I’m Jamie de Guerre, the CTO of Cloudmark. We are one of Mailtrust’s new partners and our mission is to do everything possible to reduce the amount of spam you receive. I wanted to take a moment to explain how our technology works and let you know how Cloudmark and Mailtrust are working together to provide the best available spam protection in the market.
Mailtrust’s decision to move forward with new spam filtering technology was a proactive effort to secure customers against growing messaging abuse. The volume, speed and sophistication of today’s attack are unprecedented. And this is expected to continue—as spammers face more restrictive spam filters, they are developing never-before-seen methods to try to bypass them.
Cloudmark uses a completely different approach from traditional anti-spam solutions. The Cloudmark system is designed to automate the threat analysis and response by leveraging global threat reporting feedback from users and automated sources like honeypots, which are accounts set up to attract and trap spam. This is enabled by technology we call our Advanced Message Fingerprinting algorithms, which are able to create consistent identifiers for spam and phishing messages even after they mutate. This approach is also language, format, and encoding-agnostic so it works on spam containing images, double-byte characters, and URLs. Unlike anti-spam signatures or rules that are manually developed by staff in an operations center, fingerprints are automatically generated which enables faster response time to new threats.
We combine fingerprinting with global reporting and the concept of “trust”. Whether a fingerprint is considered “spammy” or legitimate is determined by the Cloudmark Global Threat Network, the largest live threat detection network in the world. It consists of millions of trusted reporters around the world, who report new instances of spam back to Cloudmark. Threat monitoring, therefore, comes not just from a department within a single company but collectively from a 24 x 7 worldwide network of email recipients. All feedback from this network is corroborated by a trust system before any action is taken on a message. To ensure accuracy cannot be compromised by spammers, this system tracks the reputation of each reporter and gives weight to feedback based on individual trust levels. Trust is earned over time by consistently reporting correct abuse feedback.
Cloudmark has recently begun receiving feedback from Mailtrust customers through the “Report Spam” button located in the Noteworthy Webmail interface. Reporting spam not only gives you power over the spammers but will help improve overall accuracy for the Mailtrust community of users. We have already started to receive some early feedback that this has helped improve filtering and as time goes on, this ongoing feedback will help Cloudmark to provide the best possible spam filtering for Mailtrust customers.
We always strive to be as aggressive as possible in the war against spam and security threats. We also welcome your feedback and comments. Please feel free to speak up, and I promise we’ll always act, listen and improve your security experience.
Rackspace Email & Apps Blog
Come on over and meet Cloudmark
11 Responses to “Come on over and meet Cloudmark”
Leave a Reply
Blog
- Case Studies (5)
- Company News (41)
- Culture (3)
- Email & Apps Industry (19)
- Fanatical Support (12)
- Fun & Games (4)
- Geek Out (5)
- General (186)
- Product Enhancements (48)
- Scrum (3)
- Tips & Advice (45)
- November 2009 (8)
- October 2009 (11)
- September 2009 (8)
- August 2009 (7)
- July 2009 (9)
- June 2009 (12)
- May 2009 (15)
- April 2009 (8)
- March 2009 (7)
- February 2009 (10)
- January 2009 (12)
- December 2008 (8)
- November 2008 (1)
- October 2008 (1)
- August 2008 (1)
- July 2008 (2)
- June 2008 (4)
- May 2008 (3)
- April 2008 (4)
- March 2008 (4)
- February 2008 (1)
- January 2008 (3)
- November 2007 (2)
- October 2007 (4)
- September 2007 (1)
- August 2007 (1)
- July 2007 (1)
- June 2007 (4)
- May 2007 (5)
- April 2007 (4)
- March 2007 (9)
- February 2007 (8)
- January 2007 (2)
- December 2006 (5)
- November 2006 (8)
- October 2006 (11)
- September 2006 (3)
- August 2006 (10)
- July 2006 (7)
- June 2006 (7)
- May 2006 (7)
- April 2006 (3)
- March 2006 (10)
- February 2006 (13)
- January 2006 (6)
- December 2005 (14)
- November 2005 (14)
- October 2005 (10)
- September 2005 (12)
- August 2005 (7)
- July 2005 (3)
- June 2005 (5)
- May 2005 (3)
- April 2005 (8)
- March 2005 (8)
- February 2005 (5)
- January 2005 (1)
The report spam feature works very well when working with the web interface – how can we accomplish the same when using Outlook to report spam? Is there an email address we can forward the message to that will accomplish the same thing? We are currently a Mailtrust client.
Jeff – That is a great question. There is the ability to also forward spam email that you may receive in Outlook to Cloudmark’s Global Threat Network. Here are the steps you will need to follow in Outlook:
1. Select the spam message from the email list
2. Click on “Actions” from the top menu bar
3. Select “Forward as Attachment” from the “Actions” drop down menu
4. A new message window will pop up and the spam email you selected will be attached to the message
5. Type in “spam@mailtrust.com” in the TO: field
6. Click “Send”
We’ll take care of the rest from there!
One thing I have always respected about MailTrust is its transparency with respect to its partners and technology. Well done MailTrust. That said, here is some friendly feedback relating to this post.
You say “Cloudmark uses a completely different approach from traditional anti-spam solutions”. If your post explains how your offering is “completely different” it is not clear to me. Regardless, the previous system worked very well from a user perspective. What would have been even more appreciated than this generic technical overview, is if it were written in the context of what has changed, specifically, and how the new system works and/or why it will be better for customers – initial gateways, through to mailbox.
The system bounces over one million mails for me on some days, and several hundred thousand every day. And I trust it, especially when it comes to the rate of false positives at the mailbox level.
What this post tells me is that I now need to spend time reassessing. In other words, it raises more questions than it answers and does not put my mind to rest.
I reiterate: friendly feedback. I respect and value the MailTrust service.
Nic
Cameron, I appreciate the tip of how to do this in Outlook. However, as we are an ISP, I don’t want to have my end users posting to an account outside of our domain. Any chance that MailTrust could set up specific accounts within each of our domains that can do the same thing (i.e., spam@mydomain.com always forwards to spam@mailtrust.com)? I think my users will have less confusion if something like this was enabled.
Spam definitely has hit us hard these last few weeks. I’m not sure if this was a result of the changeover to using Cloudmark or if it is just more sophisticated attacks from the spammers. But the number one complaint lately from our clients is the huge increase in spam that has occurred lately. Before this, I had complaints on the order of once per month, but now I’m getting around five users each day asking about the problem. What happened?
Thanks, Dirk
Dirk – love the idea. We should also work with Cloudmark to develop plug-ins to desktop software clients.
Nic – you’re right. We need to be more detailed. We’re working on that for our website and we’ll work with Cloudmark to get it right.
Keep the feedback coming. It really does help us drive in the right direction.
Pat
Dirk – Great suggestion.
Just to let you know right now you could create your own email alias in our system that could be ’spam@yourdomain.com’. You can then have that alias forward to ’spam@mailtrust.com’. That will provide the same result to Cloudmark’s Global Threat Network.
Let us know if you need help creating that email alias. We are happy to help.
Cameron,
The alias trick did the ticket – I’ll inform my users of how to do this, thanks.
I’m still interested in why more spam makes it to our users inbox AFTER the conversion to Cloudmark than before. In my opinion, we were much better off before with the previous system.
Dirk,
I also saw an increase in spam for a week or so. I remember seeing a posting in the Control Panel afterwards saying that there had been a setting wrong that was letting some spam through without testing. About the same time as this post, our spam -> inbox ratio dropped back to normal (very good) levels.
I can’t find older status posts in my control panel, so I can’t tell you the date exactly, but I did see the amount of spam go up, and then back down. Just thought this might help.
Hi Willie,
Thanks for the insight into wrong setting – I missed that in the control panel messages. I guess I’ll just have to chalk this up to a bad coincidence in timing of when Cloudmark showed up on the scene.
And yes, spam has been much better in the last few days. Here’s to even better filtering in the days ahead.
- Dirk
Forwarding to that email address sounds better than what I was currently doing whenever I received spam in my inbox, which was going to my browser, logging into my Mailtrust webmail account, reporting that email as spam, and then going back to Thunderbird. At the end of the day, a Thunderbird extension for reporting emails as spam or not as spam would still be greatly appreciated. Thanks!
Nic – Thanks for your frank feedback. In terms what has changed and how this change benefits customers, the change is the addition of Cloudmark Authority to the current SpamAssassin anti-spam system deployed at Mailtrust. This addition should bring better filtering of spam, phishing and viruses with low false positives.
To your request for more details about how the technology is different: the key difference between Cloudmark’s technology and competitive approaches is that we automate the threat analysis and response process as opposed to relying on a manual response. This allows Cloudmark to achieve better coverage at blocking spam and other email threats because we are able to respond more quickly. Competitive approaches are typically based on manually written rules, heuristics or other logic created by a team of people in a research or operations center. Spammers capitalize on this manual response by getting spam through while the operations center tries to catch up.
For a detailed overview of how Cloudmark technology works, please take a look at this whitepaper: http://www.cloudmark.com/releases/docs/wp_reputation_10640406.pdf