASM lets you add disclaimers to your outgoing e-mails automatically, helping to ensure the protection of your intellectual property (see Figure 3). You can even set these disclaimers to match specific destination domain names.
You can deal with spam in a number of manners. You can elect to reject all spam. This stops it right at the gateway, but could cause the potential loss of some data. For some, this is an acceptable risk: "If they want to get their message through, then they better make sure it is clean." You can quarantine spam to a central location, even from multiple Exchange servers. This might be a better way to treat spam if you're concerned about losing important messages. You can also stamp messages you think might be spam. This inserts a special tag in the subject line and helps identify suspect messages more easily. However, this requires the user to determine if the message is spam. Finally, you can direct the spam to the user's Junk Mail foldereither the one provided by ASM or the default Outlook Junk Mail folder when running Exchange Server 2003. This is probably the best way to deal with spam, because users can control what they find acceptable and what they don't, which removes a burden from administrators. You'll see that as you use ASM, you'll learn which method best suits your organization.
ASM is not the only anti-spam solution from Sybari. The company also offers Spam Manager, which is an add-on to the Antigen antivirus system. Spam Manager is less expensive and offers fewer features than ASM, but it is designed purely to give spam blocking to existing Sybari users. If you're not sure you want to use Antigen, then you should look at ASM because it is a standalone solution. ASM installs with ease, though it isn't integrated with the Windows Installer service. This is surprising, given Sybari's advanced tools. Configuration is straightforward but can be complex, so it's best to take notes and try out different settings for periods of time to see which fits your needs best.
We still haven't seen a spam-blocking solution that sends it all back. A "return to sender" functionality would do to the spammers what they do to usoverload their e-mail systems. It's not surprising that no one has come up with this type of solution, because it requires the use of your own resources to work, but it would be more satisfying than simply accepting all spam. Until then, we recommend you use some spam-stopping technology, if only to increase the productivity of your users. The Sybari Advanced Spam Manager is effective and might be the best way for you to get control of spam.
Quick Facts
Sybari Advanced Spam Manager 8.0
Sybari Software
Web: www.sybari.com
Phone: 631-630-8500
Pricing: From $6 to $26 per user
Quick Facts: Lets organizations running Exchange protect users from spam by configuring filters.
Pros: Filters spam based on different conditions, including whitelisting, signature databases, subject-line tagging, and more. Doesn't require you to use Sybari's Antigen antivirus engine, but can integrate with it. End users have their own junk mail folder to filter out even more spam.
Cons: Administrators must be careful when creating filters to block spam only. Installation is not in Windows Installer format.
About the Author
Danielle Ruest and Nelson Ruest (MCSE, MCT) are multiple book authors focusing on systems design, administration, and management. They run a consulting company that concentrates on IT infrastructure architecture and change and configuration management. You can reach them at wssmag@reso-net.com.
Back to top
|