impossible for ideas to compete in the marketplace if no forum for
their presentation is provided or available." Thomas Mann, 1896
ENTERPRISE MESSAGING SYSTEMS
From Spam, Viruses, and Other Threats
by FrontBridge Technologies, Inc.
white paper explores the threats to business email and considers the various
methods for protecting enterprise messaging systems. Businesses that do not
sufficiently protect their networks and email systems are confronted with the
fallout from uncontrolled content - such as unsolicited email (Spam) and
malicious code and viruses - flowing into and out of their corporate
networks via email.
are several options for managing the threats that Spam, viruses, and
network-based attacks pose to enterprise messaging systems, including:
Self-managed: developing and maintaining a home-grown Spam and anti-virus
Premise-based: installing on-site hardware and software systems to thwart
Fully managed: perimeter-based Spam and virus protection from a trusted
of these options have disadvantages and shortcomings. Self-managed efforts
cannot effectively protect critical email infrastructure components and do not
easily scale to handle increasing volumes of Spam. Premise-based solutions
require dedicated hardware and software and ongoing IT resources to operate
and maintain, making them a costly alternative. Fully managed offerings are
the most flexible as long as the service provider has an enterprise focus and
can guarantee service availability.
provides truly effective enterprise message management with unmatched Spam filtering and virus blocking capabilities. No other provider offers an uptime
guarantee of 99.999 percent, validated by 100 percent historical uptime. With
this unique combination of performance and reliability, FrontBridgeâ€™s
services surpass home grown solutions and premise-based options in efficacy
and cost effectiveness.
mail is a convenient and indispensable tool that enhances productivity by
allowing businesses and enterprises to effortlessly communicate internally and
with external audiences around the world. However, without proper protections,
email can bring harm to an enterprise, its network and email infrastructure.
Email-borne viruses can destroy vital company data and incapacitate network
and desktop computers, knocking a companyâ€™s workforce out of commission for
several hours or days.
Spam can reduce employee productivity, needlessly consume network bandwidth
and storage space, and negatively impact a companyâ€™s bottom line.
A denial of service attack on a companyâ€™s email servers can cripple a
network by causing thousands of emails from customers, partners, suppliers,
and other important business associates to bounce.
Email sent from a company - whether deliberately or unintentional -
containing confidential information and sensitive data can put trade secrets
in the hands of competitors as well as open an organization to litigation and
offers a superior solution that protects businesses from the fallout of these
scenarios in the most cost-effective and reliable solution available to
Communication in the Digital Age
is essential for an enterprise to communicate with its customers, partners,
suppliers, and its myriad of groups and associates that comprise the
organization. In the digital age, the methods of business communication are
numerous. With Internet connectivity becoming ubiquitous in the 1990s,
electronic mail has become the preferred and, for many organizations, the most
commonly used method of communication.
has become such an integral part of daily business life, many cannot fathom
functioning in their jobs without it. It is estimated that nearly 31 billion
email messages are sent daily, with estimates of email traffic growth to 60
billion messages daily by 2006. (“Weâ€™ve Got Mail,” Computerworld, Sept.
the reliance on email for business communication with the importance of
maintaining open and effective communication channels, and one begins to
understand the importance of enterprise message management. Just as business
communication is vital to the health and sustainability of an enterprise,
maintaining a reliable and secure infrastructure to support that communication
is equally as important.
It is estimated that nearly 31 billion email
messages are sent daily, with estimates of email traffic growth to 60 billion
messages daily by 2006.
Computerworld - Sept. 27, 2002
to Corporate Email
email systems were largely neglected by security administrators. But as email
usage has grown and email has become a mission-critical business application,
attention to these systems has become more crucial. “Email is the biggest
single threat to business existence if not managed effectively.”
(“Security - Today and Tomorrow,” Database and Network Journal, Oct.10,
2002) Effective enterprise message management requires attention to a number
of threats and vulnerabilities, including:
Email server attacks. Internet attacks of all types are on the rise, and email
servers are an enticing target. Like Web servers, email servers are not
completely protected by corporate firewalls. Email servers connect directly to
each other over the Internet using well-known ports. Such connections require
firewalls to allow traffic from anywhere on the Internet to specific ports on
the corporate email server. This openness provides ample opportunity for
vulnerabilities can allow an attacker to crash an email server, block all mail
delivery, and gain complete control over the server. Protecting against these
threats has become increasingly more difficult. Email systems are distributed
and more complex, software patches for discovered vulnerabilities are not
always immediately available, and the window for patching is often very small.
For these reasons, many companies are forced to go completely off-line until
the vulnerabilities can be corrected.
Viruses and malicious code. Viruses, worms, and Trojan applications that enter
a company via email attachments have the ability to disrupt communications,
destroy data, and attach themselves to outbound email that is then sent to
customers, business partners or suppliers.
viruses spread at an astonishing rate, and rapid response is critical to
successfully protecting a network. According to anti-virus provider Sophos,
viruses like BadTrans, Kournikova and the “ILoveYou” virus can spread at
more than 100 copies per minute within an enterprise.
Spam infiltration. Unsolicited email, or Spam, has proliferated — clogging
mailboxes and reducing productivity in enterprises around the world. Today, Spam
accounts for nearly 40 percent of email traffic. Some corporate mail
servers now waste more than 50 percent of their processing capacity on Spam.
(“Spam Nearly at the Tipping Point,” Government Computer News, Sept. 16,
2002) The FrontBridge network has witnessed a 1600 percent increase in Spam
volume in the past two years. Because Spam is inexpensive to create and
easy to distribute widely, mass marketers will continue to use this mode of
communication and Spam volumes will continue to balloon.
Today, Spam accounts for nearly 40 percent of email
traffic. Some corporate mail servers now waste more than 50 percent of their
processing capacity on Spam. Computerworld - Sept. 27, 2002
the cost of Spam to organizations can be difficult given the intangibles.
Organizations such as Ferris Research estimate an average employee spends at
least 15 hours per year dealing with Spam. (“The Bottom Line on Spam,”
Enterprise, Mar. 18, 2002) Multiply the time wasted on Spam by an employeeâ€™s
wages and extrapolate that number across an organization and one begins to see
the organizational cost of lost productivity alone. Opportunity cost as well
as wasted bandwidth and storage further compound the overall price of Spam.
As email becomes a more common method of business
communication, corporate policies and rules are required to help control the
flow of information into and out of an organization. These rules help protect
proprietary data, trade secrets, and other confidential information.
Additionally, national and local governments have imposed laws and regulations
to protect sensitive information.
the United States, the Gramm-Leach-Bliley Act, SEC Rule 17a, NASD Rules 3010
and 3110, and the Health Insurance Portability and Accountability Act (HIPAA)
all regulate security, privacy, and non-disclosure for various forms of
communication, including email. For example, NASD rule 3110 requires companies
in the investment banking and securities business to monitor all email
communications for compliance.
and rules governing inbound content are also needed to prevent illegal,
offensive, and other unwanted content from entering the corporate network.
Content rules can also provide an additional line of defense for blocking
viruses and malicious content, such as rules to block all attachments with a
Visual Basic (.vbs) file extension.
there are a variety of solutions available to enhance enterprise message
management and provide protection from Spam, viruses, and inappropriate
content. The solutions break down into two, distinct categories:
Premise-based solutions. Premise-based solutions operate “on the premises”
of an enterprise and are typically software add-ons that run on email servers
and desktops. These solutions are usually installed, deployed and maintained
by a companyâ€™s IT staff.
Perimeter-based solutions. Perimeter email security provides protection
outside of the corporate network, typically via one or more
geographically-dispersed data centers. With this method, all email is filtered
and screened for unwanted content before it reaches company email servers.
both premise- and perimeter-based email protection solutions have advantages
and disadvantages, premise-based solutions have some distinct shortcomings.
These disadvantages include:
Email servers are vulnerable to external attack. Regardless of which
premise-based solutions are installed, premise-based solutions can never scale
sufficiently to prevent disabling denial-of-service attacks.
Premise-based solutions create a single point of failure for email
infrastructure. Adding more hardware to the infrastructure simply increases
the chance of a failure that will disrupt the reliable flow of email. Systems
can be made redundant and highly-available, but only at a very high cost.
Slower to update virus definitions. Email-borne viruses are notoriously fast
moving, affording little time to update desktop and gateway anti-virus systems
to ensure corporate networks and systems are protected. Perimeter services
typically have faster response times and more frequent virus definition update
cycles, outflanking the defenses of premise solutions.
Maintenance and support expenses. Premise-based solutions have an inherent
cost for installation, deployment, training, maintenance, and support that is
not incurred with perimeter-based services. IT resources must be dedicated to
installing server and desktop software, localizing Spam filters, updating
virus definitions, patching software, and supporting users. With limited IT
resources, the opportunity cost for delayed and deferred projects must also be
Scalability issues. As a company grows and its email traffic increases,
scalability issues to accommodate the growth surface. Premise-based solutions
require additional hardware, software, and bandwidth to support additional
users and email traffic. Additionally, premise-based solutions have difficulty
scaling to accommodate thousands of users spread across multiple locations of
Provides perimeter-based email protection and message management services to
enterprises worldwide. FrontBridge helps companies manage the inbound and
outbound flow of email passing through their network gateways by providing a
protective bridge between the Internet and corporate networks. FrontBridgeâ€™s
services also protect networks and corporate email systems from attack by
malicious code and viruses, inundation by unwanted Spam, and assaults on email
services provide comprehensive enterprise message management capabilities,
Policy Enforcement - FrontBridge can block inbound and outbound messages
with certain attributes before they can enter or exit the corporate email
system. This service can block email by: attachment name/type; file size;
number of recipients; domain; email address; and words and phrases.
Disaster Recovery - If an email server becomes unavailable, FrontBridge
ensures no email is lost or bounced. Once service is restored, all stored mail
is automatically forwarded in a “flow controlled” fashion. In cases of
extended downtime, email can be rerouted to another server, or made available
through a Web-based interface.
Spam Filtering - FrontBridgeâ€™s proprietary, multi-layer Spam technology
ensures that unsolicited email is automatically filtered before it enters a
corporate messaging system, disrupting employee productivity, and burdening
your messaging infrastructure. All messages are run through three layers of
advanced Spam filtering technologies: blacklisting, fingerprinting and
Virus Scanning - The FrontBridge solution provides the most complete
anti-virus service available. Unlike premise-based solutions that may update
daily, FrontBridgeâ€™s API-level integration of virus engines from Sophos,
Symantec, and Trend Micro update virus definitions every 10 minutes, enabling
the service to identify and block viruses before they reach corporate firewall
Mail Server Protection - FrontBridge masks an enterpriseâ€™s IP address and
hides corporate SMTP servers behind the FrontBridge network, protecting them
from Internet-based attacks.
Outbound Services - The FrontBridge Outbound Relay service provides
reliable, virus-scanned delivery of your messages while protecting your
identity on the Internet.
service providers rely upon one or two data centers to share their load and
provide emergency backup. FrontBridge runs a nationwide network of seven data
centers that operate in a truly distributed fashion to provide an unmatched
level of availability and reliability. The following diagram illustrates the
FrontBridge distributed network architecture and how the network provides
FrontBridge Distributed Architecture
email MX record points to the FrontBridge network.
FrontBridge network DNS servers return an IP address for the nearest
data center based on location and availability.
received at one of our data centers passes appropriate layer seven
email is delivered to you. The FrontBridge process typically takes
less than one second to complete.
offers unique strengths and advantages that premise-based solutions and other
perimeter-based services cannot match, including:
Reliability - FrontBridge guarantees 99.999 percent uptime. To ensure this,
FrontBridge uses seven geographically-distributed data centers with
fault-tolerant, redundant and load-balanced servers. FrontBridge has never
experienced downtime; no other provider can make this claim.
Security - FrontBridge customersâ€™ email servers are never exposed to the
Internet. Customer mail servers only accept connections from FrontBridgeâ€™s
data center servers, ensuring that no attacker can exploit a known
vulnerability in the mail serverâ€™s operating system or email application.
Corporate-grade filters - FrontBridge understands that business email is
critical, and incorrectly identifying legitimate email as Spam can be more
detrimental to a company than Spam itself. FrontBridge always errs on the side
of caution to ensure users do not lose email. Other vendors aggressively
advertise “eliminating the most Spam,” but they unfortunately have high
false positive rates. FrontBridgeâ€™s false positive rate is less than 1 in
250,000 messages. Without question, FrontBridge has the lowest false positive
rate in the industry.
Dedicated, expert staff - Providing around-the-clock protection requires
constant monitoring and updates. The FrontBridge operations team ensures that Spam
filters are continuously updated while anti-virus signatures are updated,
tested and deployed every ten minutes - 24 hours per day.
Flexible and customizable - FrontBridge offers multiple options for
configuring and customizing Spam filtering, virus scanning, attachment
blocking, and policy enforcement.
Easy to implement - FrontBridge allows enterprises to avoid the headache of
software deployment and management for email protection. There is no hardware
to provision, no software to buy, install or configure, and no expensive
training required for IT staff. Plus, FrontBridgeâ€™s services are delivered
upstream from the corporate network, before email ever reaches corporate
servers. With a simple configuration change, companies can begin using
FrontBridge services and be up and running in less than an hour.
corporate email systems are mission critical, and protecting them requires the
same level of infrastructure, expertise, scalability and reliability as a
companyâ€™s other mission critical applications.
premise-based solutions are not cost effective, cannot effectively protect
critical email infrastructure components and do not easily scale. Most service
providers are not enterprise-focused and cannot effectively scale or guarantee
seven data centers, routed through Tier 1 backbones, guarantee that an
enterpriseâ€™s servers are safe from attack, corporate email policies are
enforced, messages are always delivered, and email is delivered virus- and Spam-free. That is the quintessential benefit of enterprise message
is the biggest single threat to business existence if not managed
and Network Journal, Oct.10, 2002
average employee spends at least 15 hours per year dealing with Spam.”
Search the ENTIRE Business
Forum site. Search includes the Business
Forum Library, The Business Forum Journal and the Calendar Pages.
The Business Forum, its Officers, partners, and all other
parties with which it deals, or is associated with, accept
absolutely no responsibility whatsoever, nor any liability,
for what is published on this web site. Please refer to: