Skip navigation

Security UPDATE--Speed Up Mail Processing with Filter Order Adjustments--December 22, 2004


This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Earn A Free Year of Web Filtering -- Limited Time Offer

The Key to Stopping Email Attacks: Sender ID Can't Do It


1. In Focus: Speed Up Mail Processing with Filter Order Adjustments

2. Security News and Features

- Recent Security Vulnerabilities

- Mega Merger: Symantec and VERITAS

- Critical Update for Windows Firewall Flies Under the Radar

- Microsoft Purchases GIANT Company Software for Antispyware Solution

- 3Com Buys TippingPoint for $430 Million

- Cisco to Acquire BCN, Symantec Acquires Platform Logic

3. Security Matters Blog

- Security Patching: We'll Get Around to It in a Couple of Years

- IE Popup Blocker Can Be Bypassed

4. Security Toolkit


- Security Forum Featured Thread

5. New and Improved

- Eliminate Unwanted Programs


==== Sponsor: St. Bernard Software ====

Earn A Free Year of Web Filtering -- Limited Time Offer

If you're using a software product to filter Internet access for your organization, there is a better way. With iPrism from St. Bernard, you get a true appliance solution requiring no extra hardware or software. Security is assured with automatic updates sent daily. The superior interoperability of iPrism means a seamless interface on any network. Download 5 Free Web Tools and find out how you can add a free year to your subscription. Act now to qualify for this limited time offer!


==== 1. In Focus: Speed Up Mail Processing with Filter Order Adjustments ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I've discussed spam filtering, and in particular the use of blacklist services, in the recent past. I've been testing spam filtering mechanisms and want to share some insights.

Although blacklist services do help reduce the amount of unwanted email your users might receive in their inboxes, they also introduce some amount of processing overhead. Blacklist filters rely on DNS lookups, so message processing time is increased by the number of DNS lookups per message along with any network lag time involved in those lookups. Heavily used blacklist services sometimes take up to 1 second or longer to respond to queries.

The order in which your mail filters are used can make a performance difference. You might be able to reduce processing lag time by performing blacklist queries after other, simpler processing has taken place. For example, you might have filters that use whitelists or look for foreign languages, various countries of origin, various character sets, banned word lists, nonstandard message formatting, malformed HTML, banned scripts, file attachments, etc. These types of filters can typically process mail much faster than filters that rely on network communication to outsourced services such as blacklist providers. These types of filters can also process mail much faster than typical Bayesian filtering systems, especially Bayesian filters that have accumulated a big database of tokens (a database that probably grows larger by the hour). Whether you use Bayesian filters before or after blacklist service filters probably depends on how much mail your server processes and what kind of processing power your server has as compared to the sum of network lag time between your network and the blacklist service providers.

Another thing I've found, which is probably to be expected, is that blacklist services tend to respond to DNS queries much faster at night (in the US) than they do during the day. This phenomenon is undoubtedly due to far more people picking up mail during the day then at night. Most server-based filtering solutions are probably on dedicated connections and therefore process mail any time of day or night. But when you factor in the millions of individual computer users who run desktop-based mail filtering solutions, it stands to reason that there is a much greater load on blacklist services during daytime hours.

If your mail filtering solution lets you adjust the priority or processing order of the various filtering mechanisms that it uses, consider testing to see which priority or order works best for your needs. You might find that the out-of-the-box configuration works better after some tweaking.

Until next time, have a great week.


==== Sponsor: Postini ====

The Key to Stopping Email Attacks: Sender ID Can't Do It

"Going nowhere fast," is how the media described recent efforts to develop an industry-wide email sender authentication standard. Even if some form of Sender ID is eventually adopted, spammers and hackers may be able to exploit the registration of IP addresses with Sender ID to improve their delivery of junk email. Effective real time IP address analysis and filtering is necessary — not sender authentication. This white paper explains why enterprises do not need to rely on Sender ID and discusses better, proven email intrusion prevention solutions that already work today to stop spam, viruses and email attacks. Get answers now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Mega Merger: Symantec and VERITAS

Security solutions provider Symantec and storage solutions provider VERITAS Software announced their intention to merge. The merger would create one of the largest vendors in the computing industry.

Critical Update for Windows Firewall Flies Under the Radar

As it turns out, Microsoft issued not five, but six security updates in December. A critical update for Windows Firewall was not announced to the public through expected channels.

Microsoft Purchases GIANT Company Software for Antispyware Solution

Microsoft purchased GIANT Company Software, including all of GIANT's products, technology, and staff. Microsoft will soon launch a beta of an upcoming version of Giant AntiSpyware, which will likely be branded a Microsoft product, and will present the solution as the ultimate security companion to Windows XP Service Pack 2 (SP2).

3Com Buys TippingPoint for $430 Million

3Com announced that it has reached an agreement to acquire intrusion prevention solution maker TippingPoint.

Cisco to Acquire BCN, Symantec Acquires Platform Logic

Symantec has acquired Platform Logic, maker of AppFire - a host protection suite, and Cisco announced that it has finalized an agreement to acquire BCN, provider of software design and developer of application routing architecture.


==== Announcements ====

(from Windows IT Pro and its partners)

Are You "Getting By" Using Fax Machines or Relying on a Less Savvy Solution That Doesn't Offer Truly Integrated Faxing from Within User Applications?

Attend this free on-demand Web seminar and learn what questions to ask when selecting an integrated fax solution, discover how an integrated fax solution is more efficient than traditional faxing methods, and learn how to select the fax technology that's right for your organization. Register now!

Harness the Power of Active Directory Provisioning

Join Active Directory expert Jeremy Moskowitz for this on-demand Web seminar. Discover the power of using Group Policy to efficiently configure and manage computers within your company to reduce administration and maximize productivity. You'll learn how to leverage Group Policy to provision desktops, manage the provisioning process, and more. Register now!

Best Practices for Systems Management

In this free on-demand Web seminar, you'll discover the most effective practices to monitor and manage your OSs and how they can be put into practice in your environment. Our expert panel will deliver the tips and techniques you need to improve service levels and maximize the use of your IT staff. Register now!

Get the Entire Exchange 2003 eBook

This free eBook will educate Exchange administrators and systems managers on how to best approach the migration and overall management of an Exchange Server 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management. Get the entire eBook now!


==== 3. Security Matters Blog ====

by Mark Joseph Edwards,

Check out these recent entries in the Security Matters blog:

Security Patching: We'll Get Around to It in a Couple of Years

It seems that even after years, some companies fail to load security patches. Why is that?

IE Popup Blocker Can Be Bypassed

This probably means that another Microsoft Internet Explorer (IE) patch is on the way.

==== 4. Security Toolkit ====


by John Savill,

Q: How can I ensure that my mobile Dfs clients access link targets from an updated link-target list?

Find the answer at

Security Forum Featured Thread: IP Security Policies

James writes that he spotted a foreign computer on his network. He wants to know the best way to stop unauthorized people from accessing his network and wonders whether IP Security (IPSec) policies are a reasonable solution. Join the discussion at:


==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at )

Stop the "Silent Killer" Unleashed by Spammers

You're under attack from the "silent killer" trying to steal your email directory addresses through directory harvest attacks. Symptoms include sudden bursts of email activity that last only a few minutes and server deferral queues that are constantly full slowing your server performance. Register now for this free on-demand Web seminar and learn how to stop the "silent killer" in its tracks!


==== 5. New and Improved ====

by Renee Munshi, [email protected]

Eliminate Unwanted Programs

Uniblue Systems has released WinTasks 5 Professional, which supplements firewalls and antivirus software by helping you identify and eliminate unwanted programs that are already running silently in the background on your machine. New features in WinTasks 5 Pro include a searchable process library of information about viruses and Trojan horses, as well as information about the harmless processes that might be running on your computer. A new automatic update feature keeps both the program and the process library up to date. The program also includes block and allow lists that you can customize. WinTasks 5 Pro runs under Windows 2003/XP/2000/Me/98 and costs $49.95. A free, fully-functional 30-day trial version and multi-user licenses are available. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Data Protection from NSI and Microsoft

Instant recovery and data protection solutions for Exchange and SQL servers;12746138;8214395;l?


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Security Administrator, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.