Best Practices in Using Reputation-based Anti-Spam Services for Email Security
One of the most efficient, least costly and, remarkably, most effective anti-spam techniques is IP reputation filtering. An incredibly inexpensive technique for the anti-spam gateway, IP reputation filtering can be used to identify 80% (or more) of spam without even looking at message content. IP reputation services have become a best practice for any anti-spam gateway.
IP reputation services come from the observation that you can often identify a message as spam simply by the IP address it comes from. Starting in 1997, reputation services (originally called "blacklists") have become a staple of anti-spam vendors, with nearly 200 open source and commercial reputation services available.
The most effective anti-spam products are based on an optimized "cocktail" approach to spam detection. An anti-spam product using a cocktail mixes multiple tests and techniques together, both to increase the spam catch rate and to decrease the false positive rate. Opus One's side-by-side testing of anti-spam products has demonstrated the power of the cocktail approach. We have found that products using multiple complementary and even overlapping techniques fare better when confronted with the constantly shifting landscape of spam.
The cocktail approach has another advantage, which is that it can reduce the load on anti-spam gateways. Not every anti-spam test takes the same amount of CPU time or memory. If early tests with lower cost can determine that a message is spam or is not spam, then the message can be released or rejected that much more quickly. This increases throughput through the gateway, reduces latency, and, ultimately, reduces costs.
- IronPort Systems
- 17 Mar 2009
- 09 Feb 2009
- 13 Page(s)
- White Paper