By Stas Bekman.
Published: May 15th 2006
Most Anti-SPAM solutions work as following: they accept the email, then analyse its contents, and then depending on whether that mail is thought of as a undesired email or not, it's either discarded (or put into a quarantine) or delivered to a user. A transparent SMTP proxy will not accept the message unless it passes its criteria. Let's discuss the advantages of this approach.
Once a conventional anti-spam product decides that the message
is a undesired email, it often bounces it (sends it back to whoever is
listed in the
From: header of the message). Most SPAM
emails arrive with forged headers, so in the best case nobody will
see the bounce. In the worst case it'll bounce to an innocent
person, whose address was used in a forged
header, who may not only have to spend their time dealing with it,
they may also get affected by a virus if such was present in the
original message. In fact, recently spammers started to use the
bounce technique to actually deliver spam, bypassing certain
filters, which won't test bounce messages. This sometimes creates
an effect of email bombing, since if your address is used in the
From: header, then suddenly you will start
receiving tons of bounces.
For many organisations once an email is received, it has to be stored for a long period of time (sometimes years). Discarding undesired email before it's received saves a lot of resources, disk space and everybody's time of course!. It also reduces the risk of virus propagation. From discussions with email system administrators, it's clear that not having a quarantine is a blessed feature.
Since conventional anti-spam products accept the email, the spammers will continue hammering the same email addresses, since they can't tell whether the message was delivered or not (they assume that it was successful). This is because the headers are usually forged, so they never see the bounces. A transparent SMTP proxy tells the spammers right away that they weren't successful at delivering their emails, so in theory they should have dropped those email addresses from their databases.
Legitimate users benefit from an immediate feedback provided by transparent SMTP proxies, since if for some reason the message wasn't delivered (e.g. their email was mistakenly classified as SPAM) - they don't have to guess and re-send their email multiply times, or even worse call the recipient to ask whether they have received their email. Here they know right away whether there was a problem. They can then contact support, to figure out what went wrong.
Transparent proxies are just that, transparent -- they are seen by the mail servers as an email gateway. Therefore they work with any already installed mail server (sendmail, qmail, exchange, postfix, etc.) So in the case you aren't happy with your mail server and you decide to switch horses, you can still use the same transparent proxy.
Certain transparent proxies implement connection management, ensuring that no matter how big is the spike coming from the outside (e.g. a virus outbreak or a DoS attack) the backend mail server will not receive more connections than it can handle, so the sysadmins can sleep soundly at nights and go safely hiking on the weekends.
Finally, some transparent proxies can implement throttling - where the certain SMTP connections are slowed down. Spammers usually quickly give up (since they need to deliver huge volumes of email), whereas legitimate senders don't mind to wait a few minutes. We find this solution to be more effective than grey listing, since it ensures a prompt email delivery, compared to the latter which may take up to 4 hours to deliver, badly affecting certain users. Throttling is hard to implement in the non-SMTP proxy solution, since each throttling connection holds up a usually heavy-weight process or thread, whereas a proxy can be implemented as a very efficient asynchronous IO solution which can juggle thousands of connections at once.
Here are some vendors whose solution is based on a trasnparent SMTP proxy (including open-source solutions):
Please notify me if you know of others.
I couldn't find any related 3rd party information on transparent SMTP proxies on the net (other than the vendor sites). So I wrote one for wikipedia If you know of any such resources, please let me know. Thank you!