Is hosted anti-spam the answer?

It has taken only four years for spam to become the bane of business but, as small and medium businesses (SMBs) are finding, spam can be killed before it enters inboxes with the use of a hosted provider.Each working morning, hundreds of employees across Australia start their working morning with spam.

It has taken only four years for spam to become the bane of business but, as small and medium businesses (SMBs) are finding, spam can be killed before it enters inboxes with the use of a hosted provider.

Each working morning, hundreds of employees across Australia start their working morning with spam. Coffee in hand, they sit at their computers and sift through their inboxes, canning what Gartner predicts is 60 to 80 percent of all business e-mails.

One way to cut down on the number of hours staff must spend sorting through e-mail at the desktop is to outsource the management of spam at the server level.

Hosted anti-spam services are not only time-savers, they're surprisingly affordable. The price may change depending on enterprise size, or the specifics and level of service required, but for SMBs, the benefits of having someone else look after your spam are quite evident.

Since first being introduced to Australia by security provider MailGuard in 2001, the hosted anti-spam market has grown considerably. MailGuard sales and marketing director Andrew Johnson puts growth of anti-spam takeup for his company at 100 percent year-on-year for business use alone.

"Initially the take up was quite slow as it was a new concept in Australia. But then we started to pick up the SMBs who did not have enough resources in-house to handle growing amounts of spam," Johnson says.

IDC senior software analyst Megan Dahlgren says the rising take up of anti-spam software by companies has somewhat superceded the hosted market in recent years. However, she says hosted services are gaining traction with SMBs.

"Hosted anti-spam is still a small marketplace and there is very little market-sizing data out there on it. Many large organisations still want to manage their e-mail traffic on their own. But the hosted option is proving to be good for SMBs who are adding anti-spam to their hosted antivirus," Dahlgren says.

Security software provider Sophos' senior security analyst Sean Richmond agrees. He says in-house solutions are generally only used by those companies that have enough equipment and manpower to look after the updates and infrastructure required for looking after large amounts of spam.

"From an SMB point of view, a managed service is great because you don't have to know anything about how to look after or effectively use anti-spam software," Richmond says.

Stopping spam
There are a number of ways to filter out spam. Domain or blacklists are some of the most common methods of blocking unsolicited mail. These are lists compiled by ISPs, security vendors, and service providers that contain the addresses of known spammers. However, blacklists have become a contentious issue of late with larger organisations, who prefer to create their own custom blacklists.

IDC's Dahlgren says the main concern for businesses in regards to blacklists has been about false positives -- where a business sending out legitimate e-mails will be blacklisted. Unfortunately, once you are blacklisted -- even if unfairly so -- it has proved extremely difficult to be removed from the lists. However, Dahlgren says the concern for black lists has decreased.

"The problems companies have had with these lists have been diminishing considerably because there are certain characteristics of classic spam that are becoming known, such as the images in spam," Dahlgren says.

"Mail marshals working at hosts, such as Clearswift or Surf Control, will physically open spam e-mails and look at them to tag and categorise them all day long -- this helps them to create better criteria for their blacklist policies. This makes it very easy to filter out spam."

Other techniques are Bayesian analysis and heuristic filtering. Bayesian analysis looks at particular words, such as "Viagra", common in spam messages. Heuristic filtering is a way of scanning spam by looking at various aspects of the e-mail. Both the Bayesian and heuristic filtering methods are based on statistics and mathematical equations.

Playing host
Anti-spam hosting can be done in a number of ways. One of the most common forms of hosting is through ISPs, who will often add it on as a free extra or at a small cost per mailbox for small businesses who have their e-mail hosted by the ISP.

IDC's Dahlgren says the ISP offering is the most common for the SMB space. "These offerings are very inexpensive and they are often quite relative to other offerings in terms of quality," she says. But senior security analyst with Symantec Andrew Gordon says some ISPs view bandwidth as money, and can be less likely to do a thorough sort through spam if it reduces their traffic. "It is best to go with a managed hosted solution by a specialised provider if you want more than your ISP can offer you," he says.

A common form of hosting is where the hosts intercepts the mail and scans it for spam before the mail reaches your gateway. In this case the host will completely run and deliver the e-mail scanning infrastructure, checking e-mails before sending them through to the client's e-mail server.

For example, MessageLabs technical director David Banes says the company will analyse traffic patterns, carry out content analysis, and use its database of known spam to score e-mails on their legitimacy before pushing the "clean" mail through to a client's server.

"This is different to a normal desktop product that will simply look at an e-mail that comes in, check out its characteristics and decide if it is a virus or spam, unless configured by the user themselves," Banes says.

Dahlgren says the option of having a host sit in the pipeline between the sender and the mail server is relatively cheap -- it could start with one start-up fee, generally around the AU$200 mark with each e-mail address charge of a monthly fee after that, up to about AU$5.50 per user. A good price for a small business, but enterprises may find the option a bit too costly, she says.

Another way of hosting spam involves complete mail server management -- where the customer's mail server is located and managed by the host at the host's site. In this scenario, management services extend beyond anti-spam to include antivirus scans and back ups, and hardware and software management.

This option is hardly ever used for anti-spam itself, according to Dahlgren. "You would generally have your e-mail server stored with the host from the beginning, and you would just ask your host to turn on your anti-spam. The cost of anti-spam would be included in the total cost of your server hosting," she says.

False positives
With all these options though, comes the issue of false positives. Enterprises are not only concerned with how much spam they can trap, but want to know that all legitimate e-mails are coming through, according to anti-spam host WebCentral's CEO Andrew Spicer.

"You can use algorithms to detect the signatures of good mail, which will also be recognised by our databases for individual clients. If this fails, our customers can still go into their "canned" mail and look to see if there is something classed as junk that may be legit."

False positives were a big problem for marketing company Smartype. Director Sue Wickendon says her staff would receive hundreds of e-mails advertising Viagra and pornography each day, and lose lots of positives e-mails as a result of this spam.

Smartype trialled a new product by Web-Central called SpamDefend -- soon to be released. Wickendon says since then, the company has only suffered one percent of the spam they previously did, and in two months of use it has totally taken false positives out of the equation.

Losing control
Symantec's Gordon says the final decision to go with a hosted anti-spam provider should rest on your ability to manage your current situation. "If you have a few people pulling out their hair trying to manage software spam quarantine, you could be better off with a hosted solution. Or if you see it is a cost-effective way of dealing with it," he says.

Gordon says many hosted services will be able to deliver anti-spam more effectively for SMEs or large organisations.

"Different customers will have different requirements, and hosted providers can tailor this for you," Gordon says.

"Customer A may want all spam blocked in the Internet cloud before the mail gets sent down to them, whereas customer B may want everything scanned only for viruses before the mail is sent, but they may want to sift through it all and decide on what is spam content themselves."

Sopho's Richmond says for the SMB, the decision to go with a host can mean lower costs and less fuss. He says it is how the software is managed by the host and the infrastructure they use that makes the defining difference.

"Hosted solutions offer convenience for most people -- it can have a lower cost of ownership and you don't have to have someone administering the software. "Richmond says.

"All you have to do is plug your mail through a hosted solution -- you don't have to worry about it after that."

"Hosted solutions do, however, become a lot less attractive if you are using encrypted mail systems and trying to have confidential things being run through your system because obviously you will have someone else managing your mail flow."

But for the Australian employees in small business, who spend so much of their time canning spam, hosted solutions seem to offer saved time and a low-cost way of dealing with an issue that is not going to go away.

Dahlgren says with spam predicted to be on the rise in coming years, hosted solutions will certainly gain a lot more clout in the SMB arena, further increasing options for anti-spam provision.

A sample of what is out there

WebCentral's SpamTrap is an easy-to-use POP 3 internet e-mail filtering service that sits before your e-mail server. Spam can be viewed online 30 days after it has been sent.

Clearswift SpamActive
Managed anti-spam filter freely available to users of Clearswift products which pushes automatic updates out to your server, allowing you to choose if you want to receive your spam or have it looked after by Clearswift.

MessageLabs' fully managed offering sees spam scanned at their location using a global database of known security threats and spam. Operating at Internet level, MessageLabs offers a level of control before the e-mail comes through your network boundary.

MailGuard offers free set-up for anti-spam, with a monthly cost following which depends on the number of e-mail users you have. This covers anti-spam, anti-virus, content filtering, and other services.

Trend Micro
A hosted anti-spam offering provided with Trend Micro's inegrated gateway anti-virus suite free of charge.

IC Consulting
A hosted anti-spam offering that comes with IC Consulting hosted services that uses open source software.

Filters e-mail from your BigPond inbox into a separate spam folder that is automatically created in your WebMail account.

This article was first published in Technology & Business magazine.
Click here for subscription information.