|
|
E-mail Archives vs. Quarantines
A More Effective Way to Ensure Accurate Mail Delivery
The Trouble With Quarantines
Conventional wisdom in the Antispam market says that there will always be some messages for
which a spam filter will not be able to safely make an Accept or Reject decision.
When this happens, most filters sluff off the problem to the e-mail administrator or e-mail user
by parking the message in a Quarantine.
While this may be the conventional approach, it is hardly optimal. There are many factors that make
quarantines undesirable. Here are some of the biggest drawbacks users experience when using quarantines...
Shirking Responsibility
The spam filter's job is to separate wanted from unwanted messages. Any message placed into quarantine
is an open admission by the spam filter that it is unable to do its job. By quarantining a message,
the spam filter is saying that it is delegating the Accept/Reject decision for this message to you or your staff.
The problem here is that making Accept/Reject decisions is why you purchased the filter in the first place.
Wasting time by forcing humans to make decisions is exactly the situation you were hoping (and paying) to avoid.
Indecision Cost Money
If a spam filter places a large number of messages into quarantine, it is wasting your employee's time, and your
organizations money, by
refusing to make a filter decision. XPMsoftware has seen many cases where competing antispam products place
up to 50% of all incoming messages into quarantine.
Companies who use these products often delegate the task of reviewing and releasing
quarantined messages to a junior e-mail administrator. For mid size companies, the result can be half a day of
lost time (for the e-mail administrator) every working day. If a junior administrator makes $50k/year, then
your message quarantine is costing your company $25k/year (times forever)!
I've Been Exposed!
Spammers go to great lengths to disguise their content. One trick they use
is to completely eliminate an e-mail message
body in favor of a single graphic. Spammers do this because they know that for content based antispam solutions,
the filter's effectiveness is severely impaired when there is no content.
The result is that the person(s) responsible for rummaging through quarantines may be forced to review these
messages because the Spammer has done a reasonable job of making the message headers (From, To, Subject, etc.)
look legitimate. It is not uncommon for Spammers to use images to promote adult web sites. In this case,
the graphic may contain explicit pornographic material. Not only is this material unsuitable for any business
environment, it may contain images that are actually illegal in your jurisdiction. Requiring an employee to
review such material may expose your organization to Workplace Health and Safety complaints or
Sexual Harassment complaints.
In most jurisdictions, it is the employers responsibility to maintain a workplace where employees are not
exposed to such material. An ineffective spam filter exposes an organization to risks that go far beyond
incorrectly handled e-mails.
Third Class Customer Relations
A significant risk of any quarantine is that users may (inadvertently) ignore quarantined messages.
If this happens, legitimate messages (that are quarantined) may languish within a large collection of spam.
The original sender is unaware of the status of his message (because your spam filter accepted the message).
They incorrectly think that their message has been delivered to the intended recipient. Meanwhile, the
recipient is completely unaware that the message is stuck in transit. After some time, the sender may get the
mistaken impression that they are not important to the recipient because the recipient has not responded.
By not clearing your quarantine, you may be jeopardizing your business relationship with this customer.
No Safety In Numbers
Another risk of quarantines is that legitimate messages go unnoticed because they are hidden in a long list of
Spam. Forcing employees to read through lists of hundreds of mail messages (daily) to look for false-negative
messages is a waste of employees time, and fraught with risk.
Lost in the Mail
Without periodic housekeeping, quarantines will grow without bound. To prevent this, many antispam products age
quarantined messages. Once a message reaches a certain age - it is deleted.
The problem with this strategy is that employees who are on holiday, who are traveling or
who are simply out of communication
(Internet challenged hotel) may end up loosing valuable business e-mail - without even knowing that the message
was lost.
I Can't Get There From Here
Filters that rely on quarantines provide user login capabilities so that individuals can review their held
messages. If the spam filter is behind a firewall, it is possible that users may not be able to gain access to
their quarantine when they are away from the office.
If that happens, your traveling employees may not be able to review and release their held
messages. This may result in the perception of lost messages, or your e-mail administrator (how much do they
make?) may be forced to work your staff's quarantines.
Quarantines - A Non-Solution
Simply put, quarantines are terrible solution to the problem of Spam!
Any e-mail user forced to use one intuitively knows this -
and most spam filter makers know this. Believe it or not, it is common practice for many spam filters
makers to quietly recommend to their customers that they disable the quarantine!
When you do this, you give the filter no choice... it must deliver (to users) all of the messages that would otherwise
have been placed in the quarantine. And (as we indicated earlier) this may result in a lot of spam being
forwarded through to users. The result - the spammer wins.
PerfectMail's E-Mail Archive
PerfectMail Does Not Use Quarantines - period.
After everything we just said about why quarantines are undesirable, why would it?
PerfectMail provides accurate, effective, consistent filtering without quarantines. PerfectMail
eliminates the risk of mishandled mail by using a unique approach to handling uncertain messages. For
starters...
PerfectMail is rarely uncertain!
PerfectMail reduces the risk of an incorrectly handled message by
automatically learning your e-mail users and their peers. Any message exchanged between known e-mail peers is
automatically accepted (exception; viruses and messages with unwanted attachments).
The result is that PerfectMail is never uncertain about any message received from any established
e-mail peer. Therefore,
Your most important messages, from your regular e-mail peers are always handled correctly.
Because PerfectMail knows, and favors mail messages from known peers, uncertainty only arises whenever a message
is received that:
- Is from an completely new user, and
- Arrives from a poorly configured mail server, or
- Contains unverifiable message header or envelope information, or
- Has content that correlates strongly to content sent by spammers, or
- Makes references to black listed servers or sites
In reality, very few legitimate messages fall into this category.
We are 99.5% Sure Of It!
Field experience shows that PerfectMail regularly achieves an uncertainty level of less than 1%. And,
we've seen uncertainty levels as low as 0.15%. At these levels, PerfectMail's uncertainty level
between 1:100 to 1:667 messages.
At such low uncertainty levels, we decided that it was simply not worth building a quarantine.
Doesn't Every Filter Eventually Makes Mistakes?
Absolutely, we know that despite its name (and our best efforts), PerfectMail isn't - well, perfect.
Since filter errors are inevitable, we provide PerfectMail with an E-mail Archive.
PerfectMail's safety net is a short-term e-mail archive
that retains messages even after they are handled. It works like this:
- A message arrives and it is instantly scored.
The message receives one of three possible dispositions. Accepted and Tagged (marked with a warning and
accepted) messages are immediately delivered. Rejected messages are refused, and the sender is given
an error message that includes your company's phone number. Senders are
encouraged to call you to resolve the issue. Legitimate senders will call. Spammers won't.
-
Regardless of the disposition, a copy of every message is saved in PerfectMail's short term archive.
PerfectMail's archive is its safety net. If PerfectMail incorrectly rejects a message,
the sender will call you. You can retrieve your message by asking
an administrator to find the message (keyed by sender, recipient and/or time) in
the archive and Release it. Released messages are immediately delivered to the recipient's in basket.
Administrators are often leery of our approach because they believe they will be required to release many messages
each day. However, it is our experience that administrators will be asked to release no more than one
or two messages per week! We have customers who tell us that PerfectMail has not incorrectly rejected any
message in months!
Users Make Mistakes
Have you ever mis-filed or deleted an e-mail by mistake?
If you have, you know how embarrassing it is to call the sender and ask
them to resend it (assuming you caught the sender's e-mail address).
PerfectMail's short term e-mail archive provides an additional benefit. All messages, not just deleted
messages, may be released even after they are handled. This means that administrators
using PerfectMail can retrieve and resend any recent message in less than a minute.
Summary
PerfectMail's E-Mail Archive is much more effective than a traditional e-mail quarantine.
By using an archive, PerfectMail avoids the risk, cost, productivity problems
and overhead of a quarantine. PerfectMail's short term e-mail archive lets administrators
resend any message (regardless of its disposition). In less than a minute, an incorrectly rejected message can be
found and resent to the intended recipient.
Furthermore, PerfectMail's short term archive provides protection against
mis-handled (accidentally deleted or mis-filed) mail by the user. Important mail can always be retrieved, reviewed and resent.
Management & Policy Enforcement
PerfectMail's short term archive provides an additional benefit.
Management can review the content of any message exchanged between a user and their peer.
This feature allows management to keep employees productive by ensuring that e-mail is used solely as a business tool,
and not for personal use¹.
__________
[¹] To ensure conformance with employment laws, it is wise to inform employees that e-mails may be reviewed
by management before conducting such reviews.
© 2006 by Larry Karnis and XPMsoftware. All rights reserved. Permission is hereby granted to
quote from this article in whole or in part, or to reproduce this article by any means as long as
the the author and XPMsoftware receive appropriate attribution.
About the Author
Larry Karnis is the president of
XPMsoftware, the developer of PerfectMail Antispam and
Antivirus appliances. Larry has spent the last 7 years focused on e-mail security and e-mail
security solutions. Before that, Larry worked as an IT infrastructure and security consultant.
Comments on this article should be directed to
lkarnis@xpmsoftware.com.
|
Link to Us
Bookmark Page
Print
