Test Report September 2007

Netcore's Emergic
CleanMail Service
Anti-Spam Technology Report
Netcore's Emergic CleanMail Service

Vendor Details

Name: NetCore Solutions Pvt Ltd.

Address: 402, Peninsula Chambers, Peninsula Corporate Park , Ganpat
Rao Kadam Marg, Lower Parel (West), Mumbai 400 013,India.  
Website: www.netcore.co.in
Product: Emergic CleanMail Service

Test Laboratory Details

Name: West Coast Labs, Unit 9 Oak Tree Court, Mulberry Drive
Cardiff Gate Business Park, Cardiff, CF23 8RS, UK
Telephone: +44 (0) 29 2054 8400 

Date: June 2007

Issue: 1.0
Author: M. Garrad

Contact Point

Contact name: M. Garrad

Contact telephone number: +44 (0) 29 2054 8400

Anti-Spam Technology Report www.westcoastlabs.com 2

Netcore's Emergic CleanMail Service

Contents

Introduction 4

Test Network 6

Test Methodology 7

Product Test Reporting 8

Checkmark Certification 9

The Product 10

Test Report 11

Test Results 17

West Coast Labs Conclusion 18

Security Features Buyers Guide 19

Anti-Spam Technology Report www.westcoastlabs.com 3

Netcore's Emergic CleanMail Service

Introduction

The ever evolving spam threat

“Two years from now, spam will be solved.” Bill Gates – Jan. 2004
At the beginning of 2004, Bill Gates was addressing the World Economic
Forum in Switzerland and confidently predicted that “Two years from now,
spam will be solved.” Sadly his prophecy has proved somewhat wide of the
mark as reports continue to emerge about the size of the problem.

The latter half of 2006 saw an unprecedented rise in spam volumes with
SurfControl reporting a 50% increase in spam over the previous half year,
and spam now accounting for almost 90% of all email traffic on the Internet.

The nature of spam has also changed. In 2004 spam content was
dominated by pornography, Viagra sales and the infamous “Nigerian
scam” advance-fee fraud spam. Those types of spam are very much still
with us but have been added to by phishing attacks, “Pump-and-Dump”
scams (which involve artificially inflating the price of a stock in order to
make a quick profit on stock previously purchased cheaply) and spam
that tricks users into following URL links to web sites that download malicious
code that will compromise their machines.

The methods used by spammers to launch their attacks have also

transformed over time. The vast majority of unsolicited email is now being
sent via vast armies of infected PCs known as botnets – often these are
the machines of home users who are unaware that they are part of the
problem.

This distributed system approach is making it more difficult to separate out

spam emails based upon simple network-based criteria, and so companies
providing anti-spam technologies are having to provide more intelligent
filtering solutions.

Anti-Spam Technology Report www.westcoastlabs.com 4

Netcore's Emergic CleanMail Service

In a recent interview, Dr Richard Cullen, distinguished engineer at

SurfControl said, “The threat landscape has changed dramatically over
the past couple of years. Malware attacks are now commercial ventures,
with well organized cybercrime gangs harnessing the power of vast botnet
armies to launch spam, phishing, DDOS and malware attacks.”

The spammers are also always trying to find new ways of bypassing anti-
spam defenses. One such technique that is on the increase is image spam
– emails with images containing the spammer’s messages within random
text designed to foil less sophisticated spam filters. Peter Firstbrook, security
research director for Gartner, has reported that image spam went from 6
percent of all spam in Q3 of 2006 to 30 percent by Q4, and it is now thought
to make up almost 40% of all spam.

Apart from being harder to block, image spam also causes knock-on
problems because the spam messages are actually larger than simple
text messages. According to some reports, the average size of a spam
message has increased by 77% since September last year, from 6.62Kbytes
to 11.76K) and continues steadily to grow. This adds to the cost of managing
email, it wastes bandwidth and also consumes storage if a company needs
to archive all incoming mail.

And according to the New York Times security columnist John Markoff, one
recent botnet outbreak managed to consume 15% of Yahoo’s resources
while searching for random pieces of text to pad out such image-based
messages.

As a result, anti-spam vendors are now having to adapt to this new threat
by both enhancing existing techniques such as heuristics rules to analyze
the characteristics of image-based spam, and by adding new technology
layers, such as optical character recognition technologies. Where will it all
end?

Anti-Spam Technology Report www.westcoastlabs.com 5

Netcore's Emergic CleanMail Service

Test Network

WCL has a number of domains that collect genuine spam. These

domains receive varying levels of spam and are consistent with
different email environments.

To reflect the email usage within a corporate environment, within each

domain are a number of designated user accounts with a variety of
email practices and needs including some that are subscribed to a
variety of newsgroups and mailing lists. Some user accounts actively
contribute to mailing lists.

The multiple domains designated for testing purposes were those that,
between them, receive spam at a level consistent with the defined
requirements of testing.

Software solutions included in the test program were installed on

servers that meet the minimum specifications required by the vendor.
Appliance-based solutions were installed on the network according to
the vendor’s recommended placing.

For hosted services, WCL testes through identified email domains and
changed the MX records to divert the mail stream through the hosted
service.

Anti-Spam Technology Report www.westcoastlabs.com 6

Netcore's Emergic CleanMail Service

Test Methodology

WCL initially performed the testing with an “out-of-the-box”

configuration, changing only those settings on the solution needed
to ensure correct operation inline with the vendors recommended
installation and configuration procedures.

Further testing was then be performed at following the vendor’s

advice for the tuning or training of the solution under test. WCL fine-
tuned the solution each day of the test, spending no more than half an
hour per day undertaking such work.

Throughout the course of testing, a mixture of email was be sent to the

test domains from other email addresses and domains controlled by
WCL to mirror genuine email activity common in business, for example
requesting meetings, sending notifications to groups and non-business
related social emails.

Emails were also be sent from web-based accounts such as Hotmail

and Google’s Gmail in order to simulate external users sending non-
business related social emails, and home workers.

Thus, during the testing period the domains received some spam,
some list/newsgroup mailings and “genuine” individual emails.

Anti-Spam Technology Report www.westcoastlabs.com 7

Netcore's Emergic CleanMail Service

Product Test Reporting

Product evaluation addresses three specific areas* - Management/

Administration, Functionality, Performance plus Additional Feature
Testing.

1. Management/Administration
• Ease of Setup/Installation • Rule creation
• Ease of Use • Customization
• Logging and reporting function • Content Categories

2. Functionality
• Email Processing Steps • Steps to Process Email
• Allow/Blocking of Email • Block Email Addresses
• Quarantine Area • Blacklist/Whitelist
• Additional functionality • Allow Email Addresses
reporting

3. Performance
• Volume or Percentage of spam • Legitimate mail blocked
detected • Legitimate subscription mail
• False positive rate blocked
• Spam incorrectly passed
through

Anti-Spam Technology Report www.westcoastlabs.com 8

Netcore's Emergic CleanMail Service

Checkmark Certification

Upon completion of the testing, individual product

results are analyzed, resulting in accreditation to one
of the two Checkmark Certifications for Anti-Spam
subject to achieving the following catch rates:-

• Checkmark Anti-Spam Certification

Premium – 97% and over Catch Rate

• Checkmark Anti-Spam Certification

Standard – 90% and over Catch Rate

Anti-Spam Technology Report www.westcoastlabs.com 9

Netcore's Emergic CleanMail Service

The Product

Introduction

Emergic CleanMail Service, referred to as ECM, from NetCore is a

managed service providing companies with powerful and well-
performing antispam protection. As with all managed services, this
solution will best suit those companies looking to outsource certain
aspects of IT security, or to reduce the workload of IT Administrators or
Network Teams.

Anti-Spam Technology Report www.westcoastlabs.com 10

Netcore's Emergic CleanMail Service

Installation and Configuration

As this is a managed service, configuration is mostly carried out by the
technical teams at NetCore. The procedure for a new client is simple
and straightforward - the administrator need only provide them with
basic networking information, such as domain and a target collection
server, and the rest is taken care of. NetCore engineers then inform the
administrator, via email, when the service is ready to be used.

Included within this email are the login details such as address,
username, and password for the SSL-encrypted web-based interface.
From this interface the administrator is able to further interact with the
service.

Anti-Spam Technology Report www.westcoastlabs.com 2

Netcore's Emergic CleanMail Service

Operations and Features

Once logged in, the administrator is presented with a clear and

concise interface that provides a quick learning curve thanks to the
well-designed and intuitive layout. By reducing the time needed
to become familiar with the solution, the administrator can almost
immediately begin customizing the ECM solution.

The interface contains menu

links for the various categories
and sub-categories along the
top, with page content being
displayed within the main
area of the screen just below.
By default, the administrator
is directed to the Reports
category, whilst other
options include Administer,
Settings, and Logout. Each
major menu category
contains several further
sub-categories, providing a
rich source of configuration
options and report types.

Once the engineers at NetCore have carried out the initial setup,
the administrator is free to further customize the service through the
use of these option categories. This customization includes the setup
of Dictionary Checks, as well as the provision of Black and Whitelists
for both domain names and IP addresses. Black and White Lists of
users add additional filtering options so that so that any emails not

Anti-Spam Technology Report www.westcoastlabs.com 12

Netcore's Emergic CleanMail Service

specifically addressed to one of the users are either automatically

blocked or allowed.

The setup of Dictionary Checks allows the administrator to help control

one of the most common features found upon first implementing an
antispam solution – false positives. To give an example, a medical
research company using ECM may enter the word “Viagra” as
acceptable, a term that may otherwise cause a work-related email to
be blocked. This flexibility demonstrates the amount of careful thought
and planning that Netcore have put into making this solution a good fit
for all types of business.

Although configuration of the service is quick and easy, any queries

can also be quickly resolved due to the provision of a structured and
informative Administrators Guide along with descriptive text on each
of the option pages inside the interface. Any changes made to the
configuration are adopted almost instantly, thus ensuring that the
service constantly meets the demands of NetCore’s clients.

For further ease

of use, ECM has
three levels of
scanning that
employ different
options within
the solution to
varying degrees.
The administrator can quickly switch between these three levels to
best suit the requirements of the client company. These three levels
are Aggressive, Mild, and Simple - allowing a fire-and-forget method
of setting up the solution to those administrators not wishing to deviate

Anti-Spam Technology Report www.westcoastlabs.com 13

Netcore's Emergic CleanMail Service

from any of the default settings, or working with time constraints.

When handling those messages defined as Spam, NetCore defaults to

delivering the messages with a prepended “Spam” tag in the subject
line. Should any messages be blocked before they reach a user's
inbox, the administrator may view details of each message including
the sender address, subject line, and the date of receipt.

Anti-Spam Technology Report www.westcoastlabs.com 14

Netcore's Emergic CleanMail Service

Reporting

The Reports section, the default page presented at login, provides

data for all the messages processed by ECM. This information is
displayed in various charts and tables, providing an extensive statistical
breakdown that will please even the most analytical of administrators.

Contained within the Reports section are eleven individual report

subcategories, each displaying their data in with standardised
formatting allowing for instant familiarity with the layout of the data.

Counts are kept

for the number
of blocked,
delivered,
and bounced
messages, along
with the total file
size of the data
that has been
transferred. Each type of message is easily distinguished and this can
serve to further enhance the administrator’s understanding of the
client company’s mail profile and raise their ability to assess the level of
both genuine and Spam mail being received by the company.

Some of the report pages offer drill-down options to enable deeper

analysis of the data. For example, the value next to the RBL Blocked
Messages category on the Usage Reports screen is a hyperlink, and
clicking on this link displays further information relating to messages
blocked by the Real-time Blackhole Lists.

Anti-Spam Technology Report www.westcoastlabs.com 15

Netcore's Emergic CleanMail Service

One of the key features of ECM is Netcore’s Spam Digest technology.

Spam Digest allows users to view a summary of blocked messages
that were originally intended for them and have been stopped by the
system. If an administrator wishes, the user can also be provided with a
link to their private quarantine area so that any genuine messages can
be released. Such user interaction releases a burden on Administrators
and Support Teams who might otherwise be required to spend time
researching whether the message is genuine or not, and then releasing
the message to the user.

To ease the setup of this

function, a pre-existing list
of user’s addresses may
be uploaded directly to
the ECM interface. The
administrator may then
choose the frequency
with which the digest
should be sent, selecting
between either Daily or
Weekly.

For those administrators

wishing to take copies or backups of report data, ECM provides a
link to a printer friendly version of the report, along with a link for a
downloadable version.

Anti-Spam Technology Report www.westcoastlabs.com 16

Netcore's Emergic CleanMail Service

Results

Type of Mail Detected as Genuine Detected as Spam

GENUINE 100% 0%
SPAM 1% 99%

Emergic CleanMail Service performed well from the outset, delivering

100% of the genuine mail correctly and correctly classifying 99% of the
Spam mail.

It is also worth noting that Emergic CleanMail Service delivers a good

proportion of grey and list mail as genuine. This gives an organisation
the flexibility and opportunity to define policies that prevent messages
being blocked that could potentially be business critical.

Based on the results above, West Coast Labs is pleased to award

the Emergic CleanMail Service, the Checkmark Anti-Spam Premium
certification.

Anti-Spam Technology Report www.westcoastlabs.com 17

Netcore's Emergic CleanMail Service

Conclusion

Emergic CleanMail from NetCore is a feature-rich and flexible service,

providing for companies up to enterprise level with a multi-layered
defense against Spam. This solution is ideal for those companies serious
about removing Spam, or for any supplier offering a security service who
wishes to add a well-established and highly performing Spam solution.

During testing the blocking, tagging, and quarantining of Spam provided

an effective method of targeting, recognising, and removing Spam from
the end user’s inboxes. This is enhanced by the customization options
provided to the administrator via the interface.

Reports are both detailed and wide-ranging and provide an excellent

overview of both incoming and outgoing email traffic. Administrators
under pressure should find the provision of the Spam Digest a particularly
useful feature as it can potentially reduce some of the processing time
overheads.

From the outset of testing, ECM performed exceptionally well. Within

a very short time, the solution had attained the Premium level of
certification and continued to improve throughout the duration of the
test period. This is due in no small part, to the method with which samples
are submitted and processed by NetCore, and also the ability of the
company to feed samples from each of their customers into a central
solution to enhance coverage for all of their customers.

Overall the ECM service handled both Spam and genuine mail in a highly
efficient manner, successfully scanning all incoming mail for Spam with
minimal impact on the delivery of genuine mail. NetCore is the first Indian
Company to get Checkmark certification on Hosted Anti-Spam Service.

Anti-Spam Technology Report www.westcoastlabs.com 18

Netcore's Emergic CleanMail Service

Security Features Buyers Guide

 
Emergic CleanMail provides multi-layered email protection against Spam
and Virus and facilitates enhanced, secure messaging performance.
E-mail borne threats are eliminated right at the Internet level, much
before they even touch the corporate network resulting in increased
productivity, irregular bandwidth and lost of data.
Backed by a 24x7 active response team with continuous real time
database updates and detailed reports, CleanMail ensures 100% virus
protection and 99% spam protection
www.cleanmail.in
 
Business Benefits….as stated by NetCore
• Eliminates threats and quarantines spam at Internet level, saving
connectivity and storage costs.
• Emergic CleanMail(ECM) Service leverages the benefit of Managed
Services model and saves time and money wasted in procurement of
hardware, software, implementation and management of a In-housed
solution.
• Extensive reporting system provides organizations a complete update
on their ROI.
• Low Total Cost Of Ownership.
• Increased Employee Productivity by eliminating spam
• Leverage Mangaed Service Providers investment in HA environment
assuring you a 24x7 uninterrupted service.
• Per user revenue and service model, makes costs of expansion
controllable and predictable.
• CleanMail is Business ready, the model can be easily used to resell and
co-brand without any additional effort.

http://www.cleanmail.in/features-benefit.html

Anti-Spam Technology Report www.westcoastlabs.com 19

Netcore's Emergic CleanMail Service

Technical Benefits….as stated by NetCore

• Multilayered spam blocking produces the industry's lowest false-positive
rate while blocking as much as 99% of all inbound spam
• Domain & User level Quarantine Access
• The Personal Spam Manager enables end users to manage their own
spam without the intervention of IT administration
• Dashboard with In-depth Reporting
• Disaster Recovery Spooling (Queues the mail incase mailserver is not
reachable)
• Domain Specific Whitelist and Blacklist
• Global Data Centres delivering 99.999% uptime with 24x7 active
response team
• CleanMail’s beyond perimeter protection technique, keeps attacks like
DoS and DDoS far away from the network
• The Recurrent Pattern Detection technique ensures that latest spam
outbreaks are automatically detected without any special effort

url : (http://www.cleanmail.in/features-benefit.html)
 
 

Anti-Spam Technology Report www.westcoastlabs.com 20

Netcore's Emergic CleanMail Service

Security Features Buyers Guide

NetCore Emergic CleanMail Service – developments in the last 12 months

• A number of new technologies have been developed and integrated

into CleanMail’s Hosted Service over the last twelve months.
Recurrent Pattern Detection (RPD) :- Emergic CleanMail (ECM) added
the Recurrent Pattern Detection technique patented by Commtouch
to its powerful detection engine to guarantee efficient detection of
new spam outbreaks in realtime. Other techniques used to detect
spam outbreaks include manual identification of spam patterns from
outbreaks appearing in decoy. However these techniques do not
guarantee a realtime detection of new outbreaks. With addition of RPD
ECM has guaranteed that its users are free of spams even during these
outbreaks.
• Virus Outbreak Detection (VOD) :- ECM made its Virus Outbreak
detection capabilities more powerful with the implementation of
VOD technology from Commtouch. With the implementation of this
technology ECM now provides two layers of protection to its users
during the Zero Hour Window.
• Recipient Address Verification (RAV) :- ECM's innovative Recipient
Address Verification protects the organizations from Directory Harvest
Attacks. This check also helps ECM to identify bad IP addresses
broadcasting spams and throttle them based on the invalid recipient
mails they are sending.
• Sender Policy Framework module has also been developed

Anti-Spam Technology Report www.westcoastlabs.com 21

Netcore's Emergic CleanMail Service

Additional Noteworthy Product Features

• Transport Layered Security (TLS) provides assurred encrypted email
delivery
• Encrypted web portal ensures privacy and protection of sensitive
information
• Web bug detection capabilities which ensures that security exploits
don't creep in through emails.
• Online dashboard provides an extensive reports supported by graphical
pattern indicators and provides granular control of the filter engine
• Recipient Address Verification(RAV) techniques saves organizations
from Directory Harvest Attacks.
• Global DataCentres with load balancing and redundant hardwares
means no single point of failure
• True "Zero Hour" Anti-Virus technology based on Real Time Detection,
negating risks of early stage viruses evading traditional scanners.
• 100% audit record of every message relayed by the service accessible
by administrators and end-users if required.
• Beyond perimeter protection technique, keeps attacks like DoS and
DDoS far way from the network
• 24x7 active Response team ensures that any major email incidents are
identified, managed and alerted to the customer before they can do
damage.

Anti-Spam Technology Report www.westcoastlabs.com 22

US SALES
T +1 (717) 243 5575

EUROPE SALES
T +44 2920 548 400

GLOBAL HEADQUARTERS
West Coast Labs
Unit 9 Oak Tree Court
Mulberry Drive
Cardiff Gate Business Park
Cardiff
CF23 8RS, UK