PureMessage Raises E-mail Admin Standard - page 2
ActiveState's Perl of a Product
PureMessage provides four basic modules that encompass anti-spam, anti-virus, policy rules, and central administrative support functions.
The anti-spam module uses what Kraft called the "three C's" to consolidate and generate a composite value or score that's used to determine if a message is spam. Competing products typically use a tiered approach which tends to create false positives. The three C's look at consent, circulation, and content to generate the score to give a relative indication of whether or not a message is really spam.
- Consent tests the consensual relationships between the users. For example, does it make sense that the users would be sending messages to each other? Some of the techniques used to verify consent include using reverse DNS lookup techniques, blacklists and whitelists.
- Circulation tests take a little different approach. These tests look to see if the same message has been seen in the past, much like the technique used by Vipul's Razor.
- Content tests evaluate the patterns of the spammer. For example, what characters or patterns consistently show up in the message that are characteristic of a spam message? The tests also identify various methods of spammer cloaking.
Kraft also described a "fourth C" even though it starts with a B. The fourth test uses Baysian analysis or the statistical probability that a given word is either a spam word or a legitimate message word. All the scores are then rolled up into the final composite score for the message.
The second module in PureMessage handles the anti-virus duties. Spotting viruses and either eliminating them or putting them in quarantine is an important part of any email administrative strategy. PureMessage uses McAfee's virus detection toolkit and include these features:
- Trojan horse detection
- Macro virus detection
- Malformed header attack detection
- Configurable messages for infected email
The policy module allows administrators to design rules that direct PureMessage to carry out specific actions on messages. A customer's success with this module highlights how it works.
One of ActiveState's larger educational customers is Stanford University. Eight months ago, the University sys admins received 800 complaints/day and needed a way to let users know that a message might be spam. The situation was overwhelming the system administrators, as well as the end users.
The policy module gave sysadmins the flexibility to take various actions depending on the incoming message. The solution was to mark the subject line to indicate that a message might be spam, after being evaluated by the other PureMessage modules. The user's email client could then filter the message either into a folder or just get rid of it automatically. Large organizations typically quarantine messages using different or even multiple policies and PureMessage allows great flexibility in this area. Kraft said that the Stanford system administrators became heroes for their subject line notification solution.
Finally, the centralized administrative support module manages all aspects of the PureMessage functions across multiple installations and servers. It includes a web based GUI that allows the system administrator to monitor the health of the system and do various reports. Coupled with the admin support module is a policy builder, quarantine manager, and report generator.
PureMessage takes a pretty comprehensive approach to email management. All of that functionality just doesn't happen on its own--it takes a stong team of developers to put such a product together.