Managed Security Services

MSSP Survey Part 4:
Managed Anti-Spam Services

A number of trends, from mass mail worms to an increase in spam itself, have combined to encourage MSSPs to offer anti-spam services.

by Lisa Phifer VP Core Competence, Inc. [January 18, 2005]

Managed anti-spam services have been growing for several years, but this is the first year that we surveyed mail filtering as a separate category. (In previous surveys, mail and Web filtering were treated as one.) Not surprisingly, we found the same number of providers offering Anti-spam and anti-virus services (see table). In many (but not all) cases, these services were offered on the same platform(s), as options of the same "managed e-mail security" offering(s).

As the ratio of spam-to-legitimate e-mail grows, network and server utilization increases and business productivity drops. Most employees now feel the impact of spam on their daily work habits. Some home Internet users have diminished or even abandoned e-mail use because filtering spam is "too much trouble." Clearly, providers and their customers have strong incentive to eliminate spam—the challenge is to stop unsolicited e-mail without inhibiting legitimate communication.

Every provider offering Anti-spam in this year's survey has a network-based offering. Three providers (ISS, SecureDesigns, Unisys) also offer CPE-based services. As this graph illustrates, these Managed Anti-spam Services focus almost exclusively on mail protocols, especially inbound SMTP. POP, IMAP, and outbound spam filtering options are also common, although less prevalent.

Spam filtering can be accomplished through a variety of advanced techniques, including Bayesian analysis and heuristic filtering. Domain or host black lists are quite common for routinely blocking known spam sources, as are configurable white lists for creating selective exceptions. Filtering based on "bad words" or keywords is another method, sometimes combined with scoring (i.e., a message containing a lot of banned text gets a high score; if the score exceeds a configurable threshold, it is blocked or rejected).

Some MSSPs claim 90 percent or better success rates in differentiating between spam and legitimate mail, depending upon customer configuration. Filter effectiveness, configurability, and ease-of-use are all important differentiators for anti-spam providers, so shop carefully.

Consider each provider's interfaces for end-user access to quarantined spam (offered by all MSSPs in this year's survey), available methods for reacting to spam (e.g., quarantine, reject, tag), exception granularity, and reporting capabilities.