Connection scoring beats spam filtering

By Brian Livingston

A simple device that prevents spammers from delivering junk to your mail server outperforms complex spam filtering appliances costing up to seven times as much, according to tests by the Windows Secrets Newsletter.

If your company is suffering from onslaughts of spam, our tests indicate that this new approach can halt more than 99% of your unwanted flow without blocking legitimate e-mail. Best of all, the new technology does this without creating a large “quarantine” of suspected spam that you or your employees must manually comb through.

Significantly, the innovative device we tested has never been reviewed by any computer magazine, despite the fact that it’s been on sale for months. The reasons for this are an intriguing part of our story.

The little box that stops spammers

Deep six ds200 The antispam appliance that inspired our testing is the Deep Six Technologies Spamwall DS200 (photo, left). This little gizmo is only 5″ by 6″ and just 1″ deep (11 x 13 x 2 cm). You configure it to receive your e-mail before the messages hit your mail server. The device uses “connection scoring” to accept transmission attempts from legitimate senders and reject attempts from servers that are sending spam. We found it to be extremely accurate in making the distinction between spam senders and “ham” (legitimate) senders.

Since the DS200 is a hardware device that protects an e-mail server, it’s primarily useful to companies that operate their own servers. This includes most large businesses, of course. But also includes many small and medium businesses that have registered their own domain names, such as

Home users, who receive their e-mail via an Internet service provider, such as, may still see some benefit. The technology within the DS200 could easily improve these ISPs’ own spam rejection rates, helping their customers see less spam.

Testing against thousands of spams per day

To test Deep Six’s real-world performance, we invited major antispam appliance makers to send us whichever of their models they thought was the appropriate scale for small to medium businesses. We received units from all the invitees: Barracuda, Borderware, F-Secure, IronPort, and Network Box. The Deep Six DS200 unit we reviewed was provided by Tyrnstone Systems Inc., a small network consulting company in Seattle, Wash., that sells the device to the SMB market. Deep Six Technologies itself is an intellectual property development company in Tustin, Calif.

Invariably, the appliance vendors (other than Deep Six) sent us devices that combine antispam functions with a firewall, antivirus capabilities, or other features. I was assisted in running technical tests on the devices over a period of six weeks by Brent Scheffler, program director of We tested all devices only for their ability to reject spam and accept ham, for the following reasons.

An antispam appliance that also offers antivirus filtering is not in itself adequade to protect against internal virus infections. Viruses can enter a LAN via a roaming USB drive, a laptop brought in from the outside, and many other ways. For this reason, companies need to run antivirus software even if an antivirus appliance is in place. "We’re a perimeter-based device, we’re not providing host-based security," explained Scott Rosen, Network Box’s president for North America, in a telephone interview.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2006-01-26: