The Sendio I.C.E. (Intercept, Confirm or Eliminate) Box anti-spam appliance brings an assortment of weapons to do battle with the evil spammers of the world, including challenge-response (Sender Address Verification (SAV)), silverlisting, SPF, Domain Keys and Sender Policy Framework (SPF) with detailed SMTP protocol checks, and finally blacklisting by domain name or email address on a system-wide or per user basis. Sendio doesn't include spam filters, but don't get Tim Lee Thorpe, VP of Marketing started. When I spoke with him he explained how much he dislikes spam filters. He explained, it's a game of wack-a-mole with the spammers as they simply tweak their messages to get past the filters. Don't I know it.
One of the problems of deploying corporate-wide filters is that they are global in nature and can block legitimate email. For instance, one person in the company may want the raunchy jokes coming from their uncle but not from anyone else. Global filters simply cannot identify which emails with a specific keyword coming from a specific sender to allow and which to disallow. This results in filtering rules that are a shotgun approach that shoot everything that looks or smells like spam, even if it isn't. Further, as spammers get more adept at avoiding the filters, IT departments turn up the filtering resulting in more legitimate email getting blocked. Sendio takes a unique approach in that users can decide individually who gets access to their Inbox.
As CTO, I've done battle with the evil spammer forces many times and I have the scars to prove it. Just when I thought all hope was lost, our noble saviors have arrived -- namely Sendio. (that's a rough quote from "Mad Stephen" in Braveheart in case you missed it).
Sendio sent me one of their appliances to test and review in TMC's actual production email environment. Could Sendio finally be the weapon to defeat the spammers?
Read on my good friends, read on...
Installing the Sendio I.C.E. Box Linux-based appliance was pretty easy to do. Sendio typically guides customers through the installation process over the phone and using SSH access to the box. Here's the SSH admin screen:
Navigating around with the cursor keys was pretty easy to do. There was only some rudimentary settings that have to be done via the SSH console. If you're not a fan of text-based admins, no worries since most of the day-to-day administration is done in the Web-based admin which is very user-friendly, as seen here:
Next, I added a Directory, in this case Microsoft Active Directory and pointed it to our internal Active Directory server. After selecting the Base DN, the Sendio box imported the Active Directory users. Finally, I configured a few users to use SAV (Sender Address Verification), and then moved onto checking out the user experience.
To logon you point your browser to the I.C.E. Box and use your Active Directory (AD) email address and AD network password. This tight integration with AD (or any LDAP directory) is a nice usability feature since users don't need a separate username and password. In addition to Active Directory, it also supports Exchange 5.5 Directory Services, Groupwise, IBM/Lotus Notes. Open LDAP, Oracle Internet Directory, Max OS X Open Directory, and Sendio Onboard Directory (Open LDAP).
After logging on, one of the first things users will do is go to the Messages tab to check out inbound messages that are "pending" approval via the SAV/challenge-response. You can manually select emails to approve and then click Actions, "Add Message Senders to Accept List". Normally, you don't need to manually approve emails, since most users will respond to the SAV/challenge-response. You will need to manually approve emails sent from non-human senders, such as newsletters, online stores, financial sites, etc. But if you imported your contacts, even this isn't an issue. I rarely check my Sendio "pending queue" - maybe twice per week.
The web admin lets you administrate your contacts, including deleting contacts, or even adding a "whitelisted" contact. Each user gets their own "personal" contact list, but you can also create system-wide rules with wildcards for permitting domains or specific email addresses. You can also import contacts. The I.C.E. Box accepts CSV exports from Outlook/Outlook Express, vCard 2.1 & vCard 3.0 exports from Lotus Notes 6, and Structured Text exports from Lotus Notes 5. I exported every email in my Sent Items and Inbox and imported into Sendio so these contacts will be whitelisted and never receive a challenge-response email. Not that the challenge-response is that difficult to respond to. All a person has to do when they send you an email and they receive a challenge-response is click Reply and send - Sendio's I.C.E. Box takes care of the rest.
So what does an SAV message look like? Well, the SAV message explains in a very polite way to the new sender that they need to Reply for their message to be delivered. Sendio explained to me they did lots of research trying to find the optimal text to use. Here's a sample one:
I recognize from your email address that this is the first message I have
received from you since TMC began using Sender Address Verification (SAV).
Your message is very important to me. Like you, we are very concerned with stopping the proliferation of spam. We have implemented Sender Address Verification (SAV) to ensure that we do not receive unwanted email and to give you the assurance that your messages to me have no chance of being filtered into a bulk mail folder.
By pressing REPLY and SEND to this message your original message will be delivered to the top of my Inbox. You need only do this once and all future emails will be recognized and delivered directly to me.
When replying to this email, please make sure that the following email
address appears in the To: field of the reply:
If you are unable to respond to this authentication request within 4 weeks,
or if your reply is not sent to the correct email address (as indicated
above), your message may not be delivered.
One anti-spam trick you can do is add a rule for blocking emails where the From: address appears to be coming from your domain - a popular form of email spoofing. I added a pre-user email rule with "*@.tmcnet.com" and I set the rule to "Drop". This only affects external email coming in with the spoofed tmcnet.com domain address. This rule takes care of a huge chunk of spam, with no need to send out a challenge response from this non-valid sender. Another trick up Sendio's sleeve is SilverListing. SilverListing forces first time senders to attempt a resend at some incremental time. The SMTP server will simply appear to be 'down' to the spammer's email software. The SMTP standard allows for retries, which is server specific and the time when to retry. Legitimate SMTP servers will attempt the 2nd retry, while spammers will not. The reason is that it takes precious seconds to try and connect to an SMTP server, wait for it to connect or time-out, and then try again if it fails. Spammers don't want to waste resources. Thus, this will stop a lot of spam attempts since the spammer simply moves on to the next target.
Sendio supports two modes - permissive & strict. Strict mode only allows new senders to deliver their email payload if they come from the same exact IP address during the 2nd attempt as they did during the 1st attempt. Since many companies use load balancing (Hotmail, Gmail) and could send out a different server, this option could potentially block legitimate email. Permissive mode (recommended by Sendio) solves that problem by allowing the same sender to come from a different IP address during the 2nd attempt. When I turned on permissive mode, I could see in the real-time SMTP queue how spammers were being blocked from delivering their email into the challenge-response phase of the I.C.E. Box. This obviously saves on bandwidth and resources since no SAV email is sent.
Sendio also has Outbound Message Management. All messages sent by an enterprise can now be monitored as per corporate policies. The messages can also be checked for presence of any viruses. Additionally, the system keeps an account of the e-mail addresses of all the recipients to whom the enterprise’s outbound mails are directed and subsequently accepts any inbound messages from them. Basically, you auto-whitelist someone simply by emailing them. Thus, they won't get any SAV messages.
Another important feature is its powerful attachment handling. I.C.E. Box adheres to corporate policies and accepts or rejects the attachments in an email according to their type, size and number of recipients it is addressed to. The process is followed for both inbound as well as outbound mails and ensures legitimate use of corporate emails by the employees.
The latest version of the I.C.E. Box incorporates anti-virus technology from Kaspersky Lab. It also includes a Zero-Hour verification process that reduces the chances of an accidental widespread virus attack during the process of an anti-virus update.
- Eliminate 100% of machine generated spam
- Block junk email before it reaches your company email server
- Avoid false positives - I.C.E. Box does not block real messages
- Process over 5 million messages per day
- Integrates seamlessly with any email server
- End email filter maintenance and monitoring
- Manage safe sender lists using a dynamic interface
- Sender System Checking – confirming via DNS that the sender is a legitimate network device
- Recipient Checking – confirming that the intended recipient exists
- Sending Server Verification – confirming that the email server sending the message conforms to the SMTP protocol specifications and typical commercial business practices
- Message-level Policy Enforcement – confirming that the message contains no viruses or other “malware,” does not include any unauthorized attachments, is not too large and is not being sent to too many recipients
- eMail Authentication Standards – checking for valid DKIM, SPF and other official credentials
- User-specific Contact List Verification – checking to determine if the authenticated sender is already someone approved for message receipt
- Sender Address Verification – for previously unknown senders, confirming that the sender is a real person and not an automated email generator
One advantage of using the Sendio appliance is that it helps eliminate the resource intensive nature of running anti-spam software on your production email server. The Sendio I.C.E. Box does a superb job blocking spam entirely. They make some pretty bold claims when they say they they "block 100% of spam and unwanted email while ensuring that no legitimate messages are lost in the process". Blocking 100% of spam? Surely, 100% seems impossible, but indeed I have not gotten a single piece of spam in over a month. I did get some press releases from PR folks that have nothing to do with what I cover, but that isn't technically spam. And with Sendio if they keep sending me irrelevant press releases, I can simply create a rule to drop their emails! Overall, I am very happy with the Sendio I.C.E Box and would highly recommend it to any business overwhelmed with spam.