Report on Remote Email Filtering
This research was compiled by George Kendall and Tom Lord of Aptivate,
and undertaken with financial support and guidance from the
International Network for the Availability of Scientific Publications
(INASP). 
It is published under a Creative Commons
License,
Attribution-NonCommercial-ShareAlike 2.5.
Table of Contents
Executive summary
- Many networks in the developing world suffer from overloaded connections, excessive numbers of unwanted emails, and from viruses and other malicious programs. This can result in a poor user experience and severely limit the usefulness of the internet to the organisation as a whole.
- Remote Email Filtering redirects email to a remote server where bandwidth is cheap, strips out unwanted emails, then passes valid emails to the local email server. This provides protection from spam without the need for extra work for overloaded system administration staff.
- Used in conjunction with other basic network management techniques, Remote Email Filtering is a cost effective way of increasing available bandwidth, and brings other network benefits such as protection from one source of viruses, and reduced load on the mail servers.
- Remote Email Filtering can make it significantly easier for an institution to provide a high quality local email service].
- Webmail is heavily used in many institutions. An email read via Webmail uses far more bandwidth than one read using the local service. If Webmail is blocked during working hours, this could result in a bandwidth saving of up to 20%.
- Remote Filtering used in conjunction with blocking Webmail, may result in a bandwidth saving of up to 30%.
- Many institutions in the developing world would get better value out of their existing networks by implementing Remote Email Filtering.
- There is an opportunity for a sustainable social enterprise providing a Remote Email Filtering service. Startup funding to set up the infrastructure for such a business could bring real benefit to institutions in the developing world in improving their access to resources on the web.
- There is limited data on how bandwidth is being used in developing world institutions. Funding for more research would help the planning of future initiatives to improve digital access in the developing world.
Context
Spam, or junk email, is a global problem that particularly affects the developing world, where bandwidth is far more expensive [2], mail servers are overloaded and trained staff less available. A high proportion of spam can be filtered out using local spam filtering software, however such software can be difficult to configure, and must be updated regularly to be effective. As a result, many institutions have limited protection from spam. Studies in the developed world [5] have concluded that spam causes a major loss in user productivity, with users wasting significant time manually deleting the spam from their incoming mail. Spam may lead to system instability and serious user dissatisfaction.
Some spam contains malware such as viruses, worms and trojans. Malware can cause major system problems, including overloading the network bandwidth as it propagates over the network, or launches attacks on other systems.
There can be many reasons why bandwidth is overloaded: as well as malware, and local email dominated by spam, users may be using the network for bandwidth intensive tasks unrelated to work, such as downloading music or using voice over IP chat programs. Where some attempts are made to control traffic, without a comprehensive strategy and ongoing implementation, any saving in bandwidth in one area may be swallowed up by unauthorised traffic in another.
It is common for users to have low confidence in the local mail service [1] and instead use Webmail providers such as Hotmail and Yahoo.[6] The most popular providers of Webmail include bandwidth-heavy graphics on their sites to display both advertising and the user interface. Webmail is often slow to use, and a very inefficient use of bandwidth. Despite this, users often prefer to use Webmail. Anecdotal evidence suggests that this is because they believe that Webmail is more likely to protect their data, and offers a better user experience.
There have been recent announcements of future initiatives which may improve bandwidth and mail services[3][4]. It is too early to say how effective these initiatives will be.
Remote Email Filtering
Remote Email Filtering involves directing an institution's incoming email to an external server situated in a country where bandwidth is relatively cheap. The external server filters out any spam, and only then are valid emails passed to the institution's local mail server. This means that the spam never reaches the local network, and does not use up any expensive local bandwidth. A Remote Filtering Service will also strip out most malware, such as viruses, from emails.
Remote Email Filtering Trials
To evaluate the effectiveness of Remote Email Filtering, we collaborated with Linux Based Systems Design (LBSD), which provides a Remote Email Filtering service. Data on the use of Remote Filtering was gathered for two African educational establishments. Data about bandwidth usage was gathered for reference from two more academic institutions, one in Africa, one in Europe. As some of the institutions providing data did not wish to be named, the three academic institutions in Africa that provided data are referred to as Institution A, B and C.
The Remote Email Filtering trials showed that 95% of incoming SMTP email was filtered out for Institution A and 59% for Institution B. This is similar to Cambridge University in the UK, which filters out 93% of its email as spam. The data for Institution A is consistent with figures for spam quoted in the industry [1]. The local email server is not a heavy user of bandwidth, as email does not usually contain large graphical images or attachments. The bandwidth saved will be limited, but, because of the high cost of bandwidth in the developing world, the saving is likely to be worthwhile [7].
To estimate the likely bandwidth saving of Remote Email Filtering, we obtained more network statistics from Institution A, Institution C, and Cambridge University in the UK.
The following calculations are based on a notional cost for incoming bandwidth of $3000 per month for a one mbps connection [2].
| Institution | Available bandwidth | Average % used for local email | Bandwidth used for local email | Monthly cost of bandwidth used for local email |
|---|---|---|---|---|
| Institution A | 7680kbps | 2% | 154 kbps | $460 |
| Institution C | 3072kbps | 13% | 400 kbps | $1198 |
| Cambridge University | 300,000kbps+ | 0.7% | 1,800 kbps | - |
Institution A
Institution A is an African university with over 10,000 students. In trials over a one month period on one of the institution's servers, Remote Filtering rejected 95% of inbound email, with 8032 MB processed, 7663 MB rejected, and 369 MB delivered. (See Appendices A and C below)
Institution B
Institution B is a small educational institution in Africa. In trials over a one month period, Remote Filtering rejected 59% of inbound email, with 150MB processed, 89MB rejected, and 61MB delivered. (See Appendix B below)
Cambridge University
Cambridge University is a university based in the UK with 25,000 students. It uses approximately 0.7% of its bandwidth for incoming mail, around 1800 kbps. Of this, approximately 92.5% is rejected as spam, with only about 133 kbps used for genuine mail that is passed to the users.
Institution C
Institution C is an African university with over 3,000 students. While there was no trial at Institution C, statistics were provided for the proportion of their bandwidth used by the local server. At Institution C, 390 kbps of incoming bandwidth is used for email, which represents 13% of the total incoming bandwidth available.
Institution C is very different from institutions A & B, in that it blocks access to Webmail services of Yahoo and Hotmail during office hours (8am-5pm Mon-Fri). They estimate this resulted in a 20% reduction in total bandwidth use.
Blocking Webmail
In our experience, a high proportion of users in African Universities use Webmail services like Yahoo and Hotmail instead of the local mail servers[6]. Webmail involves downloading HTML, scripts, and graphics, as well as the text message itself, so it uses much more bandwidth than the local email server.
Institution C's policy of blocking Webmail during office hours, has forced their users to switch to the local email service. This led to a considerable increase in email usage on the local servers, including spam previously blocked by the Webmail filters. Whereas email at Institution A used 2% of the available bandwidth, Institution C used 13%.
Webmail involves downloading numerous bandwidth-heavy graphical images, so the reduction of 20% in bandwidth use is as expected.
If Remote Filtering were also applied to reduce the 13% of bandwidth used for email by Institution C, the combined benefits would probably be around 30%.
Using a cost of $3000 per month for a one mbps connection [2], a 20% saving on a 3072kbps connection of Institution C would be worth about $1800 per month, and a 30% saving worth over $2700 per month.
Benefits of Remote Email Filtering in comparison to local email filtering
- In a mail service where there is significant use of Webmail, Remote Email Filtering is likely to result in modest bandwidth savings of around 2%. However, where bandwidth is limited and expensive, this saving is still valuable.
- During working hours, mail tends to use between 4% and 6% of bandwidth capacity (see Appendix C), so during these hours the bandwidth savings from Remote Email Filtering will be higher.
- In an institution where there is a low usage of Webmail, we would expect the bandwidth savings from Remote Filtering to be significant, perhaps 10%.
- Remote Filtering is comparatively simple to set up, places no extra load on local servers, and requires no administrator time to maintain.
- False positives are valid emails which are incorrectly rejected by the filter. A professional Remote Email Filtering service should offer a level of false positives as low as, or lower than, local alternatives.
- Remote Filtering can be as cheap or cheaper than the licensing for commercial spam filtering software. While there is free software available, it is harder to configure and so may be less effective.
Benefits of Remote Email Filtering in comparison to no email filtering
Given that many institutions may not have the technical awareness, training or time required to implement and maintain a high quality local filtering service, Remote Email Filtering may often be the only alternative to no filtering at all. In this case, Remote Filtering will also:- protect the local network from a major source of viruses and other malware. (Note: Spam is not the only way viruses can be introduced. We strongly recommend that virus protection should be installed on local PCs, especially Windows PCs).
- result in a better user experience for local mail through a reduction in spam. This in turn will help to make local email services a viable alternative to Webmail for users. A local mail system will give users email addresses of the form: user@institution.ac.tg which will present a more professional image externally, and may raise expectations of quality within the organisation.
Drawbacks of Remote Email Filtering
- The primary disadvantage of Remote Filtering is where whitelisting, or the ability to tell the filter to always allow emails from a known account, is unavailable for Remote Filtering. By comparison, a local mail server implementing spam filtering can be configured to allow all email from a given address to be accepted. Anecdotal evidence indicates that where whitelisting is available, users will often not use it, so this may not be an important factor for many institutions. With the service we were testing, whitelisting was not available, however this may change in the near future.
- Rejected email is not locally stored, and so is unavailable for recovery if a user thinks that they are not receiving mails that they should be through the filter. Again, as false positives as not seen as a problem, this may not be a major drawback.
- The cost should be less than the value of the bandwidth freed up. However, it will still be necessary to find funds to pay for the service in addition to the funds already required to pay for the existing bandwidth.
- can be as cheap or cheaper than the licensing for commercial spam filtering, especially for software from proprietary institutions. Our provisional inquiries indicate that prices for Remote Email Filtering could be in the range of $75 to $150 for an average of 180kbps of email filtered[7].
Conclusions
1. It is important that an institution filters email for spam either locally or remotely, in order to deliver a good user experience for the local email service, and to reduce the risk of malware such as viruses being introduced to the network through email. From a user experience point of view, this becomes more important if an institution has blocked or is considering blocking Webmail, as without filtering, users will then be forced to use a spam-ridden local service.
2. Remote Email Filtering can save between 2% and 10% of an institution's bandwidth depending on the ratio of Webmail use to local mail service use. In poorer countries where bandwidth is expensive, the potential value of the bandwidth saved by Remote Email Filtering is between three and six times of the estimated cost of filtering, so an efficient approach to purchasing bandwidth for an institution would be to budget for Remote Email Filtering at the same time.
3. Remote Email Filtering will have most effect on bandwidth when all Webmail usage is blocked and users are forced to use local mail services. The combined effect of Webmail blocking and Remote Email Filtering could be a saving of 30% of an institution's bandwidth. However, even if Webmail is not blocked, spam filtering will improve the user experience on the local email service and may increase voluntary usage of this service as opposed to Webmail, which will have corresponding bandwidth savings.
4. Bandwidth saving strategies such as Remote Email Filtering are only fully useful as part of a coordinated effort on the part of an institution to manage its bandwidth. More bandwidth will be made available to carry out institutional activities such as education and research, as long as other basic network management strategies, such as comprehensive virus protection and network usage policies, are in place. If these management strategies are not in place then bandwidth saving may result in more bandwidth available to carry out institutional activities, however the gains will not be secure.
5. An institution may wish to filter email locally instead of remotely if:
- a licensed local solution already exists, along with trained staff with the time and expertise to implement and maintain it;
- the extra bandwidth costs of processing spam locally are not a concern;
- there is a perception that whitelisting is important and can only be implemented locally.
Otherwise, in any institution where bandwidth is expensive, or skilled administrator time is a scarce commodity, Remote Email Filtering should be considered by network administrators and policy makers. It offers cost effective bandwidth saving, better user experience, and reduced risk of malware affecting the network, with minimal administrative overhead and no increased load on local servers.
6. The benefits of Remote Email Filtering other than bandwidth saving are listed, but not quantified, in this report. Our wider conclusions are based on a limited dataset, and our observations while working with network administrators on projects in the field. As noted above, initiatives such as Remote Email Filtering have a part to play in a wider context of network management. There is a great deal more to be understood about network management and bandwidth usage in the developing world. Funding for further research involving more data points and addressing different aspects of network management would help to give a broader understanding of the situation, and would inform other initiatives that are working to improve internet access.
7.We believe there is the opportunity for a social enterprise to sustainably provide Remote Email Filtering for educational and other non-profit institutions in the developing world. We are currently investigating the possibility of helping to set up such an enterprise.
References
[#1] References to proportion of email which is spam.
- MAAWG estimates that 80-85% of incoming mail is "abusive email"
- Spokesman for Postini quoted on BBC on-line "92.6% of all e-mail messages are spam. That's the highest it's ever been"
[#2] In one of our partners in the developing world, a satellite link of 1 mbps up and 2 mbps down costs $14,000 per month. A Terrestrial link of 0.5 mbps up and 5.5 mbps down costs $18,000 per month. This is far greater than equivalent costs in developed economies. For the purposes of the estimates in this report, we have taken a notional cost of $3000 mbps per month, but this may be an underestimate for many countries.
[#3] Google's initiative The recent offer by Google to provide free net services to some African universities could be significant. We do not yet have the details of how this will be implemented, and how well it will work in an environment with a slow bandwidth connection.
[#4] Initiatives to reduce bandwidth costs There are a number of current initiatives to improve the provision of email in the developing world. World Bank aid to reduce bandwidth costs in parts of Africa may reduce the prices, but they are likely to remain high compared to the developed world.
[#5] University of Maryland estimated that spam cost 2.8 minutes per use per day, with a total cost in lost productivity of $22 billion per year.
[#6] In an analysis we conducted in April 2007, of a mailing list mostly consisting of senior educationalists from the developing world, out of 379 addresses provided, 136 were Yahoo or Hotmail addresses. These were senior figures within their institutions, and even in that group, many chose not to use the addresses provided by their own institutions.
[#7] Our provisional enquiries indicate that charges for Remote Filtering are in the range of $75 to $150 per month for an average of 180 kbps of email filtered. Using the latest estimates of Postini, that spam makes up 92% of email, 180 kbps of email traffic would reduce to 15 kbps when filtered. Assuming that 1 mbps costs $3000/month, the 165 kbps saving represents bandwidth to the value of $495 per month, in return for a $75-$150 investment. It appears that Farside offers a very cost effective way to save bandwidth.
Glossary
bandwidth
The amount of information or data that can be sent over a network connection in a given period of time.bit
A bit is a binary digit, taking the value of 0 or 1.byte
A byte is 8 bits.kB
Kilobyte. A Kilobyte is 1000 bytes.kbps
Kilobits per second. A kilobit per second is 1000 bits per second.local mail
Mail sent between users of the same local mail service. This mail does not use external bandwidth.local mail service
A mail service provided by a server within the local network.malware
Malicious programs such as viruses that can be spread by email and can cause major network and/or system problems.MB
Megabyte. A megabyte is 1000 kilobytes.mbps
Megabits per second. A megabit per second is 1000 kilobits per second.SMTP
A protocol used to transfer e-mail messages across the internet between servers.spam
Unwanted, unsolicited email. Without a spam filter, users will often be inundated with unwanted mail, which can make a mail service unusable. Spam is also a common source of malware, and can produce large quantities of mail traffic which may undermine system stability.webmail
A mail service accessed via a web browser. The most common providers are Yahoo, Hotmail and Google.whitelisting
A whitelist is a list of e-mail addresses or domain names from which an e-mail filtering program will allow messages to be received. This will ensure that all emails from that email address are received, and will not be mistakenly filtered out by the spam filters.APPENDIX A
Report for antivirus & antispam service for Institution A
(provided by LBSD)+-------------------------------------------------------------------+ | B l a c k l i s t R e p o r t | +-----------------------------------------+------------+------------+ | Blacklist | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | safe.dnsbl.sorbs.net | 71.06 | 45.70 | | sbl-xbl.spamhaus.org | 27.68 | 17.80 | | list.dsbl.org | 0.73 | 0.47 | | dnsbl.njabl.org | 0.48 | 0.31 | | rhsbl.sorbs.net | 0.02 | 0.02 | | l1.spews.dnsbl.sorbs.net | 0.02 | 0.01 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 64.31 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | P o l i c y R e j e c t i o n R e p o r t | +-----------------------------------------+------------+------------+ | Reason | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | Forged/Abusive Helo | 77.95 | 0.28 | | Quota Exception | 22.05 | 0.08 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 0.36 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | R e c i p i e n t R e j e c t i o n R e p o r t | +------------------------------------------------------+------------+ | Reason | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | Domain not found | 100.00 | 0.00 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 0.00 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | S e n d e r R e j e c t i o n R e p o r t | +------------------------------------------------------+------------+ | Reason | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | Domain not found | 51.57 | 3.02 | | SPF | 47.99 | 2.81 | | need fully-qualified address | 0.19 | 0.01 | | The%email%from%(s)%using%SMTP%server% | 0.10 | 0.01 | | SPF%rules%not%matched%20%<monroghon@r | 0.04 | 0.00 | | Sender%is%not%authorized%to%send%mail | 0.04 | 0.00 | | Not%authorized%to%send%mail%for%patte | 0.02 | 0.00 | | %(t)%20-%Receiving%MTA%(you):%(r)%[%( | 0.01 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | | The%email%from%(s)%using%SMTP%server% | 0.00 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | | see%http://www.proweb.net/spf.php?sen | 0.00 | 0.00 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 5.85 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | H e l o R e j e c t i o n R e p o r t | +------------------------------------------------------+------------+ | Reason | Efficiency | % Blocked | +------------------------------------------------------+------------+ | need fully-qualified hostname | 96.89 | 24.12 | | Invalid name | 3.11 | 0.77 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 24.89 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | S P A M D e t e c t i o n R e p o r t | +-------------------------------------------------------------------+ | Top 10 High Scores | +-------------------------------------------------------------------+ | 43.55 | | 40.84 | | 40.65 | | 40.09 | | 39.87 | | 39.44 | | 39.34 | | 38.77 | | 38.65 | | 37.87 | | 37.71 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 0.35 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | V i r u s D e t e c t i o n R e p o r t | +--------------------------------------------------+----------------+ | Top 10 Viruses | % of Viruses | +--------------------------------------------------+----------------+ | Encrypted.Zip | 40.62 | | Worm.Bagle.GV | 9.38 | | Trojan.Downloader.Tibs.Gen | 7.81 | | Trojan.Downloader-753 | 4.69 | | Trojan.Downloader-648 | 3.12 | | Trojan.Downloader.Tibs.Gen-2 | 3.12 | | Trojan.Downloader-656 | 3.12 | | Trojan.Downloader-1297 | 3.12 | | Trojan.Downloader-747 | 3.12 | | Trojan.Downloader.Tibs.Gen-1 | 3.12 | | Trojan.Downloader-758 | 1.56 | +--------------------------------------------------+----------------+ | % of total mail blocked | 0.02 | +--------------------------------------------------+----------------+ +-------------------------------------------------------------------+ | R e j e c t i o n S u m m a r y | +-----------------------------------------+-------------+------------+ | Technique | Efficiency | % Blocked | +-----------------------------------------+-------------+------------+ | Blacklists | 67.40 | 64.31 | | Helo Rejection | 26.09 | 24.89 | | Sender Rejection | 6.13 | 5.85 | | SPAM Detection | 0.36 | 0.35 | | Auto-Blacklist - Forged/Abusive Helo | 0.29 | 0.28 | | Auto-Blacklist - Quota Exception | 0.08 | 0.08 | | Virus Detection | 0.02 | 0.02 | | Relay Rejection | 0.00 | 0.00 | | Recipient Rejection | 0.00 | 0.00 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 95.41 | +------------------------------------------------------+------------+ 95.41% of all inbound email rejected. Here is a rough breakdown. The above may be a little off because of rounding & adding up %'s. Number rejected by policy blacklisting: 1050 Number rejected by quota policy: 297 Number rejected due to blacklisting: 240441 Number rejected due to recipient rejection: 3 Number rejected due to sender rejection: 21863 Number rejected due to helo rejection: 93060 Number rejected due to relaying rejection: 4 Total emails processed: 373865 Total emails rejected: 356718 Average email size is 22kB. That makes it 8032MB of mail processed. 7663MB rejected. 369MB delivered.
APPENDIX B
Report for antivirus & antispam service for Institution B
(provided by LBSD)+-------------------------------------------------------------------+ | B l a c k l i s t R e p o r t | +-----------------------------------------+------------+------------+ | Blacklist | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | dnsbl.sorbs.net | 68.74 | 17.25 | | sbl-xbl.spamhaus.org | 29.85 | 7.49 | | dnsbl.njabl.org | 0.67 | 0.17 | | list.dsbl.org | 0.51 | 0.13 | | rhsbl.sorbs.net | 0.11 | 0.03 | | l1.spews.dnsbl.sorbs.net | 0.11 | 0.03 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 25.10 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | P o l i c y R e j e c t i o n R e p o r t | +-----------------------------------------+------------+------------+ | Reason | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | Forged/Abusive Helo | 100.00 | 0.20 | | Quota Exception | 0.00 | 0.00 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 0.20 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | R e c i p i e n t R e j e c t i o n R e p o r t | +------------------------------------------------------+------------+ | Reason | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ +-----------------------------------------+------------+------------+ | % of total mail blocked | 0.00 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | S e n d e r R e j e c t i o n R e p o r t | +------------------------------------------------------+------------+ | Reason | Efficiency | % Blocked | +-----------------------------------------+------------+------------+ | Domain not found | 85.94 | 7.75 | | SPF | 13.91 | 1.25 | | need fully-qualified address | 0.16 | 0.01 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 9.01 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | H e l o R e j e c t i o n R e p o r t | +------------------------------------------------------+------------+ | Reason | Efficiency | % Blocked | +------------------------------------------------------+------------+ | need fully-qualified hostname | 96.69 | 23.01 | | Invalid name | 3.31 | 0.79 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 23.80 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | S P A M D e t e c t i o n R e p o r t | +-------------------------------------------------------------------+ | Top 10 High Scores | +-------------------------------------------------------------------+ | 26.47 | | 23.54 | | 17.37 | | 16.90 | | 15.38 | | 15.24 | | 15.21 | | 14.93 | | 14.81 | | 14.75 | | 13.58 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 0.68 | +------------------------------------------------------+------------+ +-------------------------------------------------------------------+ | V i r u s D e t e c t i o n R e p o r t | +--------------------------------------------------+----------------+ | Top 10 Viruses | % of Viruses | +--------------------------------------------------+----------------+ | Trojan.Downloader-648 | 20.59 | | Worm.Bagle.GV | 14.71 | | Trojan.Downloader.Tibs.Gen-2 | 8.82 | | Trojan.Downloader-1297 | 8.82 | | Trojan.Downloader-657 | 5.88 | | Trojan.Downloader.Tibs.Gen | 5.88 | | Trojan.Downloader-647 | 5.88 | | Trojan.Downloader-747 | 5.88 | | Trojan.Downloader-753 | 2.94 | | Trojan.Downloader-1381 | 2.94 | | Trojan.Downloader-669 | 2.94 | +--------------------------------------------------+----------------+ | % of total mail blocked | 0.48 | +--------------------------------------------------+----------------+ +-------------------------------------------------------------------+ | R e j e c t i o n S u m m a r y | +-----------------------------------------+-------------+------------+ | Technique | Efficiency | % Blocked | +-----------------------------------------+-------------+------------+ | Blacklists | 42.86 | 25.10 | | Helo Rejection | 40.64 | 23.80 | | Sender Rejection | 15.39 | 9.01 | | SPAM Detection | 1.15 | 0.68 | | Virus Detection | 0.82 | 0.48 | | Relay Rejection | 0.77 | 0.45 | | Auto-Blacklist - Forged/Abusive Helo | 0.34 | 0.20 | | Recipient Rejection | 0.00 | 0.00 | | Auto-Blacklist - Quota Exception | 0.00 | 0.00 | +-----------------------------------------+------------+------------+ | % of total mail blocked | 58.56 | +------------------------------------------------------+------------+ 58.56% of all inbound email rejected. Due to rounding errors, the above figures may have small discrepencies. Number rejected by policy blacklisting: 14 Number rejected by quota policy: 0 Number rejected due to blacklisting: 1782 Number rejected due to recipient rejection: 0 Number rejected due to sender rejection: 640 Number rejected due to helo rejection: 1690 Number rejected due to relaying rejection: 32 Total emails processed: 7101 Total emails rejected: 4158 Average email size is 22kb. That makes it 150Mb of mail processed. 89Mb rejected. 61Mb delivered.
APPENDIX C
Institution A
Bandwidth Utilization with Peaks Report for Class /Inbound/…/SMTP
The above graph shows inbound email into the mail server for Institution A. The peaks in traffic in blue are for very short-term intervals, where a multi-megabyte attachment to an email may take up most of the bandwidth for a few seconds. The red line represent use over two hour intervals. They show incoming email taking an average of 2% of the available inbound bandwidth, with a peak of 6%.