Brightmail's new software tackles zombies

Brightmail has released a new version of its anti-spam software, Anti-Spam 6.0, which includes features designed to deal with zombie PCs, an improved ability to deal with foreign-language spam and a Web-based management console.

One way that Brightmail's software filters spam is through maintaining lists of spammers' IP addresses, which it calls a Reputation Service. It gathers information on spammers by setting up "honey pots" -- fake email accounts on the Web designed to attract spambots trawling for new addresses to spam.

The listing feature has been improved in the new version and can now distinguish between IP addresses that send only spam and those sending a mixture of spam and legitimate emails, according to Mark Bruno, enterprise product manager at Brightmail. Computers sending partial spam may be zombies -- PCs infected by a mass-mailer virus or Trojan horse. The anti-spam software blocks all emails sent by pure-spam IP addresses but makes additional checks on emails sent by addresses on the part-spam list to ensure they really are spam. This means that legitimate emails from zombie PCs are likely to get delivered.

Brightmail's software also uses a heuristics engine that looks for message characteristics that occur in spam. Bruno says that "Microsoft's Hotmail is so happy with our product that they delete spam immediately [without asking the hotmail user] -- they delete a couple of billion emails a day."

At least one of Brightmail's competitors expressed reservations about the company's approach. According to Amir Lev, chief technical officer at Commtouch, Brightmail's honey pots can only ever track 80 percent of the spam in circulation, because spammers get hold of email addresses in many different ways. Spammers also prefer to use validated addresses, and because honey-pot accounts never reply to emails, they will not be validated.

Click here to read ZDNet UK's interview with Mark Bruno about how Brightmail keeps ahead of the spammers.