Barracuda snaps at spammers

Security firm Barracuda Networks has added Predictive Sender Profiling capabilities to its latest anti-spam firewall.

Using a network of more than 40,000 customer systems worldwide, Barracuda has created a compilation of email available for profiling the behaviour of spammers and determining a sender's identity when identity obfuscation techniques are used.

"While 2006 marked the beginning of an assault on image spam, 2007 is marking yet another trend through spammer identity obfuscation," said Stephen Pao, vice president of product management at Barracuda.

"Taking an analogy from the financial industry, where reputation analysis is like a FICO score, identity obfuscation, like identity theft, requires profiling against anomalous behaviour."

Predictive Sender Profiling targets spammers who obfuscate their identities through telltale signs such as sending too many emails from a single network address, or attempting to send to too many invalid recipients.

Other techniques include sending email blasts on the first day after registering a domain, and using free internet services to redirect to known spam domains.

"Reputation is a computationally efficient way to profile spam," said Michael Osterman, president of Osterman Research.

"However, we have observed that spoofing, botnets and other means of hiding behind the reputation of another sender have made this technique less effective than it might otherwise be.

"As a result, while we believe that reputation is very important, other spam prevention techniques that profile sender behaviour will be very important."

For network addresses used to send email, Barracuda Spam Firewalls download black and white lists to efficiently differentiate those emails to be blocked or allowed with minimal processing.

Other network addresses in the 'grey area' are left for further analysis through nine subsequent spam and virus defence layers.