December 23rd, 2004, 06:27 PM
Not too long ago there seemed to be a barrage of standalone antispam devices emerging. Whether it was an actual appliance, or just a software applications, antispam was its own offering.
Now that Symantec bought Brightmail, which was arguably one of the larger players in the market, and many of the other antispam-only companies seem to be having issues remaining profitable, it appears that the market may be dead.
Spam is obviously NOT dead though. Do you think that there is yet a viable market for a pure antispam product, or is antispam something that will just be a feature in other security products such as antivirus products or all-in-one firewall / VPN / AV / antispam appliances?
December 23rd, 2004, 07:25 PM
I currently see two markets for anti-spam. The first is at the server level. Prevent the spam from getting to the client/end user/employee/etc. The second is on the mail client itself. Outlook 2003 attempts to capture junk mail it does ok from what I've seen.
I think in the perfect world we would not need antispam tools but the world is not perfect. Further in the perfect world we could depend on server guards. The mail never reaches the intented receipant.
I currently have a triple layer system. The company uses a product called mailfroniter on the server (blocks on average 90 spams a day and so far as not blocked "real" mail). The second tear is mailfrontier for the client which grabs those that mailfrontier for the server missed. The thrid tear is outlook 2003 looking for junk. With these 3 pieces I never have spam in my corporate inbox.
I think going forward the client side anti-spam tools will be built into the mail client (Eudora, Outlook, etc) limiting the market for end users. The server side will remain and continue to get better. Client side you still have to delete the spam from your inbox wheras server side you get a single mail listing all the junk that was blocked (with the option of unjunking).
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
December 23rd, 2004, 09:05 PM
I partialy agree with dspeidel.. there will be 2 markets the first being the Server Side filters.. the second the client side will endup being part of the AV package (we are seeing it now). It would be better, as dspeidel commented, as part of the Email Client software but the AV Co's will convince consumers that their product is the only way to go.. geez integrate Mailwasher with any of the clients and your on a winner..
the end barrier.. if the Anti-spam tool is part of the client software.. it is another setting the user has to fiddle with when installing their machine, or upgrading their software.. it will be missed..because it involves more settings and is to much to think about
when it is part of the AV prog.. people will run with the default settings or just disable the tool... because it involves more settings and is to much to think about .. and they will assume that the AV will take care of everything...
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
December 23rd, 2004, 09:28 PM
Has anyone here tried SPF, (Sender Policy Framework), see here
I started using it about two weeks ago and it works rather well. It catches 20% of my spam before it goes through the more CPU intensive spam checks.
It works by you adding a TXT record to your domain that delineates which hosts or IP's are allowed to send email under the pretext, (either the originating IP or the sender's domain), of your domain. Then, if anyone tries to spoof mail from your domain an SPF aware mail system will check the validity of the IP against your domain's SPF, (TXT), record. It can HardFail, ("forged"), SoftFail, ("probably forged"), or allow it with the rider that it probably isn't good depending upon the parameter in the TXT record.
You can then reject mail by having an SPF aware system in your mail system, (GFI's Mail Essentials 10.x is SPF aware), that does the checking for you.
I really quite like it and if you look at the list of major "adopters" it's taking off quite well.... Currently there are some 210,000 registered domains including M$, Hotmail, AOL and a lot of other "biggies". If everyone takes it up it will do a lot to prevent domain spoofing.... Which is a big tool in the spammers playbook.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides