Current spam and virus solutions have arguably had limited success, primarily because they all tend to be reactive in nature. What are the most promising ideas for tackling the spam problem?
There are two answers to that question. The first side of it is, coming back to the reactive nature, you definitely need something that is proactive, or more accurately, very dynamic. For instance, the profile of spam changes not just by the day, but almost by the hour. You need something where the filtering rules and techniques both to eliminate spam and eliminate false positives are literally changing in real time as the profile of spam is changing. An Internet-level approach, where you have complete control of the environment, is much more tailored to deliver on this because detection profiles can be changing in real time without having to push out updates to clients in the hope that they get applied… you've got total control.
But more importantly, Internet-level scanning becomes much more pertinent when you look at the sheer volume of mail that's involved. Even if you had actual desktop prevention that was effective, the simple fact is that you've still got to receive all that mail to then decide you don't want it -- it's too late. By this time, your bandwidth and mail processing resources have already been tapped. The trend for the future, and obviously we are in this business, but we are seeing a trend -- not just ourselves, but also companies like us -- for Internet level protection to become the next big thing… to stop spam at its source before it gets anywhere near corporate boundaries or home users and erodes resources. Ultimately, as these Internet-level solutions become more prolific, the costs that spammers themselves incur will increase dramatically. As it becomes harder and harder for spammers to achieve results, they will look on to something else.
Internet-level filtering is exactly Messagelabs' business. This means that all your clients' email communication is monitored by you. Is this a potential cause for concern for corporate clients, specifically, that there is a third party out there that has root-level access to all mail that it sends or receives?
I think confidentiality is an initial concern, but this is a concept that has existed for a long time. All the same issues exist for any company's upstream ISP. What we need to do is make people think about the scanning concept more, and make great steps to give our customers the highest possible level of comfort and confidence. We are certified ISO 17799 and BS 7799. What that means is that we are externally audited about exactly how we manage our data and even who we can employ. We're also looking at providing an encrypted link from ourselves to our customers. Once we become the trusted party, we can also guarantee that the traffic between us and them is safe. We're looking at supporting the TLS (Transport Layer Security), which is emerging as the de facto standard for encrypted email. Messagelabs right now has a lot of financial, legal and even government customers, who themselves have performed a high degree of due diligence on our service.
Can you name some of your customers?
Our customers include the entire British Government, The Bank of New York, EMI Music, HealthPartners, StorageTek, Air Products and Chemicals, SC Johnson, Conde Nast Publications and Fujitsu, to name a few. There are other important clients who wish to remain nameless.
About Messagelabs:
Messagelabs is the leading provider of managed email security services with more than a 50-percent share of the managed email security services market. The company currently protects more than 8,000 businesses worldwide from email threats such as viruses, spam and other unwanted content before they reach their networks, without requiring additional hardware or software.
Talkback
I couldn't agree more that the monitoring and deletion of spam / viruses should move to a higher level than is currently the case. Many home users still don't have a clue how to protect their machines, and many cannot afford proper protection but still show their faces (and their backs!) on the net. Also, in third-world countries there are ISP's who struggle to provide the bandwidth that customers pay for, but there are always "low-tech" glitches which ensure that you don't even get that bandwidth. When spam starts rolling in, Internet access becomes nigh impossible, and the potential benefits for businesses in these countries fall away. Do we go back to the cleft stick, or do we accept that monitoring is better done as suggested, at Internet level? I'd willingly trade some degree of privacy for properly audited protection, stop frantically searching the Web at ridiculously low speed for patches, fixes (and nostrums), and get back to doing business in a relatively normal manner.
What are politicians afraid of? One very simple law would completely cure the problem world wide!
i.e. If a person or company does not specifically request another's SPAM, the SPAMMER commits an offence when distributing Spam, viruses or phishing. The offence of 'DISTRIBUTING UNREQUESTED INFORMATION OF ANY TYPE' commits the SPAMMER, Virus Writer, Phisher etc. (on first offence) to a minimum jail sentence of TEN years hard labour WITHOUT parole and WITHOUT access to any and all forms of I.T. for the duration of said prison term. (This should please the Human Rights vociferous minority as the majority of humans would be protected from Internet effluent and from the S.H.1.T. producing the effluent!).
Check out Spam-Exile, It works
I'm amazed that free classes have never been offered anywhere to show how the fight against spam and viruses must be do. I train my work people until it is second nuture to just set it up and make sure everyting is set to one of the higher levels of fighting viruses with a decent anti-virus program and the same with SPAM ... I use mail provided by ic24.net who's anti-virus and anti spam programs are about.
I very much agree with this article and would look for a way to pressure our parliment on this matter.
Actually I agree with the posting above. I used to get over 100 spam messages a day - now I get NONE.