Brightmail on server

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

My ISP has been using Symantec Brightmail on it's mail server and I
must say I am impressed. Impressed to the point that it's no longer
necessary to munge my email address. It would be nice if all ISP's
used it.

Bill
 
Bill said:
My ISP has been using Symantec Brightmail on it's mail server and I
must say I am impressed. Impressed to the point that it's no longer
necessary to munge my email address. It would be nice if all ISP's
used it.

Bill
Click to expand...

Bill:

Who is your ISP?

I am with Comcast, and their implementation of Brightmail is blocking over
90% of my spam, but still some is getting through. I use SpamPal
http://www.spampal.org/ as my client side spam filter which uses either
DNSBLs (public blacklists) or blocking by country, cheching both the IP
addresses in the header and the IP addresses of URLs in the message body.

SpamPal catches 100% of my spam that Brightmail misses. Since all of my
spam is from either China, Korea, Russia, or Brazil and all of my good email
is from only the U.S., blocking by country is excellent. If Comcast's
implementation of Brightmail would permit more user controls, (such as
blocking by country) then it would be much better.

I would still munge my email address!

Steve
 
SpamPal catches 100% of my spam that Brightmail misses. Since all of my
spam is from either China, Korea, Russia, or Brazil and all of my good email
is from only the U.S., blocking by country is excellent. If Comcast's
implementation of Brightmail would permit more user controls, (such as
blocking by country) then it would be much better.
Click to expand...


I have to agree. The ability to customize wold be nice. I just don't
know if it's practicle for them to do it.
 
My ISP has been using Symantec Brightmail on it's mail
server and I must say I am impressed. Impressed to the
point that it's no longer necessary to munge my email
address. It would be nice if all ISP's used it.

Bill
Click to expand...

Bill,

My email has been filtered by Brightmail for over a year (or
more, CRS). It catches 50 to 95% spam (diffres from addy to
addy). Most ofted cited is ~90%. The last time I checked, mine
was 74% caught, 0 false positives.

FAIK, each ISP can set its own "rules." YMMV.

J
 
My email has been filtered by Brightmail for over a year (or
more, CRS). It catches 50 to 95% spam (diffres from addy to
addy). Most ofted cited is ~90%. The last time I checked, mine
was 74% caught, 0 false positives.
Click to expand...


I don't even have it hold filtered mail. I have it deleted upon
arrival once Brightmail determines it to be spam.
 
My ISP has been using Symantec Brightmail on it's mail server and I
must say I am impressed. Impressed to the point that it's no longer
necessary to munge my email address. It would be nice if all ISP's
used it.

Bill
Click to expand...

The ISP I use switched on Brightmail at the beginning of this year. I
have never used a munged address. I have used a real address for about
ten years and so I was on every spam list. My incoming spam ran into
hundreds every day. I had to manage it myself with filters and anti
spam applications but the introduction of Brightmail immediately got
rid of about 90% of the spam and now it is only letting 2 or 3 a day
get through to me. I no longer need any anti spam applications. I
still have lots of the old filters but they rarely need to do
anything.


Steve
 
I don't even have it hold filtered mail. I have it deleted
upon arrival once Brightmail determines it to be spam.
Click to expand...

Nor do I. I did that early on (paranoia and curiosity) for about
a month. Then switched to 'delete it' and never looked back. ;)

J
 
The ISP I use switched on Brightmail at the beginning of th isyear.I
have never used a munged address. I have used a real address for about
ten years and so I was on every spam list. My incoming spam ran into
hundreds every day. I had to manage it myself with filters and anti
spam applications but the introduction of Brightmail immediately got
rid of about 90% of the spam and now it is only letting 2 or 3 a day
get through to me. I no longer need any anti spam applications. I
still have lots of the old filters but they rarely need to do
anything.


Steve
Click to expand...

Steve:

The following link to a PDF by Brightmail, provides techinical details on
how there anti-spam works:

Symantec Brightmail AntiSpamT 6.0: A Product Overview
http://enterprisesecurity.symantec.com/content/displaypdf.cfm?pdfid=1023

Since I use SpamPal as my client side spam filter which uses either DNSBLs
(public blacklists), I find the private sector Brightmail technique to be
quite interesting. This is what Brightmail says:


A prime responsibility of the BLOC is management of the Probe Network, an
extensive array of over
2 million decoy email addresses, also known as spamtraps or honeypots. This
patented global network of
email accounts attracts and collects large quantities of spam-tens of
millions of spam messages pass
through the Probe Network every day. Symantec uses these decoys to stay
current with the very latest
spamming tactics.

Messages flow directly from the Probe Network to the BLOC for analysis.
Then, sophisticated tools
and automated processes go into action, analyzing incoming spam and
developing effective countermeasures.

The BLOC also develops and tunes other more proactive filters, such as
heuristic-based filters.

Such filters, which examine characteristics and behaviors that are unique to
spam messages, are
effective against spam that has not flowed into the Probe Network.
Approximately every 10 minutes,
antispam filters are pulled down over a secure connection to the Scanners,
where the filters are immediately
put into action.

The Symantec Brightmail AntiSpam architecture represents a constant feedback
loop, starting and
ending with your site:

1. The installed Scanner executes filters based on
real-time information from the Probe Network and
the BLOC.

2. The Scanner constantly reports back to the BLOC
regarding the effectiveness of deployed filters.
If necessary, adjustments are made in real time to
improve effectiveness.

3. Using their email clients, users at your site can choose
to easily submit missed spam messages to Symantec,
increasing the breadth and reach of the Probe
Network with the click of a button.


Interesting, huh?

Steve
 
Back
Top