Aussie university turns from Linux to appliances to fight spam

Struggling to cope with increasing volumes of spam, Australia's Deakin University was forced to redeploy its Linux e-mail servers and implement an alternative system for e-mail security.

Craig Warren, Deakin's operational service provision manager, said the Linux servers running antivirus and spam filtering software were effective for about three years, but "the spammers were steadily beating us".

As a result the university has implemented two IronPort c300 e-mail security appliances.

"We were continually spending time fine-tuning our detection and prevention, but the intruders were quicker than we were," Warren said.

Another organization that recently implemented IronPort is the CSIRO with IT security operations manager Tom Minchin confirming the science agency dumped its antivirus vendor Trend Micro in the process.

Enterprises claim they are losing their trust in e-mail as scams, spam, viruses and phishing continues to undermine its business value.

Blaming an over-reliance on the SMTP mail protocol Tom Gillis, IronPort marketing vice president, said the basic lack of identity and reputation of e-mail senders exacerbates the issue.

To overcome spam, Gillis said the entire industry needs to change the underlying infrastructure of e-mail, adding that the new wave of secured e-mail will be based on three core factors: identity, reputation and policy.

"We believe the root cause associated with all the things that slow e-mail down is in the SMTP protocol itself as it was designed when the Internet was a communication vehicle for scientists; the things that make e-mail successful are the things that make it vulnerable today," Gillis said.

"The key tool is adopting the notion of sender reputation because it is simple - if you look at the behavior of the entity, mail or Web server, past performance is a good indicator of the future - all the industry is gravitating around the reputation of the sender, because it is much harder to spoof."

Ambika Gadre, IronPort director of information services, said 80 percent of spam now contains a URL, so tracking the reputation of spam senders is important.

Graham Henley, former law enforcement officer with the Australian Federal Police and current director of data recovery and forensic software firm Get Data, said security vendors are yet to create the ideal product to solve the e-mail problem.

"Reputation-based e-mail is a great idea, but let's just see if it works; a lot of the big players are still struggling to get it right," Henley said.

Peter Stewart, the chairman of antispam provider New Millenium Solutions, believes the industry has lost its way.

"One definition of madness is continually trying the same thing and expecting a different result; filtering isn't working," Stewart said adding that systems that check IP addresses in e-mail messages isn't the solution.

His company has developed a solution called TotalBlock which is based on "challenge response".

This technique builds a list of acceptable incoming e-mail senders by replying automatically to all those who are not on the user's allowed list effectively blocking unauthorized e-mail.

"Since the authorization process requires human intervention, it bypasses drone machines that spew out high volumes of spam," he said.

(Additional reporting by Sandra Rossi)

» posted by jfruh

Computerworld Today (Australia)

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine