What is a Spam Firewall?

A Spam Firewall is a device which sits in between the internet and your mail server. It’s only job is to prevent spam and junk email getting to your inbox. There are several spam firewalls available from different companies, but all have the same job in killing off spam and preventing you from having to sift through the junk several times a day. With a spam firewall sitting in between the internet and your mail server it means that it is compatible with all mail servers as it uses the same protocols and seamlessly integrates.

Who needs a Spam Firewall?

Spam firewalls are generally not purchased by casual users of the internet and instead, are purchased by businesses, ISP’s and email hosting companies to provide an extra level of spam protection for their clients. However, this does not mean you cannot enjoy the benefits of anti spam services as your ISP might already be utilising an anti spam firewall. Various models are available which increase in price based on how many users, and how many emails they will be filtering. Costs of these devices vary from just a few hundred dollars and past the $10,000 mark. Although that seems expensive the money saved by businesses due to staff not wasting time on spam can easily pay off the cost of the spam firewall. If you run a business that relies on email then a spam firewall could make your team more productive.

What Spam Firewalls are available?

Mailfoundry, BarracudaNetworks, Borderware and Proofpoint are examples of companies which offer spam firewalls. Each provides anti spam protection, virus protection and helps keep your mail servers less cluttered.

How do Spam Firewalls work?

Spam firewalls sit in between the internet and your mail server. Every email that arrives to your protected email address needs to pass through the spam firewalls filters which determine if the message should be delivered, quarantined, rejected or deleted. There are various ways of recognising spam and no one method alone tends to be good enough to keep up with the spammers. Methods include Blacklisting, Image Analysis, Bayesian, Rule Based Scoring, Verification, authentication, virus scanning, URL scanning, Phone number scanning and human analysis.

Blacklists are kept up to date daily by companies such as Spamcop. They work on a system where if spam originates from a particular IP address and is not stopped by an ISP then that ISP gets black listed for a period of time. This type of black listing works fairly well, although it does cause innocent senders to have their email blocked if an ISP doesn’t act on spammers.

Bayesian filtering works on probability. With this system you need to train the filters and let it know what is good and what is bad in your email. It then creates a couple of lists of good and bad email phrases which can be looked at when each email receives. If the probability rates high on the bad list then the email gets rejected. This type of filtering can sometimes work well if trained correctly. It does require work on the receivers side which can be off putting.

Verification is a method which sends an email back to the sender saying “Click here to verify you are human”. If someone acts on that instruction then the email is delivered. This system works well in some cases but can block email sent from servers such as from an online store which sends out an email to confirm ordered goods. No one will respond and click I am human on those emails as they are generated by a server and are not spam. Also when mail bomb attacks happen verification (challenge response) systems can create even more spam.

Virus Scanning is a good method to block out spam and junk email because it wipes out any virus’s and can delete the message if needed. This method is a must for users who receive email.

URL and Phone number scanning is another great method to block spam. When spammers send out emails they often want you to click a link to one of their sites to buy a product, or call a number to order a product. If URL and phone number scanning is included on your spam firewall then the provider will send regular updates of known web addresses and numbers that are being sent out in spam. When the spam firewall scans the message it will see a matching address and block the message.

Human editing is the best option. A few of the spam firewalls use human editors to maintain a list of junk email. When a new spam attack is spotted the editor will scan the email and add it to the block list. Updates are then pushed out automatically to the spam firewall and that message can be blocked too.

Spam Firewall Accuracy

No spam firewall will get 100% accuracy and unfortunately all of them will get a false positive now and again. A false positive is where a good email is blocked. However, most can achieve a 96% - 99% good block which can seriously get rid of a good amount of spam. I personally use a spam firewall on my email and get an auto generated quarantine list once per day. There are often a few hundred spam emails which would have wasted my time had the firewall not quarantined them. Productivity is increased as I do not spend 30 minutes first thing in the morning deleting junk as it’s generally not there.

If you are worried about 1 false positive out of 1000000 good emails, just think about how many good emails you might delete each day having to sift through your spam. I think the chances of loosing a good email are far better with the spam firewall.