Presentation by Commtouch at WorldHostingDays 2010 describing how hosting providers utilizing open source solutions can save money, increase revenues and improve antispam detection.

1. Taking your open source email security
to the next level
Gabriel M. Mizrahi
VP Technologies
March 18, 2010

2. About Me
 12 years of email security experience
 Over 15 years in the open source
community
 Founded an Internet security company
in 2001
 Married with 2 kids
 A big Barcelona FC fan!

3.  Hosting Provider Quiz
Today’s  Issues with open source security
Agenda  Taking open source email security
to the next level
 Case Studies

4. The Hosting Provider Quiz
1) We use open source because…
a) we started with it and grew
b) it’s low cost
c) we’re comfortable with it
d) all of the above

5. The Hosting Provider Quiz
2) We would love to be able to…
a) reduce the cost of handling email
b) enhance detection rates & lower FPs
c) improve customer satisfaction &
increase our business
d) all of the above

6. The Hosting Provider Quiz
3) But… to adopt a new solution
a) we won’t throw out our existing investment
b) it would have to easily integrate with
current infrastructure
c) it must provide a differentiator
d) all of the above

7. The Hosting Provider Quiz
4) How much does it cost to handle spam
with your current solution?
a) I know exactly all my costs
b) I have a rough estimate
c) Not sure

8. Something We Can Agree On
 Email is a low margin service with high costs
(Capex/Opex)
 You‟re using open source security because it
offers flexibility
 Any changes you would make need to be
justified
• Financially
• With regards to level of service

9. One Last Question
4) Will open source alone be able to take
you to where you need to go?
?

10. Why Open Source Email Security is an Issue
Security
Spam, phishing Costs
and viruses trends
Infrastructure

11. Spam & Phishing Trends
Security
 Increasing Spam Levels
• 2002 – 25%
• 2010 – over 90%
 Spammers improving their techniques
• Blended threats
• Free Webmail accounts compromised and sending spam
attacks
• Use of popular sites – CNN, Adobe, others to trick users
to malware sites
• Other social engineering techniques

12. Virus Trends
Security
 Distributed faster/more frequently than
AV Signatures are created
 Vulnerability in first hours
 Multiple variants in the same attack
 Life of a variant can be as little as several
hours

13. Outbound Spam – The Latest Concern
Security
 Compromised accounts
 You are at risk of being BLACKLISTED because
of outbound spam/viruses – “Shared
reputation”
• RBLs that block entire “C” classes
• Virtual servers on a single physical server
 Deal with abuse complaints

14. Existing Infrastructure Issues
Infrastructure
A short list of open source email
security tools:
 SpamAssassin
 Bayesian Filters (e.g. Bogofilter, DSPAM)
 Signature based anti-virus (e.g. ClamAV)
 Collaborative filters (e.g. Pyzor, Razor, DCC)
 Lexical filters (e.g. Block subjects with the word „viagra‟)
 Greylisting (e.g. Postgrey, Greymilter)
 SPF/Domain Keys
 SMTP „HELO‟ checks
 SMTP „MAIL FROM‟ checks
 SMTP early talker detection
 Local IP whitelists and blacklists
 Domain based RBLs (e.g. SURBL, URIBL, DBL)
 IP based RBLs (e.g. SBL, XBL, APEWS)

15. Common Administrative Issues
Infrastructure
 Time consuming
• To achieve better coverage – must
use/maintain/tune many tools
 Admin staff
• Someone needs to manage and maintain long list of open
source tools
 Staff expertise
• Need to analyze each missed spam
and identify unique parameters
• Language dependant
• By nature opens possibility for FPs/FNs

16. Rising Email Security Costs Costs
Spam Cycle Additional Costs
Spam Customer dissatisfaction
increases
Helpdesk resources for
increased complaints
More Servers to cope
More
Never More with rising spam levels
FNs ending FPs
cycle IT Resources to
write rules
Helpdesk resources for
increased complaints
More
rules More Bandwidth

17. Hosting Analysis Exercise
Number of
mail subscribers
100,000
Average legitimate
messages/day/subscriber
7
Average messages/ 150
day/subscriber (95% are spam)
Total messages/day 15,000,000
Average message size 25Kb
Total message traffic/day 358GB

18. Hosting Provider Cost & Savings Analysis

19. Peak Bandwidth
Bandwidth Comparison Sustained
100 Commercial IP Reputation solution
Bandwidth usage (Mb)
can reduce traffic up to 85%*
 More Predictable
 Reduced bandwidth costs
135.7  Fewer mails to analyze
Mbps
50
67.8
Mbps
Pay for
5.1 3.1 only this
20.5M 20.3
Mbps Mbps 95% of peak
bps Mbps
No IP Filtering IP Based RBL Commercial IP Reputation
Bandwidth Consumption
* Data supplied by Commtouch partners

20. Hardware Comparison
36 18
20 Servers Servers
18,000,000 msgs/day
15,000,000 msgs/day
Messages (Millions)
Only 4 servers ( + 20% spare)
15
required*
10
Server Capacity
5 500,000 msgs/day
1,100,000 msgs/day
5,000,000 msgs/day
SpamAssassin SpamAssassin Commercial Servers
+ IP Based RBL Email Security
* Data supplied by Commtouch partners

21. Take your open source
email security to the
next level

22. What if you could…
 Increase detection with your existing
infrastructure
 Reduce inbound bandwidth
 Not only block outbound spam but catch the
spammers
• Put an end to your IP ranges being blacklisted
and…
 Reduce costs

23. Essentials for Solution
 A global view of email traffic
• Higher detection rate
• Lower FPs
 Scalable, transparent processing power
 Unattended operation
 Easy integration with your existing
open source security solutions

24. Furthermore…
 Reduces Capex/Opex
• Enables scalable growth
• Decreases IT/Admin involvement
• Reduces support calls
• Creates excess processing power that can be repurposed
 Provides new opportunities and differentiators
• Configure the services you want/need
• Offer new premium services
• Increases your business

25. Hosting Providers
that took their open
source to the
next level

26. Metanet AG & mail2world

27. Hosting provider
 Founded in 2000
 Offers services for resellers
and end customers
 One of top 10 hosting
companies in Switzerland
 750 servers in network
 > 10,000 SMB customers
 100,000 email accounts
 60,000 domains

28. Previous Infrastructure
 SpamAssassin with various
community-driven SA rules

29. Problem/Pain
 Low detection/high FPs
 Rising costs
 High support/maintenance
costs
 Many helpdesk calls
 Additional system load due to
server-side scanning

30. Solution
Commtouch Anti-spam
with SpamAssassin Plug-in

31. Results
30% 25-30%
Spam False Per Server Support Help Desk
Detection Positives Performance Costs Calls
10%
0 25%

32. What Metanet had to say
"With a highly skilled team and its rock-solid
performance, Commtouch delivered
superior detection and service from the
implementation phase through production. After
evaluating other commercial anti-spam technologies,
we found that Commtouch‟s cloud-based
architecture has unmatched spam
filtering accuracy. It perfectly complements our
long-established anti-spam strategy.“
Mirco Schnarwiler
AG, Co-founder &Technical Director
METANET

33. Hosting Provider
 100,000+ provisioned domains
 Average of 330 million message
transactions/day
(10 billion messages/month)

34. Problem/Pain
 Spam load impacting ability to
deliver timely mail
 Help desk spending too much
time with FPs & customer virus
issues
 Customers blacklisted by bots
that compromised email accounts
& sending spam
 Costs for managing email
infrastructure unpredictable and
difficult to manage

35. Solution
 Commtouch Anti-Spam
 Commtouch Mail Reputation
 Commtouch Zero-Hour Virus
Protection

36. Result
Incoming Hardware Per user Email Help
Mail Usage Bandwidth Desk Calls
significant
80%
~95% 85%

37. What mail2world had to say
“As part of our multi layer protection strategy,
our operations team relies on Commtouch to
scale automatically to quickly
absorb and eliminate new spam
outbreaks. Commtouch‟s technology further
enables us to reduce our bandwidth
costs and ensure that our
customers do not know when spam
storms hit.”
Kamil Asfour
Director of Operations
Mail2World

38. What Others Have to Say
“We saw an immediate 10-15% drop in
the infrastructure required to run our
messaging system.”
Hosting Product Manager
Large Web Hosting Provider
“…80% of the messages are eliminated
with Commtouch’s GlobalView IP reputation.
Therefore, 1 server is doing the previous
work of 5 servers doing just content-based
anti-spam scanning.”
Director, Business Development
MTA Appliance vendor

39. Easy Integration With Open Source
Easy integration with popular open source

40. Easy Integration With Open Source cont…
Sendmail Milter
Seamless integration with:
• IP Reputation
• Anti-Spam
• Virus Outbreak Detection
Patch to integrate
• GlobalView IP Reputation
Qmail-Scanner Plug-in for
• Anti-Spam
• Virus Outbreak Detection
QpSMTPd Plug-in
Plug-in for
• Anti-Spam
• Virus Outbreak Detection

41. Easy Integration With Open Source cont…
Generic Plug-in enables to
disable SpamAssassin and to
integrate:
• Anti-Spam
• Virus Outbreak Detection
Patch to integrate:
• Anti-Spam
• Virus Outbreak Detection
RBL Interface for
Other • GlobalView IP Reputation

42. Not Only Open Source but “Pluggable”
Connector for Exchange 2007/2010
• GlobalView IP Reputation
• Anti-Spam
• Virus Outbreak Detection

43. Taking Your Open Source Email
Security to the Next Level
 Lower your costs
 Reduce mail entering your network
 Reduce number of processors needed
 Lower Help Desk calls & IT/Admin time
 Integrate with your open source
 Protect your current investment
 Minimal technical requirements
 Improve detection rates
 Improve customer satisfaction
 Low FPs/FNs
 Eliminate Outbound spam

44. Thank You
Gabriel.Mizrahi@commtouch.com www.commtouch.com
http://blog.commtouch.com/cafe