RealTime IT News

Postini Beefs Up Perimeter Defenses

E-mail security outfit Postini upgraded its data centers Monday to enhance administrative spam-blocking capabilities to its service. The company uses its data centers to act as a buffer between enterprise e-mail servers and the rest of the world, filtering out junk e-mail and passing the rest onto its customer.

Perimeter Manager 5.0, the latest version of its e-mail intrusion prevention system, adds features that free administrators of much of the hassle in dealing with spam while giving individual users more control over their settings. Users and administrators access the software through a Web-based console that ties in with Postini's data centers, which are located in Chicago and Santa Clara, Calif., and are managed by the local telephone companies or the data center Equinix.

To improve its spam-fighting functions and reduce the number of false positives (spam that really isn't spam but legitimate e-mail), Postini added dynamic IP blocking to Perimeter Manager 5.0, which blocks or allows incoming messages dependent on their rating. If a message receives a high enough rating, it's passed to the customer's e-mail server; if not, it's sent to the customer's quarantine folder, where administrators make the final determination on whether the message is spam or not.

"It's all about finding new ways of weighting and scoring the messages or connections we receive based on recent prior behavior," said Andrew Lochart, Postini director of product marketing. "This is enabled because we're a service. Because we're cloud-handling so much traffic for so many customers, we can draw these statistically meaningful conclusions about what's going on."

Officials and developers are so confident in their ability to make guaranteed decisions about what makes a message spam and what doesn't, they've added another new capability: a blatant spam option that immediately deletes the message instead of going into quarantine.

A revamped administrative console lets administrators for the first time delegate filtering settings at the user level. The console also filters content based on company policies and compliance requirements.

Postini is a firm believer that SMTP connections, not content filtering, is the answer to combat junk and virus-carrying e-mails. Popular filtering technologies, namely the Bayesian filtering used in many anti-spam programs today, is slowly getting bypassed by spammers. One common technique is called Bayesian poisoning. This occurs when multiple e-mails are sent with common spam terms (Viagra, adult, payperviews) to throw off the Bayesian rating, thus allowing more spam messages through.

Instead, blocking likely spam by IP address or domain, called blacklisting , is done at the SMTP protocol level, bouncing bad e-mails before they clutter the servers. According to its data center figures, Postini blocks 53 percent of its spam and viruses -- or about 212 million messages a day -- using an SMTP connection block. The other 47 percent is managed using conventional content filtering technology.

"Content filtering by itself is bankrupt as a means of protection from e-mail threats," Scott Petry, Postini founder and senior vice president of products and engineering, said in a statement. "We are offering a unique, enhanced solution that goes beyond just detection at the content level to comprehensive transport layer e-mail intrusion prevention at the perimeter before threats even get to the corporate firewall."