Postini Beefs Up Perimeter Defenses

E-mail security outfit Postini upgraded its data centers Monday to enhance
administrative spam-blocking capabilities to its service. The company
uses its data centers to act as a buffer between enterprise e-mail
servers and the rest of the world, filtering out junk e-mail and passing the
rest onto its customer.

Perimeter Manager 5.0, the latest version of its e-mail intrusion prevention
system,
adds features that free administrators of much of the hassle in dealing
with spam
while giving individual users more control over their settings. Users and
administrators access the
software through a Web-based console that ties in with Postini’s data
centers, which are located in Chicago and
Santa Clara, Calif., and are managed by the local telephone companies or the
data center Equinix.

To improve its spam-fighting functions and reduce the number of false
positives (spam that really isn’t
spam but legitimate e-mail), Postini added dynamic IP blocking to Perimeter
Manager 5.0, which blocks or
allows incoming messages dependent on their rating. If a message receives a
high enough rating,
it’s passed to the customer’s e-mail server; if not, it’s sent to the
customer’s quarantine folder,
where administrators make the final determination on whether the message is
spam or not.

“It’s all about finding new ways of weighting and scoring the messages or
connections we receive
based on recent prior behavior,” said Andrew Lochart, Postini director of
product marketing.
“This is enabled because we’re a service. Because we’re cloud-handling so
much traffic for so
many customers, we can draw these statistically meaningful conclusions about
what’s going on.”

Officials and developers are so confident in their ability to make
guaranteed decisions about
what makes a message spam and what doesn’t, they’ve added another new
capability: a blatant spam
option that immediately deletes the message instead of going into
quarantine.

A revamped administrative console lets administrators for the first time
delegate filtering
settings at the user level. The console also filters content
based on company policies and compliance requirements.

Postini is a firm believer that SMTP connections, not content
filtering, is the answer
to combat junk and virus-carrying e-mails. Popular filtering technologies,
namely the Bayesian filtering
used in many anti-spam programs today, is slowly getting bypassed by
spammers. One common technique
is called Bayesian poisoning. This occurs when multiple e-mails are sent
with common spam terms
(Viagra, adult, payperviews) to throw off the Bayesian rating, thus allowing
more spam messages through.

Instead, blocking likely spam by IP address or domain, called blacklisting
,
is done at the SMTP protocol level, bouncing bad e-mails before they clutter
the servers.
According to its data center figures, Postini blocks 53 percent of its spam
and viruses
— or about 212 million messages a day — using an
SMTP connection block. The other 47 percent is managed using
conventional content filtering technology.

“Content filtering by itself is bankrupt as a means of protection from
e-mail threats,” Scott Petry,
Postini founder and senior vice president of products and engineering, said
in a statement.
“We are offering a unique, enhanced solution that goes beyond just detection
at the content
level to comprehensive transport layer e-mail intrusion prevention at the
perimeter before
threats even get to the corporate firewall.”

News Around the Web