Internet Service Provider
Growing outbound spam was causing increased resource consumption (CPU, disk and admin) and putting company at risk of blacklisting by other ISPs. SureWest sought an outbound filtering solution that could extend the capability of its existing SpamAssassin implementation.
SureWest Communications is one of the nation’s leading independent communications holding companies. With more than 90 years in Northern California, SureWest and its family of companies represent an integrated network of highly reliable advanced communications products and services. SureWest provides digital cable TV, fiber optics, PCS wireless, DSL, high-speed Internet access, data transport and local and long distance telephone service. SureWest has one of the highest residential DSL penetration rates in the country at over 33 percent and is capable of providing DSL service to 100 percent of its service area.
In late 2007, SureWest identified outbound spam as an issue that could directly affect its webmail subscribers and began to look for a solution that would solve the problem immediately. Additionally, the company recognized that botnets on its network and the problem of outbound spam puts ISPs at risk of being blacklisted by other ISPs. For SureWest, outbound spam had the potential to increase e-mail queues, creating e-mail delays for users and causing a ripple effect throughout the organization. The process of investigating the sources of delay and remedying their outbound spam problem had created a significant administrative burden.
Searching for a more proactive way to address its problems, SureWest evaluated and tested multiple anti-spam solutions, most of which didn’t integrate easily with its opensource e-mail platform. SureWest also rejected “closed box” solutions because of the inability to perform in a carrier-scale environment.
Since team members at SureWest had prior experience with Razor, an open source plugin developed by Cloudmark’s Chief Scientist Vipul Ved Prakash, the company decided to test Cloudmark Authority, a carrier-grade software plug-in for SpamAssassin. Cloudmark Authority includes an integration layer that delivers the latest threat signatures from Cloudmark to SpamAssassin. Cloudmark Authority offered an immediate improvement in filtering accuracy and performance, without requiring SureWest to leave or modify its open source platform.
Using a unique combination of Advanced Message FingerprintingTM and corroborated reporting from the Global Threat Network, the industry’s most sophisticated threat detection system, Cloudmark rapidly detects messaging abuse with 98 percent accuracy and near-zero false positives. An additional benefit to this high accuracy is that Cloudmark Authority requires only a fraction of the processing power of alternative solutions.
Instead of processing-intensive rules, Cloudmark Authority uses lightweight Advanced Message Fingerprinting algorithms that do not impact scanning performance. Messages are rapidly scanned against Cloudmark Authority’s in-memory cache of known “bad fingerprints” or threat signatures. This local cache receives frequent Cloudmark threat updates—every 45 seconds—that are only additions to this cache. As a result, Cloudmark requires significantly fewer CPU cycles than traditional solutions while delivering a higher filtering rate. Cloudmark’s efficiency and stability also enable service providers of all sizes to better predict infrastructure and administrative requirements over time.
Cloudmark Authority was implemented on its open-source Apache SpamAssassin email platform. The installation was complete in just 15 minutes and SureWest began to see immediate results in both hardware efficiency and filtering.
SureWest benefited from 15-20 percent increase in overall message throughput with Cloudmark Authority. Message scan times dropped from five to seven seconds per message to under one second per message.
SureWest has seen average system loads per CPU reduced by half, and user space CPU usage from a peak of 30 percent to under 20 percent, representing a dramatic reduction in CPU utilization.
SureWest transitioned to a virtualized environment and reduced physical hardware from four machines down to two; however, with Cloudmark Authority, the company is now able to effectively process 50 percent more messages per hour despite the reduction in physical hardware.
SureWest implemented Cloudmark Authority and transferred its hardware to virtualization at the same time. Immediately the company was able to reduce the amount of physical machines by 25 percent, and the company plans to cut hardware by 60 percent in the medium term. With Cloudmark Authority, SureWest can process twice the mail through their virtual box than through regular machine with their previous setup.
With Cloudmark Authority, SureWest can now see when a user account is “bursting”—sending large amounts of spam through the e-mail cluster—and stop the messages from leaving its network. By proactively identifying and blocking these messages, SureWest reduces the amount of spam leaving its network and, in turn, lowers the chances of being blacklisted by other ISPs.
Finally, since SureWest no longer needs to maintain rules and lists for SpamAssassin, Cloudmark also helped reduce administrative costs. As a result, SureWest's customers benefit from a more secure, higher quality webmail experience.
Cloudmark Authority integrated easily into our SpamAssassin environment and has delivered immediate improvements, such as increased outbound filtering accuracy, improved scanning times and reduced administrative costs. By reducing our resource requirements and improving service quality, Cloudmark Authority has proven to be an exceptionally good value for our company.— Scott Barber