GFI MailEssentials 10.1 adds directory harvesting detection and SPF support to its anti-spam arsenal

October 18, 2004 - 12:00

GFI MailEssentials for Exchange/SMTP 10.1 is one of the first server-based anti-spam solutions to support the anti-forgery Sender Policy Framework (SPF). SPF is rapidly gaining acceptance by leading organizations as a key method of blocking spam through sender authentication. The framework permits users to check automatically whether a particular email sender is forged. In its ongoing bid to help users win the battle against spam, GFI is offering the SPF module as freeware. Version 10.1 also detects directory harvesting, a method used by spammers to email as many recipients as possible within one domain.

Eliminates directory harvesting
Spammers often try to guess recipient addresses by generating multiple random email addresses at a domain. They then send their spam mail to all those addresses. GFI MailEssentials counteracts this by checking the validity of all the email addresses included in the mail sent, via a query to Active Directory; if they are not all valid, it flags the mail as spam.

About the Sender Policy Framework (SPF)
As most of today’s spammers spoof email addresses, it is important to be able to check whether an email is genuine or if it has been sent from a forged sending address. This can be done via SPF – the Sender Policy Framework – which allows users to test whether a particular email originates from its claimed source (more information at http://spf.pobox.com). If, for example, a spammer falsifies an AOL address and tries to spam UserA, he would need to connect from somewhere other than AOL. When UserA receives the spammer’s mail, it appears to be sent from an AOL address, namely, forged_address@aol.com. However, the recipient does not need to take the sender’s word for it: Instead, UserA can ask AOL if the IP address comes from their network. Through SPF, this checking can be done automatically, thereby eliminating spam that originates from spoofed senders.

How SPF works
SPF requires that the sender's company has published its mail server in an SPF record. When receiving a message from a domain, GFI MailEssentials checks those records to make sure the mail is coming from where it says it is. For example, if an email is sent from xyz@CompanyABC.com, then companyABC.com must publish an SPF record in order for SPF to be able to determine if the email was really sent from the companyABC.com network, or whether it was spoofed. If an SPF record is not published by CompanyABC.com, the SPF result will register as ‘unknown’. SPF is rapidly gaining ground and major sites have committed to the project. More information can be found on http://spf.pobox.com.

"In the last twelve months, the email industry has wholeheartedly acknowledged that sender authentication is a necessary piece of the anti-spam puzzle.  While the IETF [the Internet Engineering Task Force] considers multiple possible approaches, the industry is quietly rolling out SPF because it delivers immediate benefits today.  I applaud GFI Software for joining the movement," said Meng Weng Wong, CTO and Founder of Pobox.com and author of SPF.

As IT guru Tim Berners-Lee said recently in an interview with InternetNews: "I think SPF is something that should be more widely used to thwart email address forgery. The technology is there to deal with this. SPF can be used right now to distinguish legitimate mail from illegal mail containing viruses before any message data is transmitted. I encourage people to use SPF because it provides the technology that works."

Obtaining the freeware version
The freeware version can be downloaded from http://www.gfi.com/mes/. The download is a trial version of GFI MailEssentials 10.1 (15Mb), however the product’s SPF and blacklist checking features, together with one disclaimer, remain active as freeware after the 60-day evaluation period.

About GFI MailEssentials for Exchange/SMTP (commercial version)
GFI MailEssentials offers spam protection at server level and eliminates the need to install and update anti-spam software on each desktop. GFI MailEssentials offers a fast set-up and a high spam detection rate using Bayesian analysis and other methods - no configuration required, very low false positives through its automatic whitelist, and the ability to automatically adapt to the email environment to constantly tune and improve spam detection. GFI MailEssentials also adds email management tools to your mail server: disclaimers, mail archiving and monitoring, Internet mail reporting, list server, server-based auto replies and POP3 downloading.

GFI MailEssentials pricing is highly competitive, with a 50-user version costing just US$495, as an example. GFI MailEssentials can be purchased in a bundle with GFI MailSecurity, GFI’s email content security product, at pricing starting at US$450 for 10 mailboxes. More information about GFI MailEssentials and a trial version are available at: http://www.gfi.com/mes/.

About GFI
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.