I often get asked how Symantec manages to stay ahead of the game and how we are able to consistently provide the most effective anti-spam solution that money can buy.
It’s pretty cool to see how our Email Security Group (ESG) and backend systems work but, without an Access All Areas pass you’re likely to get thrown out by the men in black suits before you get too close. :)
So, with that in mind, today's guest writer is Amanda Grady, Senior Business Intelligence Analyst in our Anti-Spam Engineering group, who has kindly hustled up a great 101 overview of what goes on in our ESG Bunkers.
Our massive Global Intelligence Network, which includes millions of Probe Network accounts, as well as our 24 x 7 x 365 Email Security Group (ESG) looking at spam attacks in real-time, means we really are extremely well-placed to block any new spam attacks. Our hardworking systems and teams of real, actual humans, mean our anti-spam solutions are extremely effective without needing any further participation from customers.
Keeping ahead of the spammers takes a lot of time and dedication but in the simplest of terms, we like to get our hands on as much spam as possible!
If you have ever tried to block a particular type of spam you will know that spam messages change constantly on an hourly basis or even less, so the sooner a message is received the better. For effectiveness analysis, the entire message including the internet headers, (received lines etc.) are required. One of the most convenient methods for system administrators is to set-up a "Report Spam" button in the mail interface, which will allow end users to report the messages in right format the instant they receive them. In this way, spam outbreaks can quickly be detected.
On the customer side, monitoring the reported spam or number of these reports can be a useful method for tracking the effectiveness of the anti-spam solution. ("Effectiveness rate" is the ratio of identified spam messages out of the total number of spam messages in the mailstream. This definition is separate from the "catch rate", which is the ratio of caught spam to total messages).
The complete messages sent to Symantec are then grouped with other similar messages to form an "attack". Large emerging outbreaks can quickly be detected and filters can be created as a priority. Emails that have certain characteristics identified as specific to spam by Symantec can be blocked almost instantly by automation. Sometimes end users will report legitimate email as spam, for example a reputable newsletter they no longer want to receive, a joke from a friend etc., so for this reason other submissions will be examined before being blocked.
If you are not already aware of how to submit new or missed spam variants to us for filter creation then please get in touch with your Symantec contact, Technical Support or just read up this handy KB article:
We may be the only ones who are looking forward to receiving your spam!
--Amanda
Message Edited by Ian Mcshane on
06-06-2008 12:28 PM