Cleaning Pipes
One of the silly arguments put forward for blocking spam in the cloud is it saves you bandwidth. The argument goes, because they block it on the other side of your internet connection they are saving you money on bandwidth. Sometimes I hear this supposedly unique benefit given a name like ‘clean pipe’ or similar phrase.
The purpose of this post is to spell out why this is a probably bollocks and won’t save you anything.
For my demonstration I’ll be using two anti spam solutions. The first one is MailMarshal, a stand alone SMPT relay installed on a Windows server at a local government body. The second is Mail Sentinel, an appliance based solution that runs on a GTA firewall at a corporate site. I took statistics from both solutions early today just after work started, about 9.30am; so first those, then the explanation of what they mean for each solution.
MailMarshal Email Statistics
Rejected & never downloaded = 1045 - 98.6%
Quarantined as spam after downloading = 14 - 1.4%
Mail Sentinel Email Statistics
Rejected & never downloaded = 7065 - 98.4%
Tagged as spam after downloading = 115 - 1.6%
The guys running Mail Sentinel clearly see a lot more spam than the guys running MailMarshal. But in both examples over 98% of the spam was NEVER DOWNLOADED. If I was in marketing I might make a logo, call it a CLEAN PIPE triumph and show a graph of supposed savings.
But how is this possible you may ask?
MailMarshal uses what it calls receiver rules. These are rules run against the communications of the incoming mail server. If, for example, a mail server rings up and asks to send to an email address that does not exist at your end MailMarshal simply hangs up. Another example is if MailMarshal sends the IP address of the incoming mail server to Spamhaus and they report the address is being used by dirty rotten spammers. MailMarshal simply hangs up. None of these emails are ever downloaded, it hangs up on the sender before any email is downloaded.
Mail Sentinel uses similar techniques. It queries your post office (exchange or other) to check the email address in real time. If the address doesn’t exist it hangs up. If the IP address is one it has never seen before it automatically tells it to push off and try again later. Many spammers never call back because life is tough if you’ve 5 million spams to get out tonight. Managing retries isn’t high up their priority list. Mail Sentinel also uses Spamhaus and hangs up on known spammer IP addresses. Again, none of these emails are ever downloaded.
From the real life statistics above we can see these kinds technologies are very effective. They also prove you don’t need to sign up to a cloud based anti spam vendor to save data charges and bandwidth. If you already own either of these two products you probably won’t save anything at all, you can block 98% of the spam “in the cloud” as they call it. This assumes you don’t go around turning off rules on your install.
I can’t vouch for other anti spam solutions. Maybe they’re all crap and can’t do any of this pipe cleaning stuff. But I doubt it.
If you’re running either product and aren’t sure if they’re configured properly, give us a call and we’ll have you hanging up on crap in no time.
Comments
Post new comment