Brightmail 4.0 Cracks Down on Spam

Brightmail, the antispam company, is doing fine. Little wonder, considering the gush of unsolicited email in the U.S. is expected to more than double over the next four years to 1.67 billion messages, according to Jupiter Research (a unit of our parent corporation).

Enrique Salem, Brightmail president and chief executive officer, said the company is processing record levels of spam.

“In September, we processed 3.1 billion messages,” Salem said, “Of those, about 38 percent, or 1.2 billion, were spam.”

Salem added that Brightmail’s customer base is growing, too.

“We currently protect almost 150 million mailboxes, and with the addition of Hotmail later this year, we expect to end the year protecting more than 250 million mailboxes,” Salem said.

San Francisco-based Brightmail signed its biggest deal to date — a multiyear, multimillion dollar arrangement with MSN to block spam for Hotmail users — in September.

Get, Don’t Give

Brightmail’s antispam strategy is sweet and simple. The company sets up dummy mailboxes, which it calls “probes,” for those ISPs whose customers it protects. Most ISPs are eager to give Brightmail the “probe” mailboxes because they want any spam sent to them to be profiled by Brightmail.

Since these mailboxes never send mail, any email they receive is unsolicited. With probes scattered across the Internet, the company can cross-reference the email it collects to determine which messages being sent out are bulk spam.

The probes divide spam messages into identifiable components and develop a “spam DNA” profile that is categorized with the aid of Sieve technology (Sieve is also known as IETF RFC 3028). It is then transmitted across the Internet to Brightmail’s Network Operation Center (NOC) using an MD5 hash. At the NOC, the various reports are aggregated into a data file that acts like an antivirus “fingerprint,” which is distributed to Brightmail clients. Because of the volume of spam over the Internet, these updates are sent out every 5 or 10 minutes.

Salem said the company’s BrightSig technology is a real leap forward.

“It’s like the difference between fingerprints and DNA,” Salem explained. “Fingerprints can be inaccurate, but DNA is not. We know that spammers use software to change the characteristics of spam to foil most antispam software.”

The idea behind the BrightSig technology is to find parts of a spam message that will identify it, so that if a spammer sends out, say, 50 versions of the “Nigerian scam,” then the software will recognize similar pieces of those 50 different email versions as unsolicited email and catch everyone one of them.

Known as polymorphic spam, Sale said that BrightSig technology can quickly sift through the changing versions email clutter.

“We can handle these polymorphic spam attacks with a single BrightSig signature,” Salem said.

Value Proposition

The company has always focused on serving large ISPs. It’s high-profile clients include EarthLink, Verizon, Comcast, and Bell South. But now the company is making its services a cost-effective business proposition for smaller ISPs.

Brightmail sells two versions of its software, one for enterprises and one for service providers. The Service Provide Edition (SPE) goes for less than a dollar per user per month for mid-sized to large ISPs.

Salem explained Brightmail’s pricing strategy.

“We model based on an ISP’s monthly revenues,” Salem said. “If a local ISP is charging $15 per month to its users, we feel we can charge that ISP about $0.25 per user per month.”

Because the system is software based, there’s no equipment to buy or install. The Brightmail software gets loaded onto an ISP’s mail server or servers. The average mid-sized ISP could be up and running in a few days, but a large ISP with many points of presence (POP) would probably load Brightmail on a single POP, run tests, and then push the software out across the network, a process that could take several months.

Brightmail can also deliver antivirus functionality. “We have embedded Symantec’s antivirus technology in our product,” says Salem, who himself once ran Symantec’s antivirus division.

If your ISP’s subscribers are fed up with unsolicited email being crammed into their mailboxes, Brightmail is one way to stem the flow without routing all your email through a third-party server or trying to keep up with blacklisted IP addresses.

Related reading