A Brazilian Anti-Spam Solution

Based in Bethesda, Md., Inova might not appear to be a Brazilian company. But although its headquarters is in the U.S., near Washington, D.C., the company’s research, development, and origins lie in Sao Paulo, Brazil. It was co-founded in 1996 in Brazil by the father-son team of Stahis Panagides and Alex Panagides. Thales Panagides, cousin of Alex and nephew of Stahis, is leading the company’s international marketing effort.

The company has been developing a full suite of services for Brazilian ISPs and enterprises since it was founded. It is only now, however, seeking customers around the world. The suite of services is called Velop, and its security products, which include anti-spam and anti-virus, are marketed under the Velop Escudo brand.

The company’s anti-spam solution consists of the open source anti-spam software SpamAssassin, and ISPs can add other blacklists to it as necessary. Customers of Escudo are therefore paying for the interface, rules system, integrated anti-virus, and email backup—but not for the anti-spam engine itself, which is open source.

Click for full imageE-mails caught by the filter can be redirected, tagged, or blocked. The filter can also block messages above a specified size, messages containing attachments with specific extensions, and much more. Rules (right) can be turned on and off through the GUI, and rules can be set to run at specific hours or days of the week (the software uses the international 24 hour system known in the U.S. as “military time,” not the U.S. AM/PM system).

The product is software, and it runs on a one or two Intel or AMD-based servers, with Debian Linux as the operating system. Says Alex Panagides, co-founder and CTO, “the core components of Escudo are written in C and most of the processing is done in memory. Given this architecture, a single server can process several million emails per day.”

Users can also create their own white- and blacklists to supplement the rules of the lists used by the ISP. Each customer has 64K of space with which to build lists (black or white), the equivalent of about 64 pages of lists.

Of course, the company is hoping to also sell to clients who will require massive, scalable clusters, but it is also interested in relatively small deployments.

Mail server

Escudo incorporates a hardened mail server based on Qmail. It has several additional security features. The server can relay email to another port. Corporate clients using Microsoft Exchange, for example, could configure their servers to receive mail on port 10500 instead of port 25, which is frequently scanned by worms and hackers.

The server enables the creation of restricted but functional SMTP relays which can:

  • permit relaying for specified IPs
  • permit relay for emails with permitted domains in the From field of the email
  • permit relay based on SMTP Authentication, using the ISP’s own authentication database
  • limit the rate at which any one client can send emails
  • enable an ISP to monitor email by time, subject, and volume, aiding in the prevention of outgoing spam
Click to view larger image
Escudo email traffic pie chart
Click to view larger image
Escudo email traffic bar chart

Since Escudo stores email in a database, the ISP can use its own SQL queries (above) to study email traffic in any way it chooses. Furthermore, the Escudo writes all email to disk, in a Qmail queue. Alexis Panagides says, “this means there is no data loss in the unlikely event of a crash.”

Click to view larger imageHe is most proud, however, of the GUI’s data reports. He says, “one report that is rare in most solutions (right) is Escudo’s ability to monitor the number of SMTP connections being made globally and per domain. Not only can you list by IP the number of SMTP connections transmitting emails, you can investigate what emails are being trafficked over that connection. This is the strongest type of spam filtering possible since it gives the human administrator instant visualization of the SMTP stream. This IP can subsequently be identified, throttled, or blocked.”

Pricing and availability

The product is available now. Inova is reaching out to ISPs with a revenue share model (50 percent of revenues from anti-spam products go to the ISP, the other 50 percent to Inova). The product is also sold to ISPs and enterprises for a monthly fee starting at $3 per user per month, falling rapidly with volume orders to below $1 per user per month.

Reprinted from ISP-Planet.

Related reading

Colourful_shopping_carts
Businessman using laptop computer
email notification
identified vs anonymous
<