News

IBM Releases Spam-Fighting Tool

• By Linda L. Briggs
• March 24, 2005

IBM has introduced a new spam-fighting tool that analyzes the domain identity of an e-mail message to help block spam. The approach uses a challenge/response method, but sends the challenge only if e-mail appears to be spoofed.

"It's definitely an interesting approach," according to Judith Hurwitz of Hurwitz & Associates. Typical spam-fighting tools use tactics such as pattern checking and scanning subject lines in an attempt to identify spam before it reaches desktops. That approach doesn't always work, of course, as spammers become more ingenious with subject lines and content, and as legitimate messages are inadvertently blocked.

IBM's product, called FairUCE (for fair use of unsolicited commercial e-mail), works by analyzing the domain identity of an e-mail message, using built-in identity management capabilities at the network level. FairUCE establishes the legitimacy of an e-mail message by linking it back to its origin, IBM says, thereby establishing a relationship between an e-mail domain, e-mail address and the computer from which it was sent. Since IP addresses are fixed and cannot be changed, FairUCE can identify whether messages are arriving from a zombie computer, bot device or legitimate e-mail server.

IBM contends that the solution is superior to content filters, which require frequent maintenance (AOL estimates that spammers respond within four hours to a change in a content filter).

The current release is implemented as an SMTP proxy that runs between multiple instances of Postfix, the open-source mail product, on Linux; Windows is not supported. IBM says support for two other e-mail products, Qmail and Sendmail, is being considered. Inside the proxy server, IBM says, administrators should be able to use existing mail servers, although Postfix is required outside the proxy. The product is not intended for end-users.

Hurwitz says FairUCE will probably appeal to high-end companies such as managed service providers, who may add it to their arsenal of spam-fighting tools.

Technically, FairUCE works by attempting to find a relationship between an e-mail message sender's domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. If such a relationship can't be found, FairUCE attempts to find one by sending a user-customizable challenge/response.

If a relationship can be found, FairUCE checks the recipient's whitelist and blacklist, as well as the domain's reputation, to determine whether to accept, reject, challenge on reputation or present the user with a set of whitelist/blacklist options.