eReports - Article template

Is Unseen Spam Clogging Your Email Arteries?

Even with the recently enacted legislation, spam continues to be a major problem for most firms. Many IT staffs have responded to the problem with a variety of front-end server-based applications from companies like Corvigo, Clearswift or Tumbleweed that intercept and filter e-mail before it reaches your messaging system. While this approach has dramatically reduced the amount of spam that reaches an end user’s mailbox, it has not eliminated all of the problems caused by spam attacks.

You may have asked how spammers get the names of individuals within your firm. One technique they use is known as a “dictionary attack.” Once they determine a valid domain name such as lawfirm.com, they use a dictionary containing thousands of common e-mail names and launch an attack on your messaging server. Most of the e-mail addresses used by the spammers do not exist within your firm; however your mail servers still process the e-mail request and prepare a response in the form of a Non-Delivery Report. The report is sent back to the originating sender which in many cases is an invalid e-mail address. As the number of failed messages for non-existent recipients increases, so does the load on your mail server as it queries DNS and attempts to connect to the Spammer's non-existent return address, thus consuming resources and bandwidth while reducing overall performance.

One way to reduce this load on your internal mail server is to reject bad mail at your front-end filtering/relay server before it reaches your mail server. Many SMTP filtering relay products, such as Clearswift's MAILsweeper, Corvigo's Mailgate and Tumbleweed's MMS, offer the ability to create a whitelist of allowed recipients via an LDAP (Lightweight Directory Access Protocol) query to your internal directory service (e.g. Novell eDirectory in Netware networks or Active Directory in Microsoft environments). This shifts the burden of filtering e-mail for legitimacy to your external relay servers which are designed to examine and process non-legitimate mail and take the appropriate actions based on assigned parameters. These non-legitimate messages can be dropped or quarantined by most relay products, thereby not "passing the buck," but actually reducing the inbound mail volume and freeing up the processing requirements of your internal mail servers. By rejecting the message at the edge of your network based on recipient address, you can also reduce the bandwidth consumed by spam and significantly improve your Internet performance. Also, many mail servers hold onto these undeliverable messages which can consume a significant amount of disk space if left unattended.

We recently implemented this solution at KKL and immediately saw our inbound message volume on Exchange drop by 40,000 messages per day. The following chart tracks the e-mail volume before and after changing the configuration of the relay server.

While your results may differ, the fewer illegitimate messages your server(s) handle, the better. The ability to create an LDAP-based list of addresses on your mail relay can only help your system's performance. For help in determining whether you have a problem with illegitimate e-mail and how to configure your front-end relays to help solve the problem, please contact us.

Please note the services and products mentioned in this article do not necessarily reflect KKL's recommendation of the products or services listed. This listing is done for informational purposes only.