Shivering on the 49th Parallel
Thursday, October 12, 2006

For the past few years, I've been using Cloudmark Spamnet for my spam-filtering needs. It works pretty darn well, too. Very rarely did any spam get into my inbox, and even more rarely did a real email get marked as spam. I think it was $39/year subscription, but I had the first year (of paid filtering) at half price because I was on the beta team for it.

The only problem I had with it is that it worked at the client level, when I checked my email through Outlook. If I was at work or on the road and went through Outlook Web Access, then I had to manually scan through all the spam looking for legitimate email. Not such a huge thing, but it put a huge damper on wanting to check my email on my phone, or heaven forbid setting up push email on Exchange 2003 SP2 to automatically send it to my phone, Crackberry-style

On average, I was getting about 500 spam messages per week. I would un-officially keep track of it by emptying the folder every Sunday night. Talking to Rich (who was hosting the server) the SMTP logs were in the neighborhood of 15-20mb PER DAY. That equated to over 60,000 SMTP connections per day. Yikes. That's WAY more than we get at work, where we're supporting over 350 mailboxes.

About a month ago, I noticed that a couple weeks in a row, the spam dropped to about 250-300, or almost half. I asked Rich if he had done anything and he said yes he was trying out Trend Micro ScanMail for Exchange and the Real-time connection blocking filter. Suddenly, the spam shot back up to 500+ per week. Turned out that the RBL was a 30 day free trial.

While I was at home last month for Ork's wedding (pics to follow, a few are on Flickr) Rich was telling me about a new service that he was going to try out, called Basically it's an SMTP proxy service. You change your MX records to point your email at their servers, they scan and filter it via a wholey crapload of virus engines and of course, spam filtering using various RBLs, DNS blacklists and even a Bayesian filter and lexical analysis. You configure your Exchange server to ONLY accept connections from Mailroute's IP range, and the ONLY emails you will get will be ones that have been 'scrubbed' by Of course, there's always an outside chance that one could get marked falsely as spam, so you can log in and review everything that's been quarantined for the last few days.

We turned it on for the mail server last Thursday. Even taking into account the delay for DNS propagation, I noticed on Thursday that my mail volume dropped drastically. In the last seven days, I've had 43 emails come through from Mailroute and get tagged as spam by either Cloudmark or Outlook's built-in junkmail folder. Even being lazy with the math, that's only 10% of the email load the Exchange server has had to deal with, and that I've had to download. Suddenly, running Outlook in Exchange Client mode using RPC over HTTPS can work and Push Email comes into the realm of possibility (aside from not doing it because the Cable & Wireless data plans are too expensive)

So my spam has been reduced by over 90%, I've had no false positives and the Exchange logs dropped from 30mb per day to 6mb per day, and after pointing all the MX records to Mailroute's servers, the SMTP connection log has dropped to 600Kbytes. Not only does Mailroute work as advertised, but the decreased demands on the bandwidth, processor cycles and storage lower the return on investment time period. I don't know how long Mailroute has been in business, but I wish I had a solution like this five years ago. :)

Thursday, October 12, 2006 5:00:34 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech#
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Admin Login
Sign In
Pick a theme: