Login  |  Register  |  Contact

Spam Levels and Anti-Spam SaaS

I was reading the Network World coverage last night of the McAfee Spam Report stating spam rates were down 20%. While McAfee's numbers are probably accurate, my initial reaction was "Bull$#(&", because I personally am not seeing a drop in spam. If the McAfee report, as well as Brian Krebs' posts, show the totals are down, why am I getting a lot more spam, increasing weekly to the point where I am becoming actively annoyed again? I was wondering how much was due to the launch of the new Securosis web site, which was the 'cat and mouse' cyclical changing of spam techniques, and how much was an anti-spam provider not keeping up.

I spent a couple of hours last night combing through Postini alerts, my internal junk folder, and the deleted spam that had made it to my inbox. What I found was a linear progression from the time we started with Postini until now, with increasing rates getting caught by my internal spam filter, and a corresponding linear increase getting into the Inbox. Not sure why I allowed this to capture my efforts on Cinco de Mayo, especially considering I have developed a really good margarita recipe that deserved some focused appreciation, but hey, I have no life, and the article grabbed my interest enough to go exploring.

Anyway, I think that Postini is just falling behind the curve. We switched over September of 2008. My email address was broadcast when I joined Rich last July and I was surprised that there was not more spam. When we added the Postini service, no spam was getting through for a while, and every evening I would get my Postini status digest of the one or two spam messages it had intercepted. I still get these, and the digest always shows 1-2 emails captured. However, I am getting several dozen in my internal spam folder and another 15-20 in my inbox. And it is the old school blatant "Bank of Nigeria" and "Lottery Winner " stuff that is sneaking in. Even the halfway well-executed Citibank/Chase/BofA Security alert phishing attempts are getting caught my my personal filters, so how in the world is this stuff getting through Postini? This is not the 97-99% percent blockage that I talked about in the past, and customers have reported to me. I just did a survey 9 months ago and it may already be out of date.

It's time to make a change. The beauty of spam filtering as SaaS is that we can change without pain. I am on the lookout for a 10 seat SaaS anti-spam plan. Got recommendations? I would love to hear them. Share your advice and I will share my margarita recipe.

—Adrian Lane

Posted at Wednesday 6th May 2009 1:45 pm Filed under: anti-spam saasbrian krebsmargaritamcafeenetworkworldpostinispam

Previous entry: The Network Security Podcast, Episode 149 | | Next entry: Get the iPhone or Not?

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By Christopher  on  05/06  at  02:43 PM

I was a bit surprised by the claim as well.  I haven’t seen any recent drops in spam levels, we have noticed quite the opposite.

By Nick  on  05/07  at  06:52 AM

Since the McColo shutdown we have seen a gradual rise in spam only returning to pre-McColo levels about a month ago.
We are a small fish and only deal with about 20,000 emails per day including spam. But I have not been able to recognize the “return to normal” that everyone was talking about several months ago.
I would actually estimate that after the shutdown, we have been sitting about 20% lower than usual, until this past month. Not including the first period of time after McColo.

By Shane  on  05/07  at  03:24 PM

We have had very good results with MX Logic, but we have an enterprise-level arrangement.  I recently did a report that shows that for the last year, 89% of all the inbound email was stopped by them as spam.  They also do AV and can supply web and outbound filtering too, not that you’d b e interested in that.

BTW I’ve seen emails slipping through, too, even with the high filter levels.

By Christopher  on  05/07  at  04:15 PM

MX Police is another alternative.

By Adrian  on  05/08  at  11:04 AM

Thanks for the tips!

By Christopher  on  07/13  at  03:54 PM

Are you still running Postini?  Have you started your “bake off”?

By Adrian  on  07/14  at  07:15 AM

We are still running Postini.  The bake-off is slowed by my difficulty in collecting statistics for comparison.  After Black-Hat this becomes a priority and I will make the switch.

By Christopher  on  07/14  at  09:37 AM

If there is anything we can do to help, just let me know.

Page 1 of 1 pages

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: