• silicon.com
• Technology
• Security

By Elinor Mills, 2 July 2009 13:35

NEWS

Â…out of the office.

"If you want high, high uptime, you need to take action immediately in the face of a service degradation," Croteau said. "Our team looks at the dashboard, but our key is we let computers take action" without needing a human to have to make a decision first.

Asked about the potential for the computerised system to assume too much control, Croteau said: "I don't think it's HAL-like, actually. Humans are responsible for application debug and event analysis."

In addition to the automation, engineers have playbooks, or rules guidelines, to follow if something goes wrong. The playbooks explain how to attack a problem and what to do in case of specific types of events.

Asked what might prompt his alarm to go off in the middle of the night, Croteau said that might happen as a result of a regional network outage or if an anomalous event stresses the system, such as a poor interaction with messaging payload and scanning binaries. "For us, the most challenging item would be something involving a legitimate payload," he said.

"Anti-spam is not about identifying spam; it's about identifying good mail," said Croteau.

Zero-hour protection

To identify and block spam and viruses, the automated Postini system looks for key words or phrases that indicate it's an ad or something dangerous, as well as looks at the structure of the email message and the headers, said Kevin Lund, a software engineer who developed a lot of the code the Postini system runs.

The system scores each message on numerous combinations of criteria, assigning a weight to each and then comparing the score to those in a database of several hundred thousand message types that have been flagged as good or bad from Postini honeypots and customer spam reports. The system identifies and blocks more than 99 per cent of the spam campaigns, according to Lund.

"We're rolling out little corks to plug the dykes," as part of a quick filtration process, then adding the data to the database for re-calibration, Lund said.

To block fresh spam attacks not covered by existing heuristic technologies and viruses not covered by existing signature databases Postini relies on proprietary Zero-Hour technology to identify new outbreaks that show up in the traffic patterns and quarantine them for later rescanning.

Customers can also create and build out their own whitelists of message senders they trust and blacklist others they don't trust. It takes an average of 150 milliseconds for a message to be scanned by the antivirus engines that Postini licenses from McAfee and Authentium.

silicon.com sister site, CNET News, asked Lund whether the problem of spam has been solved to satisfaction.

"If you can't bear to get a spam a day, then it's still a problem. It depends on your tolerance level," he said. "It's still a resource drain. You have to pay someone to get your email workable. It takes money and resources to keep spam at bay."

"We take [spam] seriously but we're not on some crusade," Lund said.

Lund, the technologist, would appear to be more laid back about the anti-spam mission than Scott Petry, who founded Postini in 1999 and now leads the group as a product management director at Google. During an interview, Petry animatedly drew a diagram on a whiteboard to illustrate how spam directly impacts a company's bottom line.

Basically, good protection can't mask the fact that spam volumes are rising as spammers continue to take advantage of economies of scale and are able to send exponentially more spam to more targets at virtually no additional cost.

Spam was a mere annoyance in email's early years in the early 1990s. The tipping point for the industry hit in 2002 when spam reached 40 per cent to 50 per cent of all messages. Estimates now put it as high as 90 per cent of all email, with virus-related messages ranging from 15 per cent to 50 per cent of the total, according to Postini.

To keep up with the rising spam tide, companies are forced to...

Click here for the next page