CIS to activate new spam filter

Thursday, January 27, 2005

E-mail users at Brown will soon have fewer opportunities to explore the world of black market Viagra and fetish porn, as Computing and Information Services is introducing a centralized junk e-mail defense that administrators say will dramatically curtail the flow of spam into inboxes.

The new spam filtering program, Proofpoint, was installed on Jan. 18 and will be fully activated sometime next month, said Nancy Magers, a CIS manager. CIS had been aiming to activate the final element of the system, the quarantine mechanism, on Mar. 1, but have sped up their efforts.

According to John Spadaro, director of systems and services at CIS, junk e-mail accounts for 45 percent of all messages entering the Brown system from outside. While annoying, the primary cost of spam is the strain on the mail server, which Spadaro said “has to bear the load” of so many unnecessary messages.

CIS decided to implement a new anti-spam mechanism in tandem with a new anti-virus scanning mechanism from MacAfee to replace the old SpamAssassin program. CIS chose Proofpoint after negotiations with competitors broke down.

According to Magers, SpamAssassin relies on a statistical probability model to scan e-mails and identify spam. Proofpoint, which will work with e-mail programs such as Eudora and Outlook, as well as Brown webmail, combines this model with regular system updates from the vendor and artificial intelligence – a “learning mechanism” that examines the structure of a message as well as its content.

While SpamAssassin only flags about 20-25 percent of all incoming messages as spam, Proofpoint will flag almost 45 percent of incoming messages as spam, catching almost every junk message, Spandaro said. He added that in his experience with Proofpoint, the number of junk e-mails in his inbox decreased from about 100 to three or four per day.

Once the quarantine mechanism of Proofpoint is activated, messages identified as spam will not enter inboxes – they will be held in quarantine, and users will receive a daily digest e-mail listing those messages, so that any incorrectly-flagged messages, called “false positives,” can be retrieved.

But Spadaro emphasized that Proofpoint has an “incredibly low rate of false positives,” and that in his experience although “for a while you’re checking every message in the digest…you stop” fairly soon. Users will be able to opt out of receiving the digest.

Spadaro could not comment on the cost of the new system, as Proofpoint insisted on a non-disclosure clause in their contract.

A pilot group of about 35 people has been testing the Proofpoint system for several months, Magers said, drawing members from CIS, the Computing Advisory Board and the University Resources Committee. One person, a list-serve manager, opted out of Proofpoint due to problems with false positives, but Magers said the others were enthusiastic about the system’s effectiveness.

“I personally love it. It’s removed spam from my inbox,” Magers said, adding, “We’re counting on it as a long-term solution.”

At least one student is cautiously optimistic. Anamika Dugger ’07 said while “lots of people are trying to sell me prescription drugs from Canada,” spam hasn’t been a major problem for her, and she thinks that “no one’s going to read” the daily digest e-mail. But she said that it would be “better to get that than eight or 10 pieces of spam a day.”

Spadaro is hopeful that Proofpoint will be so effective as to eliminate the spam problem for Brown students, faculty and staff. “The goal is to make this whole thing go away so we can use e-mail the way we’re supposed to,” he said.

Leave a Reply

Your email address will not be published. Required fields are marked *