Keeping Up With Ratware

Gloucester, U.K.-based MessageLabs came to America last year, guaranteeing 100 percent protection for SkyScan AV subscribers (AV stands for antivirus). The product achieved further notoriety by stopping viruses before competitors had written scripts to thwart them.

MessageLabs reports virus statistics at VirusEye, part of its free antivirus analysis page. VirusEye displays the top 10 most active viruses, along with a series of links to information about each virus, daily and monthly virus activity graphs, and a comprehensive threat list of every virus in circulation.

The antivirus business is a competitive one, and the SkyScan product requires that customers redirect all incoming and outgoing email through MessageLabs’s servers, which are placed in strategic data centers around the world. At first, competitors made much of this email rerouting, but today, MessageLabs’s finds little resistance to the idea of filtering email through another company’s system.

“Today, companies are outsourcing. They’re outsourcing email, DNS, and even network security. If they’re doing all of that, they won’t be concerned about redirecting their mail through our servers,” says John Harrington, MessageLabs director of marketing.

“Actually, our core competence is mail,” says MessageLabs CTO Mark Sunner. “Sometimes we’ll call a client and let them know that their mail server is down. We can buffer and store their mail for 30 days. When a customer’s mail server goes down, and we preserve their mail, they often feel we’ve provided service above and beyond what they expected.”

MessageLabs’s antivirus solution uses rules to anticipate the structure of future viruses. MessageLabs has dubbed the constantly learning, always-improving software “Skeptic.” According to Sunner, Skeptic programming is MessageLabs’s key advantage over rival antispam products. Skeptic’s learning curve is supplemented by programmers who show the software what types of exploits and malicious file formats might be used in the future.

For now, MessageLabs is leveraging the idea of a steadily improving software package in its SkyScan Anti-Spam product. SkyScan AS uses honeypots — decoy email accounts that attract spammersto collect and analyze spam, which allows its software engine to reveal determining characteristics of the unsolicited messages. To prevent the software from believing that legitimate messages are spam, MessageLabs has also built a battery of thousands of legitimate emails, made to demonstrate specific characteristics of nonspam emails.

Sunner says that MessageLabs’s heuristic engine raises and lowers the significance of various characteristics of spam, as those determining factors become more or less common. Sunner personally keeps a close eye on the engine and makes adjustments, if he sees any results that seem odd. For now, he credits the software with an insight into spam that had eluded him.

“Oddly enough,” says Sunner, “at the moment, regular emails tend not to have colored backgrounds, whereas a great deal of spam does, so the heuristic engine is currently weighting the existence of a colored background as a strong indicator of the possibility that a particular message is a spam message.”

Sunner expects his job to get tougher soon. He warns that spammers have new tools, cheap shareware that helps spammers evade traditional antispam filters. The antispam industry has christened these spam-helping tools “ratware.”

A quick search of the Web reveals a number of bulk email products. One bulk mail product advertises the ability to send 50,000 emails per hour over a phone line that bypasses service providers’ mail servers. The same ratware maker also sells a product that searches Web sites, search engines, and news groups for email addresses to spam. Sunner warns that more sophisticated ratware products will add antifilter features, such as a JavaScript, to make an email appear to come from someone in the recipient’s address book.

MessageLabs views ISPs as a valuable sales channel. The company has several partnership programs: Gold, Silver, Bronze, and Referral. Each requires signing a marketing agreement and provides training and support services. The Bronze level requires a customer base of 25,000 email boxes and a monthly increase of 1,000 email boxes. Bronze partners receive training and discounts.

Silver partners are required to serve 100,000 email boxes, adding 3,000 new email boxes each month, and Gold partners are required to serve 250,000 email boxes, adding new email boxes 6,000 per month.

Gold and Silver partners receive deeper discounts that the Bronze level partnership. Additionally, Silver partners are required to participate in case studies, and Gold partners are involved with marketing initiatives. Gold partners are also assigned a dedicated support representative.

It’s unusual in the ISP industry for a company to wholly disclose the specifics of its partnership programs in this much detail. Perhaps that’s what truly distinguishes the company from rivals. MessageLabs seems to feel that it can explain how everything is accomplished, certain that no competitor will be able to duplicate its services.

Related reading