Brightmail tackles zombies
Antispam vendor releases new version of software to try to keep zombie PCs at bay.
One way that Brightmail's new software, Anti-Spam 6.0, filters spam is through maintaining lists of spammers' IP addresses, which it calls a Reputation Service. It gathers information on spammers by setting up "honey pots"--fake e-mail accounts on the Web designed to attract spambots trawling for new addresses to spam.
The listing feature has been improved in the new version and can now distinguish between IP addresses that send only spam and those sending a mixture of spam and legitimate e-mails, according to Mark Bruno, enterprise product manager at Brightmail. Computers sending partial spam may be zombies--PCs infected by a mass-mailer virus or Trojan horse. The antispam software blocks all e-mails sent by pure-spam IP addresses but makes additional checks on e-mails sent by addresses on the part-spam list to ensure they really are spam. This means that legitimate e-mails from zombie PCs are likely to get delivered.
Brightmail's software also uses a heuristics engine that looks for message characteristics that occur in spam. Bruno said that "Microsoft's Hotmail is so happy with our product that they delete spam immediately (without asking the Hotmail user). They delete a couple of billion e-mails a day."
The new software also features an improved ability to deal with foreign-language spam and a Web-based management console.
One Brightmail competitor expressed reservations about the company's approach. Amir Lev, chief technical officer at Commtouch, said Brightmail's honey pots can track only 80 percent of the spam in circulation because spammers get hold of e-mail addresses in many different ways. Spammers also prefer to use validated addresses. And because honey-pot accounts never reply to e-mails, he said, they will not be validated.
Ingrid Marson of ZDNet UK reported from London.