|
Welcome to the first of our regular newsletters. One of
the main reasons for the newsletter is to provide some information about
the email that has passed through our server in the last quarter. We've
only recently gained the ability to monitor this easily, which is why
we're letting you know about it now. Here are some relevant
statistics for the quarter ending December 2004:
Virus rate: 5.1%
Spam rate: 12.3%
High scoring spam rate: 10.2%
Most common viruses
Sober.I: 30.4%
Netsky.P: 25.2%
Netsky.D: 12.2%
Click on the names above
for the virus descriptions from Symantec. Essentially, these are all mass
mailing worms that send themselves to addresses that they harvest from the
infected PC. They are all fairly easy to stop.
Spam Filtering
Improvements
You can see from the statistics above that there is twice as much spam as
viruses. Of the spam, about 83% of it is "high scoring". This
means that there is a very high likelihood that it is spam (with spam
detection there are always a small number of false alarms).
All messages classified
as spam are tagged with {Spam?} at the beginning of the subject of the
message. Over the last month or so we have tuned our spam filtering
system and as a result, the spam detection rate has improved
substantially. We have some email accounts that get sent almost nothing
but spam and we have found that hardly any spam now gets through.
We use a sophisticated spam filter called
SpamAssassin.
This software maintains a database of words and phrases used in messages
classified as spam. It uses "Bayesian" analysis to compare the words
and phrases in all incoming messages against that database in order to
determine whether the message is spam. The use of Bayesian systems
explains why a lot of spam messages contain meaningless words and phrases
at the end of the message. This is so-called "Bayes poison" and is
designed to confuse the Bayes engine.
The Bayes database is the most effective tool
in identifying spam.
A close second to our
own Bayes database are various third party databases of spam sources.
These third party databases use various techniques to capture spam and
record where it originated.
|
|
They add the IP address of the source to their
database. For some time we have checked the addresses of the mail
servers that each message has passed through against these third party
databases.
A more recent development in the last quarter has been the checking of web
sites referenced in the actual text of the message against these
databases. This technique has proven very effective; most spammers
need you to contact them and tend to direct you to their web site.
Most spam is sent using
mail servers that have been "hijacked" by spammers; the owners of the mail
server are unaware that spammers are using it. Checking the mail
servers through which mail has passed against third party databases is
therefore a very effective technique.
The final tool that
SpamAssassin uses is to check for specific words and phrases within the
messages, eg, "viagra".
SpamAssassin assigns a
score for each message. The higher the score, the greater the chance
that a message is spam. We tune both the scores assigned to various
tests and the level at which a message is tagged as spam. The tuning
involves assigning tests that are most effective a higher score. We
also keep an eye on third party databases that stop working (most are not
commercial) and stop wasting time trying to search them.
New Version of FTGate
FTGate have released version 4 of their mail server. If you already
have FTGate and are interested in upgrading to the latest version, it is
worth purchasing before the end of February because there is a 40%
discount until then, reducing to 20% after that. The main
improvements include a redesigned user interface and the inclusion of
groupware features - shared calendars, address books, task lists and
folders. Unfortunately, these groupware features aren't compatible
with Microsoft Outlook; you have to use FTGate's WebMail or a separate
application called Solsight which is included with FTGate4 in order to
access the shared calendars, etc. So too, the whole process of, for
example, inviting others to a meeting works rather differently to the way
it does in Outlook. However, the 40% discount is obviously
attractive and there are significant improvements to the WebMail client.
Change of Server IP
Address
Apologies for any disruption in service as a result of the relocation
of our server and the change of its IP address. Our service provider
gave us no option, unfortunately.
|
News