Sound Ideas Of America, Inc.

FineLine SpamFilter

Aggressive email filtering for business

Overview

FineLine SpamFilter provides an aggressive centralized email filtering system specifically designed for business that is quickly and easily implemented for an entire company. It can be used with any existing email system including:

  • PCs retrieving email directly from an ISP or Exchange server

  • UNIX retrieving email from an ISP with POP3

  • UNIX receiving email 24/7 with SMTP

NOTE: You do not need UNIX-based email to use FineLine SpamFilter - i.e. it can be added to PC-only email environments like Outlook retrieving email directly from the Internet.

It's estimated that over 80% of all email on the Internet consists of spam. FineLine SpamFilter provides an effective solution for drastically reducing the amount of spam that your users receive so less time and productivity is wasted on wading through and deleting these messages, along with running the risk of missing or deleting valid messages buried in the spam.


Features


General

  • Filters mail from a POP3 server or directly from a local mailbox with automatic weekly purging of filtered email by day of the week.

  • Enhanced POP3 server for providing email stored on UNIX to PCs or other POP3 clients. This special POP3 server can also provide a current index of all filtered messages for viewing with a PC interface, along with select access to the actual filtered files.

  • Includes a utility for interactively viewing the processing of a mailbox in real-time without affecting the mailbox contents (with the ability to view, search, save and/or print the results). Great for testing how configuration changes affect the filtering before implementation.

  • Includes an option to manually check a domain name or IP address with the Internet block lists so you can see if a particular domain has been blocked.

  • Includes an option to manually test the accessibility and performance of each selected Internet block list.

  • Includes a utility to search all current filtered messages for a particular sender or recipient address and list the matching messages along with where each is stored.

  • Features the ability to specify a limit on the number of messages that are retrieved or listed (virtually all email clients only process entire mailboxes). Very helpful for testing, or with Internet connectivity issues that require shorter connection times.

  • Includes a utility to import a text file into the local whitelist or blacklist

  • Automatic returned email loop detection redirects multiple returned messages encountered during a single pass of a mailbox, greatly reducing "thrashing" and system degredation from bouncing messages. (Returned email loops occur when an incoming address is forwarded to an invalid or "mailbox full" external address that returns the message. Although the cause of the loop still needs to be addressed in the email server/client software being used, this feature can drastically reduce the loop's impact on the system.)

  • Extensive configuration options through an easy-to-use centralized UNIX interface.


Unique features

FineLine SpamFilter centralizes the filtering on a UNIX server and so it has the unique advantage of knowing exactly which email recipients names are valid - one thing spammers can never accurately know. This is an excellent indicator of whether or not a message is spam since the majority of spam email is addressed to a combination of bogus and valid users at the same domain name.

In contrast, when email is delivered directly to a single PC (how most email is usually transferred), there is no way for the PC to know whether the other recipients specified in the message are valid, and so it cannot recognize whether or not the message is spam using this important and highly effective indicator (the same limitation is true for spam filtering performed by an ISP).

FineLine SpamFilter also includes a number of unique content checking options, including:

  • Specifying a wildcard character in a subject to match varying spellings (ex: "Ph aramacy", "Re[#]:", "meedicaxtionn", "degr3e", etc.)

  • Checking if the sender's email name contains a vowel within a certain number of consecutive characters (ex: "qqzerdgwgi@abc.com)

  • Specifying if the message contains an attached GIF image (combined with other requirements)

  • Specifying the number of words required in the subject (combined with other requirements)

  • Searching a limited number of lines in the message body for specific text or for web addresses that are checked against Internet block lists

  • And more...


Filtering

Steps performed to determine if a message is spam:

  1. If the mailbox is for one recipient (versus company-wide) and the recipient's address is specified, the message is filtered if it is not addressed to the recipient.

  2. If the sender's domain or complete email address is in the local whitelist, the message is considered valid.

  3. If the sender's domain or complete email address is in the local blacklist, the message is filtered.

  4. Entries in a custom filter table are tested against the message. These entries can flag a message as spam or OK based on a number of criteria, including the text in the subject, from, to, received and any other header, a GIF image attachment, and checking for specific text in up to 999 lines of the message body. Numerous "built-in" entries are included upon install.

  5. A comprehensive set of configurable content filtering options check the validity of the message, including looking for basic spam flags, a valid message ID, various subject controls, sender and recipient address conditions and more.

  6. The message's IP addresses and sender's domain name are checked against Internet block lists (special Internet servers that maintain lists of known spammers).

  7. Up to 999 lines of the body are checked for a web address (which often exists in spam since the goal is to advertise something) and all web addresses found are tested against the Internet block lists. This step usually results in a very high spam capture rate.

  8. If the message passes all of the above, it is considered to be valid and placed in the specified mailbox.


Filtered message storage

With FineLine SpamFilter, a message being processed is considered to be either spam or valid. Valid messages are placed in the mailbox specified in the configuration. Filtered messages are placed in special system-wide mailboxes for each day that automatically purge themselves each week (so you have up to one week to retrieve a message from the filtered mailboxes).

To access these filtered mailboxes with a PC email interface (ex: Outlook), you only need to create additional user accounts in the PC email software ("profiles" in Outlook; "identities" in Outlook Express) using special SpamFilter email account names to access each day's filtered email (a single name can be used to access the current day's filtered mail, or any day of the week can be specified). An additional special account name is also included which generates 7 messages (one for each day) listing information on the filtered messages in each spam mailbox for easier location of a misdirected message (i.e. it provides an index of the messages that have been filtered).

If you are using a UNIX-based email package like our FineLine Message Manager, you can simply specify a user's UNIX folder directory as the location of the spam mailboxes and then the user only needs to change the current folder in the email program to access them.

In addition, a UNIX search utility is provided for specifying a sender or recipient's address and it will list all matching messages along with the spam mailbox where each matching message resides.


Filtering effectiveness

Spam varies greatly depending on what mailing lists you are on and what email configuration is being employed, so the performance of FineLine SpamFilter "out of the box" will not be perfect - although it should catch the majority of spam with all options enabled. The big keys to its effectiveness are whether it can employ a receipient name check, how the headers of the message being processed were written, and whether the Internet block lists have the sender listed. If the message headers are "clean" and the sender's domain, IP addresses and web addresses are not listed, it may take a little customization of the SpamFilter options to catch particular messages.

Also, the more spam messages that are caught, the more efficient the program becomes because it maintains a list of recent domain names and IP addresses found on the Internet block lists. This speeds up processing because this list eliminates the need to re-check information with the Internet from repeat spammers (entries can easily be found and deleted from this list, if required).

As an example of how effective FineLine SpamFilter is with company email, we receive between 1,500 and 7,000 spam messages a day in our single company-wide email box. After listing all of the newsletter senders in the local whitelist, we are right at 99-100% capture rate with virtually no "false positives" (valid messages that are incorrectly filtered). During a recent long weekend, we accumulated 18,920 spam messages in our mailbox - of which only 19 got through! This high rate of capture is due to SpamFilter's ability to filter messages addressed to invalid local users along with our extensive "built-in" filter table entries. In contrast, with another mailbox that contains email for only a single user whose address contains the ISP's domain name (i.e. not a local domain name), the results are not as high because the software is unable to check for valid local recipient names and must rely solely on message content checks and the accuracy of Internet block lists.


Testing the filtering

FineLine SpamFilter includes a powerful option for "testing" a mailbox (POP or local) without deleting or delivering anything. This utility prompts for a mailbox defined in the software and then processes each message "live" while you watch. It's a great way to see where things might slow down (ex: checking a particular Internet block list) and how each message will be processed (i.e. valid vs spam). The program can be interrupted at any message and the results viewed, searched, saved and/or printed.

This tool is extremely valuable for seeing how your messages will be processed so the local whitelist, blacklist, filter table and content options can be modified to properly process messages for your particular system. Simply change a configuration option and re-select the mailbox to see how the change affects the filtering.

NOTE: If you are interested in evaluating this software, you only need to do the following to see how it will work for you - without affecting your existing email in any way:

  1. Download, install and license the software (eval license available from the download page)
  2. Specify any number of local or POP3 mailboxes in the configuration
  3. Specify your local domain name(s) in the configuration
  4. Specify the IP address of your DNS server in the configuration
  5. Run the UNIX command: flfilter -view

Confirming why a particular message was filtered

Every message filtered by FineLine SpamFilter has a few lines added to the message header that specify what condition was met for it to be considered spam. This is extremely important for adjusting the software to reduce "false positives" - when a valid message is filtered. Just choose the "View message source" (or similar wording) option in your email program to see the headers.

This package also includes an option to search Internet block lists for a specified domain name or IP address, listing whether the entry was found in each list. This is a very important function for determining whether a particular domain or IP has been listed on the Internet causing messages to be filtered.


Processing speed and system burden

As detailed above, the software first performs a number of content checks against the message before checking information with the Internet. These simple content checks shouldn't cause any noticible decrease in system performance since only one message is processed at a time. The only delay that might be experienced is with the delivery of some messages since the software may need to wait for the Internet block lists and/or DNS server to respond to different requests, which may add a few seconds to the delivery of a message. Since the mail processing should be happening in the background, users shouldn't really notice any difference - except that the number of spam messages they receive drops dramatically!


UNIX server changes required

Although it will work "out of the box" (assuming you have adapted your system to use it as explained in the information below), it may not catch all spam and may incorrectly filter valid messages until you "tune it" a little. This includes making sure that every valid local recipient name is specified in the software (UNIX users are automatically considered valid) - including all aliases (ex: sales, tech, etc); entering the domain of senders of all email newsletters in the local whitelist (otherwise they will be filtered if not specifically addressed to a valid local user); adding the domain name of repeat spam senders in the local blacklist; and possibly adding some custom filters for catching certain messages by subject or body text, for example (although a large number of "built-in" filter entries are included). With the ability to view how your messages will be processed with the current configuration without actually delivering the email, it's just a matter of run the viewer, change a configuration option and run it again until you are satisfied with the filtering.


Working with existing email configurations

FineLine SpamFilter uses either the common POP3 protocol to retrieve a mailbox from the Internet (i.e. your ISP) or another server, or it can read directly from a mailbox file that is already on your UNIX server.

Even if your UNIX server does not currently process your email, it is easy to add FineLine SpamFilter to your existing email configuration.


Here are a few common email scenerios and how FineLine SpamFilter fits in:

Current:  PC with POP3

PC email client (ex: Outlook) uses POP3 to retrieve mail from an ISP (or any POP3 email server, including Exchange)

New:  FineLine SpamFilter uses POP3 to retrieve and filter the mailbox and places all valid messages in a mailbox on the UNIX system. The PC uses POP3 to retrieve the messages from the UNIX server using the included special POP3 server (instead of directly from the ISP).

Changes:  The PC email program only needs to have the name/IP of the POP3 server changed to the UNIX system.


Current:  UNIX with POP3

UNIX server uses POP3 to retrieve the email for all local users from a single mailbox (ex: with our FineLine Internet MailServer)

New:  FineLine SpamFilter retrieves the email from the ISP with POP3 and places all valid messages in a single local mailbox, then runs a UNIX command to have the local email program (ex: our MailServer) use POP3 to process and distribute the "clean" local mailbox.

Changes:  The UNIX email program needs to have the domain/IP of the POP3 server changed from the ISP to the local UNIX system and it's incoming mail retrieval disabled (its command to process the mail from the local system will be run by the SpamFilter scheduler).


Current:  UNIX with SMTP

The UNIX server receives messages directly 24/7 using SMTP and the messages are placed in the recipients' mailboxes. PCs pop the email from the UNIX server.

New:  The UNIX SMTP server still receives the email. FineLine SpamFilter reads the recipients' local mailboxes and filters the messages, placing the valid email into an alternate mailbox for each user. PCs use the POP3 server included with this package to retrieve the email from the alternate mailbox on the UNIX server.

Changes:  Nothing needs to be changed on the PCs. The FineLine SpamFilter POP3 server is configured to provide each PC user with the alternate mailbox rather than their original one.


Current:  UNIX with SMTP & IMAP

The UNIX server receives messages directly 24/7 using SMTP and the messages are placed in the recipients' mailboxes. PCs use IMAP to access the email on the UNIX server (in lieu of moving it to the PC with POP3).

New:  FineLine SpamFilter reads the recipients' local mailboxes and filters the messages, placing the valid email into an alternate mailbox for each user. PCs specify the alternate mailbox with IMAP.

Changes:  The PCs need to change the IMAP settings to use the alternate mailbox.



Supported UNIX platforms

  • SCO OpenServer 5 / 6
  • SCO UnixWare 7
  • Linux
  • IBM AIX


Product licensing


This product is licensed by single UNIX server as a one-time purchase (i.e. no yearly fee is required).


Pricing

Per UNIX server:  $695   (Unlimited users)



Download


Software License Agreement   Read this before downloading and installing any of our software

Evaluation License   This license enables our software to be used for a temporary evaluation period

Download Instructions   How to download and install our software


IMPORTANT:  Version 2 requires a new license. Do not install this product if you are currently running version 1 unless you have a version 2 license in-hand, because the software will stop functioning.


UNIX / Linux Server

SCO OpenServer 5/6

FineLine SpamFilter
spm10r06.Z
1,089,560

SCO UnixWare 7

FineLine SpamFilter
spm10r06.gz
1,062,002


Linux

FineLine SpamFilter
spm10r06.gz
449,780

AIX

FineLine SpamFilter
spm10r06.Z
622,695



All pricing and features are subject to change without notice.