Brightmail launches a major update to its product line, promising even better accuracy in its ongoing search for anti-spam protection. Until it's perfect, the company will accept an error rate of 1 in 100,000.

by Alex Goldman ISP-Planet Associate Editor [October 11, 2002]

Brightmail, the anti-spam company, is doing fine. Little wonder, considering the gush of unsolicited e-mail in the U.S. is expected to more than double over the next four years to 1.67 billion messages, according to Jupiter Research.

Enrique Salem, Brightmail president and chief executive officer, said the company is processing record levels of spam.

"In September, we processed 3.1 billion messages," Salem said, "Of those, about 38 percent, or 1.2 billion, were spam."

Salem added that Brightmail's customer base is growing, too.

"We currently protect almost 150 million mailboxes, and with the addition of Hotmail later this year, we expect to end the year protecting more than 250 million mailboxes," Salem said.

San Francisco-based Brightmail signed its biggest deal to date—a multi-year, multi-million dollar-arrangement with MSN to block spam for Hotmail users—in September.

Get, don't give
Brightmail's anti-spam strategy is sweet and simple. The company sets up dummy mailboxes, which it calls "probes," for those ISPs whose customers it protects. Most ISPs are eager to give Brightmail the "probe" mailboxes because they want any spam sent to them to be profiled by Brightmail.

Since these mailboxes never send mail, any e-mail they receive is unsolicited. With probes scattered across the Internet, the company can cross-reference the e-mail it collects to determine which messages being sent out are bulk spam.

The probes divide spam messages into identifiable components, and develops a "spam DNA" profiled that is categorized with the aid of Sieve technology (Sieve is also known as IETF RFC 3028). It is then transmitted across the Internet to Brightmail's Network Operation Center (NOC) using an MD5 hash. At the NOC, the various reports are aggregated into a data file that acts like an anti-virus "fingerprint," which is distributed to Brightmail clients. Because of the volume of spam over the Internet, these updates are sent out every five or ten minutes.

Salem said the company's BrightSig technology is a real leap forward.

"It's like the difference between fingerprints and DNA," Salem explained. "Fingerprints can be inaccurate but DNA is not. We know that spammers use software to change the characteristics of spam to foil most anti-spam software."

The idea behind the BrightSig technology is to find parts of a spam message that will identify it, so that if a spammer sends out, say, 50 versions of the "Nigerian scam," then the software will recognize similar pieces of those 50 different e-mail versions as unsolicited e-mail, and catch everyone one of them.

Known as polymorphic spam, Sale said that BrightSig technology can quickly sift through the changing versions e-mail clutter.

"We can handle these polymorphic spam attacks with a single BrightSig signature," Salem said.

Value proposition
The company has always focused on serving large ISPs. It's high-profile clients include EarthLink, Verizon, Comcast, and Bell South. But now the company is making its services a cost-effective business proposition for smaller ISPs.

Brightmail sells two versions of its software, one for enterprises, and one for service providers. The Service Provide Edition (SPE), goes for less than a dollar per user per month for mid-sized to large ISPs

Salem explained Brightmail's pricing strategy.

"We model based on an ISP's monthly revenues," Salem said. "If a local ISP is charging $15 per month to its users, we feel we can charge that ISP about $0.25 per user per month."

Because the system is software-based, there's no equipment to buy or install. The Brightmail software gets loaded onto an ISP's mail server or servers. The average mid-sized ISP could be up and running in a few days, but a large ISP with many points-of-presence (POP) would probably load Brightmail on a single POP, run tests, and then push the software out across the network, a process that could take several months.

Brightmail can also deliver anti-virus functionality. "We have embedded Symantec's anti-virus technology in our product," says Salem, who himself once ran Symantec's anti-virus division.

If your ISP's subscribers are fed up with unsolicited e-mail being crammed into their mailboxes, Brightmail is one way to stem the flow without routing all your e-mail through a third-party server or trying to keep up with blacklisted IP addresses.

—End