Beating Office365 with better anti-spam

Idea shared by Douglas Foster - Yesterday at 3:56 AM

Proposed

This is follow-up to comments in the "SmarterMail Marketplace" topic about the difficulty of beating Office 365. The most recent post talked about building out our best features to have better talking points when selling. One of those talking points is anti-spam tools and philosophy.

The commercial products promise to solve the problem for people who don't ask questions. When you dig deep, you find a generic product that cannot be customized to your needs very much.

We have the ability to build anti-spam solutions that are highly tailored and more effective, because we have access to two customizable rules engines in Declude and Declude Reboot. If you are waiting for SmarterMail to build a free alternative to Mimecast, you will never beat Mimecast. If you are willing to put the effort into building your anti-spam solution based on optimizing your available tools, you can win.

My design principles have been very non-standard:

- All messages should be free of impersonation threat, so all messages should be authenticated.

- Malicious messages come from malicious actors, so blacklisting of bad actors is the goal of every message log review.

- My rules engine must allow me to respond to every new threat as soon as it is discovered.

- Don't release any information to an attacker

I have never attempted to become a content filtering guru. So I still have a low-end appliance to do my content filtering. But I have worked hard to minimize its workload. Here is a summary of how my last 225,000 messages have been dispositioned by customized Declude:

59.84% Blocked for Directory Harvesting (all recipients

18.53% Whitelisted to avoid spam score errors

6.79% Blocked unconditionally based on sender reputation

0.69% Quarantined based on sender reputation

14.15% Released to Content Filtering for disposition

After review a bunch of commercial products, I have concluded that:

- they rely almost exclusively on content filtering,

- their whiteilisting option will allow whitelisted impersonation,

- they give the client inadequate tools to respond quickly to new problems

- they give inadequate tools for blocking nuisance advertising that fills your mailbox.

They need tools to remove spam from mailboxes because they know that they will allow dangerous content into mailboxes.

I wish we had a whole community section for discussing anti-spam theory and anti-spam implementation using the various products we use. And then I wish it was the most active section of the community.

1 Reply

Reply to Thread

Douglas Foster Replied

Yesterday at 5:27 AM

Here is my concept of a complete filtering solution. (Nobody has it all, but it is worth considering which pieces you want next.)

Sender authentication and Sender Reputation filter
Content Filter
Message log review for system managers
Tools to efficiently create filtering rules in response to log review results
User engagement with user-level quarantine
User engagement with customization to Friendly Name, Subject Text, and Body Text
User feedback about specific messages (SmarterMail options "Send user spam feedback to antispam providers", or "Send user spam feedback to training folder").
Registered list of subscribed mailing lists and approved inbound forwarders, since these require different authentication strategies.
If outbound auto-forwarding is allowed (not recommended), tools to reverse any inbound changes so that inbound DKIM signatures are restored.

Optimally, the spam filtering team should include invest some effort toward sending abuse reports to infrastructure providers, so that bad actors get de-platformed. The data to do this can come from log reviews and from DMARC feedback reports.

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text

1 Reply

Reply to Thread

Tags

Related Knowledge Base Articles