This article comprises comments by Rob Axelrod on Spam filtering, certainly one of the hot buttons of the day for Domino admins. It is an overview that provides advice, and is in fact outside the realm of our typical SearchDomino Tips. This article includes text from an earlier article on this topic. We present it in its entirety here.
On Spam fighting options
If you are an administrator or developer responsible for Lotus Notes Domino, spam e-mail is one of your biggest problems today. You have to take some action against it not only because it saps your systems resources but because your users expect you to. Every one of them has tools in their commercial e-mail accounts at Hotmail, Yahoo and G-Mail to deal with it so why shouldn't they at work? But you should realize that you there are different ways to take on spam in a corporation.
When fighting spam, you have a variety of options. When posed with a technical challenge we often have a tendency to try to build our own solutions working with familiar tools, but on many occasions we have to consider third party products and service providers as optional alternatives. Spam is one such occasion.
The first option you would typically look at is to implement native Domino functionality. This approach would utilize real-time black hole lists (also known as DNS blacklists), rules, agents and DLLs that use the Domino Router API.
Your second option is to purchase either an antispam appliance or an antispam software solution that runs on a gateway server.
A third option would be to go with a service provider that would filter all of your inbound mail.
In all the methods, there are four basic challenges: block the highest percentage of real spam, block the smallest percentage of genuine e-mails (known here as false positives), have minimal maintenance requirements and lastly be flexible to account for future unknown threats. Basically, you want low maintenance, high spam-kill rate and low false-positive rate along with extreme flexibility. That is the equation.
On review, the native Domino options are really quite limited. But sometimes they are enough to meet an organization's needs. The Black Hole List, for example, may work well in a small organization where spam is not a major issue, and where the problem of false-positives is not that great. My experience is that many of the lists in circulation cause a great deal of collateral damage and in some cases the list owners will even intentionally generate false positives in order to take punitive action against a particular ISP. If this route is selected you must be very careful in which lists you select.
On outsourcing spam management
As you review the different methods for fighting spam in Domino environments, I think a lot of you will go down the road of not wanting to do any of the ongoing spam filter management yourself. Thus, you could say that I am a huge advocate of outsourcing spam management.
Outsourcing spam filtering is different than outsourcing a mission critical application like your entire messaging infrastructure. In messaging, the demands of each enterprise vary widely. That is because each organization that implements messaging has different goals, tools and user expectations. But in antispam projects, everyone has more or less the same ideal requirements: No spam, no false positives, little or no maintenance.
Appliances and services that address this problem can take advantage of economies of scales that individual Domino shops cannot.
What do you need to do to ensure that you don't let down users when you outsource spam management? I always ask a vendor for references from a customer whose company is similar to my own that I can talk to. You need to know the vendor has done this for other people that are similar to you. And the second thing to look at is service-level agreements that cover availability and the like. A critical element of a successful relationship is to ensure that you have a system set up by which you are notified when the spam filtering system is unavailable.
Be curious. Ask questions. Do a service's customers, for example, find that it adds significant latency to messaging? This too can very well be an issue in organizations where e-mails may have certain urgency.
Keeping the necessary goals in mind when selecting the right methodology for your environment should be fairly straight forward: High block rate of spam, low false positive rate, easy to maintain and extremely flexible to guard against the unknown threat that is around the corner. All of these goals point me in the same direction, which is to have someone else do the work which will allow me to spend my valuable time on something that really adds value to the organization.
MEMBER FEEDBACK TO THIS TIP
As a provider of outsourced spam and virus management and as a former messaging architect who cut my teeth as a contractor to Lotus in the EMEA region during the mid to late 1990s, it is of course my opinion that in the majority of cases and more especially in the enterprise market this is the only solution that makes sense from a cost management and service continuity perspective.
We use five commercial scanners and a Pre Virus Recognition (PVR) tool for scanning over 1 Billion mails each year. 80% of this mail is spam and is captured before it reaches both Domino and Exchange houses for whom we provide the service. From the 4000+ reference customers we currently have, we have renewal business in excess of 98% (the 2% are companies going out of business).
I think this is proof enough that it is a recognized need and not just a new millennium sales trend that is making sense to IT managers with responsibility for maintaining productivity in their messaging environments today.
Do you have comments? Let us know.
This was first published in January 2005