Version 5.2 is coming soon, adding important tools to the comprehensive anti-spam arsenal that is the company's product.

by Alex Goldman ISP-Planet Managing Editor [September 6, 2007]

Reflexion first caught our attention with an innovative disposable e-mail address system that the company calls "protective addresses" because the idea is that having access to multiple addresses protects your identity. You t want to fractionate your inbound communications, explains David Hughes, Reflexion's CEO. When you each sender reaches you at a different address, you can see whose given away your e-mail address.

Also, the company gives you more control over the addresses than just turning them on or off. You can choose to allow only specific domains, or specific countries of origin, or even only one specific address to communicate with a non-disposable e-mail address.

Addresses are easily generated on the fly, and users can see statistics for each "non-disposable" address.

Scott Barlow, Reflexion vice president of sales and marketing, says this feature has blocked a considerable amount of spam for his own account. "Here's one example. Back in August of 2006, I purchased a template from a low cost template site called Template Monster. I started receiving spam almost immediately and soon disabled the address altogether. Since then, Reflexion has rejected 6,772 spam messages sent to that address."

A multi-tiered service
Version 5.2 puts together several interlocking layers of anti-spam protection, run as a hosted service. Hughes says that simple rules (rules that are simple but not necessarily easy to implement) can lower an ISP's e-mail load by over 96 percent, passing only a fraction of the total volume of e-mail through to the ISP's own mail servers (see diagram, below).

Step one, checking for a legitimate addressee, eliminates at least 80 percent of all mail, says Barlow.

"We find that between 80 percent and 90 percent of all mail on the internet is sent to unknown users," says Hughes. "One advantage of a managed service is that this is dropped before it reaches an ISP's infrastructure."

The system keeps an up to date list of legitimate e-mails by interacting with an ISP's LDAP (we did not ask for details—depending on your system, you might want to).

You might try to build a similar service by aggregating components, such as anti-virus, but Hughes points out that the system works as a whole. For example, e-mails on each user's white list (Reflexion calls it the "allow list") undergo only a virus check, sharply reducing false positives, which are a serious concern of users and therefore of ISPs.

A new level
Further down the list, Reflexion checks the nation of origin and the language (character set) of the message. "About 6 percent of all e-mail is in a non-permitted language," says Barlow.

So here's the total so far:

80 percent (minimum) blocked by dictionary attack filter

fraction of a percent blocked by anti-virus

widely varying percent blocked by the block list of known bad senders

90 percent of legitimate e-mail sent directly to the message server, bypassing the filter

6 percent of the remaining e-mail is blocked by using a non-permitted language

bottom line: 3 to 5 percent (i.e., generally about 4 percent) of the total sent through to the Reflexion filter (including only 10 percent of legitimate mail sent through the Reflexion filter). Far less sent to the ISP.

Data not yet in: the effectiveness of the new country filter, which Reflexion expects will be powerful.

Heuristic and Bayesian and Blaise Pascal
Let's talk philosophy for a moment, because there are two complementary philosophies underlying the spam filters that Reflexion (and the entire spam industry) use.

As The Economist magazine explains it (in an article in modeling the weather and climate), "Pascal's way of looking at the world was that of the gambler: each throw of the dice is independent of the previous one. Bayes's allows for the accumulation of experience, and its incorporation into a statistical model in the form of prior assumptions that can vary with circumstances."

In practice, a traditional filter (Pascalian?) has rules that score the probability that a message is spam according to the known characteristics of spam. Rules are applied to each message without regard to the results of analyzing other messages.

Bayesian (or heuristic) filters are the opposite: they use a list of spammy words that changes over time according to the results of analyzing actual message traffic.

Combining the two, claims Barlow, produces impressive results. "We deliver incredibly high spam blocking rates and approach zero on false positives."

The company believes strongly in its system, and is offering ISPs a free 30 day trial. Yes, it's a no obligation offer. "If you're not satisfied," says Barlow, "just change your MX records back."

Barlow says it's working. The software is popular. The company now has 4,000 customers in 35 countries, including over 100 ISP and e-mail provider resellers.

Handling rejected messages
The company now offers several options for rejected messages:

They can be deleted (the company calls it "vaporized").

They can be stored in a quarantine or flagged to be sorted into a user's spam folder.

Users can choose to employ a challenge-response system, which can use one of two options. Recipients of the challenge can either be asked to click on a hyperlink that whitelists them or they can be given in a new, automatically generated non-disposable e-mail address to which they resend their initial message (and all future messages).

Additional features
The system scans outbound as well as inbound messages. Barlow is quick to mention that Reflexion does not charge extra for outbound scanning, but that unnamed competitors do.

The system has a list of legitimate mail servers and domains, and rejects outbound mail sent by unrecognized domains, preventing your customers' zombie computers from sending out spam.

Conclusion
People may have specific objections to challenge-response or disposable e-mail addresses, Hughes admits, but the point is to give people the tools they want and to allow them to not use any tools they don't want.

"Some people feel challenge-response is a bad idea because the challenges end up going to an address the spammer spoofed. That's a valid point of the view. On the other hand, some people find it very effective. We're not dogmatic about this. We want to give users the tools to protect their inbox however they want."

In order to be effective, you need to mix your methods. "Some are content-independent, and some are content-dependent."

If you use only content-dependent filtering, you're vulnerable. "Spammers can manipulate the content of payload and test it against common filters."

Pricing and availability
The price of the product remains the same: 50 cents per user per month. It is available now. Version 5.2 will be released next week.

—End