HOW CLOUDMARK PROTECTS E-MAIL FROM SPAM, PHISHING, AND VIRUSES

Spam e-mail isn’t very new. In fact the term was originally coined to describe early attempts at e-mail marketing first made in the early 1990’s, using a name derived from a Monty Python song lampooning Hormel’s canned meat product.

Spam was relatively benign at that time, but the Big Bang of spam really hit in 2000.   Huge volumes of e-mail messages that purported to be marketing but were really something else, moved the category from the realm of issues that are merely annoying to the arena of those that are seriously damaging.

By the end of that year, spam volume got to a point where business managers could easily measure the loss in productivity caused by workers having to sift through their inboxes and eliminate spam e-mail messages. The feeling that something just had to be done was palpable throughout the Internet community.

Spam-fighting companies began to emerge in late 2000 and throughout the next few years. Some developed filtering systems that attempted to identify the contents of e-mail messages as spam by using mathematical models or other message analysis tools. Others used syndicated "black lists" compiled by various security vendors, while still others simply allowed desktop users to develop "white lists" of e-mail senders they wished to receive e-mail from.

Cloudmark, launched in 2001, took a different approach by developing a desktop tool that worked as a Microsoft Outlook add-on and asked users to mark spam e-mail as such. The message was directed to a reserved Spam folder, and then forwarded to Cloudmark’s central database facility, where its contents were inventoried.

If the same e-mail came to the Cloudmark database from enough other users, it was designated as a spam message, and all users’ Outlook add-ins were notified to block it. Meanwhile, its contents were "fingerprinted" and a unique sort of "spam DNA" began to be developed.

 As a particular "spam type" was identified, it was transmitted back to Cloudmark users’ desktop databases, and future messages with the same fingerprint were marked as spam.

One user’s vote is not enough to identify a message as spam, but if the Cloudmark community collectively thinks that the same message is spam, Cloudmark goes along with that determination.

Each user gets "graded" by the Cloudmark system, and contributions earn the user a star rating, similar to what many of you are used to on eBay. Positive contributions earn positive results, and negative contributions get negative results.

Cloudmark was successful among consumer and home office users, as well as in very small businesses. But the wider small, medium, and enterprise-size business market was more interested in server-based, appliance-housed, and hosted-service spam-blocking technologies available from other vendors.

So Cloudmark expanded its lineup. The first expansion included Cloudmark Server Edition, a version of its spam blocker for Microsoft Exchange. Later, the company created a higher-capacity version called Cloudmark Gateway, which can be used in large-scale applications such as multinational corporations, Internet service providers (ISPs), and mail service providers (MSPs).

The company has also expanded its e-mail server scope to include Lotus Domino and other e-mail server products by way of an open-source software development kit.

"We’ve maintained the same basic philosophy of spam-blocking in all versions of the Cloudmark lineup," says Jamie DeGuerre, who heads up the company’s partner program:

• Data Collection: Data is collected from a large number of real users who are the target of the messages.
• Automated Data Analysis: The data needs to be analyzed in a scalable, automated process capable of working with huge volumes of message information coming from a large and growing number of sources.
• Feedback System: There is interaction between the analytical functions and users, enabling new information to be quickly processed, and corrections to be made if messages are mistakenly blocked or unblocked.

Cloudmark has implemented its spam-fighting philosophy in two other important arenas: phishing attacks and virus attacks.

Phishing messages can be viewed as a special category of spam, and Cloudmark has put into practice its fraud-detection system in exactly that way. The result has been effective enough to attract partnerships with such fraud-attack-prone companies as PayPal.

The company entered the virus detection business recently by implementing a version of its messaging analysis system to detect malware-bearing messages and blocking them quickly. Traditional virus detection depends on the handiwork of software engineers who reverse-engineer the code to develop a pattern, work that usually takes hours and often takes days.

Cloudmark’s user-driven fraud- and virus-detection systems provide ways to detect the attacks to block them quickly, usually within an hour, leading to it being described as a zero-hour protection method.

Cloudmark’s results are impressive-the company reports that virus and phishing attacks are usually detected and blocked in under a minute. The company is currently working cooperatively with traditional virus fighters TrendMicro, Sophos, and McAfee to improve all the companies’ products.

Cloudmark is used currently by some 100 million e-mail users and processes around one billion messages per day. "Many of them are in smaller businesses," says deGuerre, "not only because of Cloudmark Desktop, but because many service providers used by those businesses are using Cloudmark Authority."

The company is also moving into the mobile business by working with OpenWave, which provides security services to cellular telephone service providers.

Dennis Turner