quietlife.net

Swirbo

14 Oct 2004

Well, the reason I’ve been remiss in posting is because I’ve been neglecting it in favor of another: Swirbo, my new spam and virus filtering service was launched with much fanfare this week.

Briefly, Swirbo is a service for filtering spam and viruses. Unlike most spam and virus-filtering solutions, it’s not software you install on your PC, and it doesn’t involve hardware at your physical location. Your domain name’s mail is simply routed, via its MX records, to our service, where it’s cleaned of spam and viruses before being delivered to your final destination mailserver.

Because of this, obviously, it’s only an option if you have control over your domain and want to protect it entirely. (But, stay tuned for a future product designed more towards individual e-mail boxes.)

A brief list of features and functionality:

  • Suspected spam and viruses are quarantined on our servers for future review, not deleted, so even false positives are never truly lost.
  • A user-friendly web interface for reviewing and verifying both quarantined mail and viruses, with account and domain-specific settings (and inheritance), white and black lists, customizable thresholds and actions.
  • A host of spam-fighting measures, including, among others:
    • Bayesian statistical analysis and training
    • Multiple public and proprietary blacklists (DNS RBLs, RHSBLs, et al.)
    • Checksum clearinghouses
    • Greylisting
    • SMTP Adherence limitations
  • Virus filtering, protecting against over 25,000 signatures, updated every hour. The recent JPEG comment exploit was detected and quarantined on our system no later than the morning it was first spotted in the wild.

And some quick numbers:

  • Over 99% catch-rate, 0.02% false positive rate.
  • On average, 60-70% of all mail (yes, all mail) is rejected off the bat as spam because of blacklists of SMTP violations. Further, another 20% of the remainder is quarantined as spam or viruses after that. This translates to a tremendous savings in bandwidth and server processing load because of mail that never hits your mailserver

Be sure to check out Swirbo’s new website, and if you’re interested, definitely sign up for a Free Trial.

We now return you to your regularly scheduled lack of posting.

Comments

Doug OrleansOctober 14, 2004 at 21:00 · reply

Hey, get PJ to sign up place.org.

Erik OstromOctober 14, 2004 at 23:38 · reply

Congrats on the product launch, that’s awesome.

SayUncleOctober 15, 2004 at 07:59 · reply

Welcome back!

MichaelOctober 20, 2004 at 15:19 · reply

Swirbo…is that somehow realted to popular Hercules star Kevin Sorbo?

AmandaOctober 22, 2004 at 14:30 · reply

You mean Captain Dylan Hunt from Andromeda Kevin Sorbo? (God I am such a dork)

An old ummm friend, yeah thatsOctober 27, 2004 at 07:11 · reply

Ahh but such a cute dork… it’s excusable.

stegaOctober 31, 2004 at 15:41 · reply

so I’m assuming the system is postfix on Linux and you have some nice scripts to adjust the relay transport and relay tables or you’re relying on LDAP. What’s the back end filtering–clamscan and spamcop? Also, there’s no privacy policy on the site.

cwageOctober 31, 2004 at 16:21 · reply

Postfix of course, y es, and the relay stuff is kept per-account in sql..

We’re using spamcop, but only in contextual searches, along with many other more aggressive blacklists. I don’t consider spamcop to be responsible enough to use as a blacklist at the MTA-level.

We’re using clamscan, yes, and it’s doing spectacularly, buy we are looking at incorporating some commercial virus scanners anyway.

Privacy policy and some other info on the site is forthcoming..

stegaNovember 01, 2004 at 21:32 · reply

how many messages per hour can you handle? Do users have control over their SC settings or do you have way for them to report missed spam and check for false positives? Yeah…i’m full of questions.

cwageNovember 01, 2004 at 23:21 · reply

As far as messages we can handle, basically our cost and price model makes the total bandwidth we use per month our limiting factor – we will run up against that per-server before we ever have to worry about server load, so I haven’t done any extensive tests of throughput beyond just satisfying myself that it could handle a sustained thrashing from smtp-sink and smtp-source.

Basically, I can afford to throw more servers at it before the load on any one server is really a factor..

Users have control over everything via the web interface. Users can change score thresholds, options for labelling vs. quarantining, disable/enable both spam and virus filtering, etc etc. Spam is kept in a quarantine for review (and release of any false negatives) and conversely a “cache” of non-spam that was delivered is also kept, for confirmation.

Once confirmed, these messages are fed back into the system to be trained hourly by the bayesian stuff as non-spam or spam.

This goes for messages in the spam quarantine that the user identifies as a false positive, which are also then released to the user for delivery unmodified.

Thanks! Your comment has been submitted and will appear shortly.

Leave a comment