Section Contents

Isode unveils first commercial release of anti-spam product incorporating greylisting

Isode, the London-based supplier of email and directory server products, today announced the release of M-Switch Anti-Spam 10.2. Included within this new version of Isode's email monitoring and filtering solution are some significant and innovative anti-spam enhancements designed to dramatically reduce the quantity of unwanted spam messages arriving in end-user’s email boxes as well as ensuring that 'false positives' are kept to an absolute minimum.

(LONDON. - December 17, 2003) - As well as support for multiple real-time black hole lists, content filtering, message characteristic checking, network address checking, obfuscation techniques, subject line, originator and host matching, M-Switch 10.2 becomes the first commercial product to incorporate a new anti-spam technique, Greylisting.

Greylisting: An industry first for Isode

It has long been recognised that a vast majority of spam comes from applications designed specifically for spam and is sent on a 'fire and forget' principle. Legitimate email allows for the possibility of message delivery failure and will re-try delivery if a delivery failure code is received.

Initially discussed within the IETF (Internet Engineering Task Force) Anti Spam Research Group, greylisting capitalises on this weakness of spam systems by bouncing emails whose profile (defined by a combination of sending host IP address, sender and recipient address) has not been encountered before.

Legitimate email sending systems will re-try delivery, at which point M-Switch passes the message and adds its profile to an approved list for future reference.

Isode's implementation of greylisting can eliminate up to 90% of spam before it hits the Message Switch and is thus both effective and resource light.

Steve Kille, CEO of Isode, said, "We are committed to providing our customers with an extensive armoury of the latest anti-spam techniques."

"We don't believe that greylisting is the total solution to the problem of spam, however it is an important weapon within that armoury and gives M-Switch users and important edge in the ongoing arms race between spammers and the providers of anti-spam solutions."

Also new in this release

In addition to across the board performance tuning, 10.2 adds two specific measures to help thwart harvest attacks (where the spammer attempts to compile a list of valid addresses by sending delivery requests to multiple addresses within a domain and noting which to not produce a delivery error):

  • The ability to set a maximum number of recipients for a message thus preventing large harvest attacks.
  • The detection of a configurable number of failed delivery requests, at which point M-Switch Anti-Spam responds that all addresses are false.

Two new features added to the core M-Switch R10.2 release are useful for anti-spam deployments:

  • Support for SASL (Simple Authentication and Security Layer) for SMTP, enables authentication of trusted clients, and on the basis of this trust, there is no requirement to perform spam checking for messages from these clients.
  • Failover clustering support enables M-Switch Anti-Spam to be operated in a service environment with zero message and service loss in the event of computer failure. This is important for high end service providers.

Other Interception Methods

Rather than offering just one main technique for eliminating spam, M-Switch Anti-Spam encompasses a range spam detection techniques giving maximum protection to the customer, including:

  • Content Filtering: Examining the content of a message to match words, phrases and other information.
  • Phone & URL Blacklists: Whilst most spammers will fake return addresses, they nearly always include in the body of the message at least one method (phone or website URL) so the recipient can respond to the spam's advertising. M-Switch Anti-Spam maintains both phone and URL blacklists.
  • Subject Line Matching: Matching the subject line against a list of topics that should always be treated as spam.
  • Originator Matching: Matching the originator of the message against an email blacklist.
  • Host Matching: Matching the sending host against a host blacklist.
  • Message Characteristic Checking: Checking the technical characteristics of a message, such as the way in which returned messages are handled.
  • Network Address Checking: Checking the originating network address.
  • Obfuscation Techniques: Checking for spam obfuscation techniques such as HTML comments or messages that are composed entirely of URLs.

All of the above techniques are integrated using Bayesian analysis, and driven using data sets derived and regularly updated from a live database of spam and real messages. This combination of approaches leads to a very high spam hit rate, with low false positives. In its default configuration, M-Switch will detect 90% of spam as "spam" with a 0.1% false positive rate and 8% will be detected as "possible spam" with a 1% false positive rate.

About Isode

Isode is a software product company, originally established in 1992. Its M-Vault (LDAP Directory Server) and M-Switch (SMTP Message Switch) are used around the world by Multinational Corporations, Government Departments, ISPs, and Universities including BT Ignite, Federal Bridge Certification Authority, Novis Telecom, EDS, PTM.com, Queens University Belfast, Steria Limited, Her Majestys Government Computing Centre (HMGCC), Leeds Learning and The Government of Alberta.

Contact Information

Isode
Lydia Steyn
+44 (20) 8783 0203
lydia.steyn@isode.com

Wednesday, December 17th, 2003
Copyright © 2007 Isode privacy   feedback Subscribe to our rss newsfeed