Fortunately, there are multiple solutions on the market that go beyond superficial keyword searches to nail spam at the gateway. While none of these solutions is perfect, in part because spammers always find new ways to fake out the filters, many CIOs are finding that the tools are an effective means to fight spam.

Local Filters

One of the first approaches to stopping spam involves simply filtering messages at the gateway. The best tools combine a number of techniques to fight spam, including content filtering, keyword matching and heuristics?statistical probabilities used to determine whether a message is spam based on hundreds or thousands of characteristics, such as header information, punctuation and capitalization. Such tools may also use RBLs to block mail from servers known to be used by spammers (unfortunately, those same servers may also be used by legitimate senders, so RBLs alone are an imperfect solution).

The more prominent vendors offering such tools include ActiveState, CipherTrust, Elron Software and Tumbleweed Communications, with a number of smaller vendors, including Vircom and Ipswitch, also in the space.

Local filters give CIOs considerable control over their spam-fighting efforts. And unlike ISP- or ASP-based solutions, all e-mail gets evaluated within corporate walls.

But Jonathan Penn, an analyst with Cambridge, Mass.-based Giga Information Group, says that local filters can require a lot of maintenance, with IT constantly forced to fine-tune filtering rules.

Dealing with spam locally can also require a lot of processing power. If a spammer sends 1,400 messages to a particular domain, the receiving mail transfer agent (MTA) must respond to each user name with a failure notice, which can keep the MTA busy fending off spam rather than processing valid messages, according to Graff. Still, if properly implemented and maintained, these tools can be about 90 percent effective, according to estimates from vendors and users.

Another option that counts as a local solution, but that takes a different approach from the vendors of local filters in identifying spam, is Brightmail.

Brightmail has a network of more than 200 million mailboxes the company set up on the Internet whose sole purpose is to capture unsolicited e-mail. Brightmail has also developed software that aggregates the messages coming into the different mailboxes on its network, generates a unique fingerprint for each message and then automatically generates a rule to block that particular spam message based on its various characteristics. Additionally, Brightmail runs an operations center where a staff of 30 monitors activity across its network and tests each signature to ensure it’s not generating false positives. The company downloads those rules to its customers every five to 10 minutes.