Mail & messaging Toolkit

MessageLabs: Filtering your email sewage

Tags:
Anti-spam Crusade,
Anti-spam

Tom Espiner ZDNet.co.uk

Published: 30 Nov 2005 13:45 GMT

"ISPs do the equivalent of pumping out raw sewage into your home. You wouldn't expect to have to filter your own water, so why do home users have to filter their own data?"

Paul Wood, MessageLabs senior analyst, has some very forthright views on just who should share the responsibility for ever-growing virus and spam burden on businesses and consumers. The comments are part of a guided tour of MessageLabs UK's main research facility near Gloucester.

For more, see the rest of our special report:

Inside Symantec's nuclear bunker

Sophos: Protecting the world from The Pentagon

"ISPs take the view that if they start looking at data packets, then this changes the legal position of the company," adds Woods, in explanation of service providers are reluctant to get involved with security filtering. MessageLabs on the other hand regards screening spam and malware from its customers as its core business or "messaging security and management" as the company describes it.

The company claims that 1 in 50 emails contains some form of malware, and is in a good position to comment on how ISPs should behave having grown out of Star — an ISP. MessageLabs claims that ISPs should collaborate more to minimise the threat caused by malware.

"ISPs need to talk to each other, and share information proactively," says Alex Shipp, MessageLabs senior antivirus technologist and 'imagineer'. "When we started out, MessageLabs used to send emails to ISPs saying spam was coming from their IP addresses, but ISPs hated that. They sent us rude emails. We had to stop, because we were finding so many compromised IP addresses — 1.5 million per day. If we sent out 1.5 million abuse reports per day to ISPs, we'd be spamming them!"

Shipp claims that he recently discovered that 700 different accounts were used to host spam Web sites on one ISP. "If we reported this to the ISP and they did something about it, and managed to shut down new compromised accounts every two minutes, it would take them all day. And, they would just have 700 new compromised accounts tomorrow," he adds

Although MessageLabs scans some150 million emails per day, the UK antivirus operations are run by a relatively small team. "We have eight people in the UK office on the full-time team, plus the Network Operations Centre guys doing anti-virus and anti-spam work."

The company is able to be effective with a small team by escalating anti-malware work, and by using third-party antivirus engines. It also has offices in Sydney, Hong Kong, Singapore, New York and two sites in the UK — Gloucester and London. MessageLabs can follow the sun, an essential prerequisite for security companies to tackle a global problem. Both Symantec and Sophos can also respond 24/7.

MessageLabs antivirus team deal with a mixture of long and short-term projects running concurrently. Long-term projects include looking at different ways to roll out malware signatures over the company infrastructure and measuring the efficacy of other vendors' antivirus engines used by MessageLabs. Currently, the...