Sunday, October 23, 2005

A Breakthrough in AntiSpam for Lotus Domino (and probably other Systems)

It never ceases to amaze me how out of touch software vendors can be with their software. They spend a lot of time and money promoting what is essentially crap software, and then when something really spectacular comes along, they forget to do any marketing.

Ok, this generalisation seems to apply to a lot of things, not just computing, but for now, lets look at a recent example.

Symantec MailSecurity for Domino
We have been using Symantec MailSecurity for Domino for some time and while it has been working for us, the maintenance on this product is a lot of work.

For a start, there was no such thing as an automated update, you had to manually add in blocks for everything you could think of. In my case I did a few things;

Firstly, to prevent false positives;

  1. Created a whitelist which included the domain names of most of our frequent business partners (obviously something that needs to be updated occasionally)
  2. Created a whitelist keyword which meant that the use of a specific word in the subject line of an email would cause it to bypass all of our filters - obviously not a normal word, and fortunately not something that would ever require updating.

Now, to prevent spam...
I created about 8 different word lists, called things like Sex Drugs, Loans, Scams etc... and put various keywords into each. That way, if a list seemed to be going ballistic and was blocking everything, I could switch it off without affecting the remaining lists.

Obviously there was a huge amount of work in maintaining these lists.

Whenever I got spam, or someone forwarded me spam, I would have to read it and attempt to decide which words were unique and which category they belonged to. As the words got more and more twisted, the job got harder. Especially when I discovered that certain symbols meant different things to Symantec.

One which got me badly was "cialis", when I first blocked this drug, all mention of the word "specialist" caused emails to be blocked causing a lot of problems for I.T.

We were blocking a lot of spam, but we were also still allowing quite a bit in.

Premium Anti-Spam
One day when I was poking about in Symantec Mail Security, I found a tab marked "Premium Anti-Spam". Nothing on this tab worked. I decided to ask Symantec about this facility when our corporate anti-virus software came up for renewal.

It turns out that Premium Anti-spam was an add-on service for Symantec's Mail Security Products. You just had to pay the extra licence fee and away you go.

Symantec weren't terribly interested in promoting their product. Sure it was a little more expensive than the normal anti-spam, but it wasn't double the price or anything. They explained that the product downloaded signatures from Symantec which uniquely identified the contents of spam emails.

The theory was that symantec received lots and lots of spam and that they converted the contents of this spam into some form of unique identifier. The identifier then became the signature.

The result is supposed to be 99.9% accuracy and 0 false positives.

I finally managed to convince Symantec to sell me the product and had to reinstall MailSecurity to activate it. Since activation, I have received zero spam. I still can't understand why, if Symantec have such an effective product, they don't promote it more effectively, and why their own staff seem oblivious to its benefits.

1 comment:

Winantivirus said...

Need free anti virus software download software?

If your computer is running stupid free anti virus software download will help
Click here to download free anti virus software download now!