In Valid Logic

Endlessly expanding technology

Kind of spam stats I like to see

Kind of spam stats I like to see<p>Here is a screenshot for earlier last week of the daily stats from my hardware-based spam filter.  I started using a specialized spam filtering appliance about a week and a half ago and I'm loving it so far.  The one I am using is by Ironport (and is strangely never mentioned on their site).  I just have the basic entry level filter, which is similar to offerings by other companies like Mail Foundry and Barracuda.  Out of some of the reviews I'd seen, the Ironport was rated among the highest for best success rate and lowest number of false positives.</p> <p>Overall, I have been very impressed with Ironport's filtering.  Their SenderBase is a reputation based filter that blocks the messages at the connection level.  Basically, it checks out the host that is connecting to it and if it is one that is often reported as sending spam, it will tell it up front "I don't want your message" and close the connection before it has a chance to do anything.</p> <p>So far, I have had no spam messages get though.  I have received a few spam messages, though a quick look at the headers and they went directly to my mail server, either from an old DNS cache or just probing the server (ie, it doesn't follow my DNS MX settings, just sees mail.domain.com and connects to it).  And even better, I have not had any false positives, or messages that aren't spam get marked as spam.  Also, some newsletters I had subscribed to now come through instead of getting marked as spam.  Often times with those, can easily unsubscribe.  Those messages frequently look like spam to other filters, but aren't necessarily as it is something you signed up for.  And unsubscribing is usually easy.</p> <p>My main disappointment with the filter so far is its quarantine functionality.  Here is a brief synopsis of what I don't like:</p> <ul> <li>Doesn't support aliases.  Have two or more email addresses going to the same physical email account?  Too bad, you'll get multiple quarantine notifications.</li> <li>It sends quarantine notices to anyone it accepts messages from.  This is a problem when you just tell it to receive "qgyen.net" and don't narrow it down to just the individual addresses, since adding every address would be a PITA.  But this becomes a problem because every morning, the ones to non-existent address bounce back to my mailbox.  Some point soon, I'll get it switch over to validate against LDAP so I can only accept valid addresses and not have to manually add all of them.</li> <li>No way to customize the colors… they let you upload your own title header, but then your colors could easily clash and it would look ugly.</li> <li>No quick link in the notification emails to just delete all.</li> <li>No way to have per-user whitelists.</li></ul> <p>They do sell a device specifically for the purpose of being a quarantine, but it is primarily to be a centralized quarantine when you have multiple filtering devices.  I hope it doesn't have some of these features, while their normal spam appliances don't.  I doubt they'll ever hear "I want to change the colors on the quarantine, I'll buy your quarantine appliance".  No, none of the things I mentioned would be good up-selling points.  Only reason to get their quarantine appliance is in a multi-server environment, then it is a given.</p> <p>Overall, aside from some of the lacking features in the quarantine, I like the Ironport filter and it has so far been extremely reliable.</p>

Monday, March 12, 2007

 
blog comments powered by Disqus