CipherTrust on Monday announced improved spam-fighting capabilities for its IronMail email security appliance as well as enhancements to IronWebMail, the company's security appliance for Web-enabled email.

IronMail is a hardened appliance that implements a number of security features, including virus scanning (using the Sophos antivirus engine), anti-spam, content filtering, and application-specific firewall and intrusion detection systems.

To fight spam, IronMail now integrates a number of approaches, including signatures, content filtering and its own heuristics engine. CipherTrust added support for two distributed spam signature networks, Cloudmark's Razor and the Distributed Checksum Clearinghouse (DCC). Both collect spam from actual users, then write signatures to detect and filter out those emails.

IronMail also employs CipherTrust's own heuristics techniques to detect spam by looking at a number of different variables in mail headers, such as methods used to hide the origin of a message. Additionally, the company uses content-based filtering techniques, such as weighted keyword scans, where the presence of a number of predefined key words will trigger an email to be filtered.

"You can't rely on any one spam detection technique," says Steve Raber, president and chief operating officer of CipherTrust, based in Alpharetta, Ga. "Spam is a moving target."

He noted that one CipherTrust customer stopped 40% of all incoming email by rigorously applying IronMail spam-fighting techniques, helping the company stave off an email server upgrade. Another reduced traffic by about 22% using less aggressive policies, Raber says.

CipherTrust also now has an automated spam rule creation feature that, based on an actual spam email, can recommend a rule that will block that email in the future, saving administrators from having to write their own rules.

The company also announced a new service, dubbed CipherTrust Policy Ring (CPR), whereby it will distribute new spam signatures and policies to customers as often as every hour. In addition to writing its own rules and policies, CipherTrust has been collecting them from existing customers, Raber says, so that customers can benefit from each other's experience.

The spam prevention features are delivered as an add-on to IronMail, with prices starting at around $20,000. There is a per-user annual fee for the CPR service ranging from about $2 to $10, depending on the number of users.

Enhancements to CipherTrust's IronWebMail appliance includes a secure log-on and log-off feature that prevents session hijacking, such as when a user logs off a Web access terminal and another user backs into the supposedly terminated session. Version 2.0 of the IronWebMail heuristics engine now supports more signatures, daily signature updates and additional configuration options. IronWebMail also now supports RSA Security's SecurID authentication tokens.