ProofPoint Announcement

Posted by Dennis Schmidt (Director of the Office of Information Systems). Sent over several listservs including SOMNews and MS1-MS4. 02.14.08.

First, the bad news: As most of you already know, the amount of undetected spam that is getting through our filters has been increasing significantly in the last few weeks. In particular, we are seeing a large increase in sexually explicit messages which are offensive to most people. Our incoming statistics do not show a significant rise in the volume of mail hitting our servers in the last couple of months, so we cannot attribute the increase in spam getting to your boxes to an increase in spam volume on the Internet. We believe that the spammers have changed their tactics (which happens frequently) and are successfully getting around our spam filters. Even though we are using the latest spam signatures from our current antispam engine, it is obvious that our antispam engine hasn’t caught up yet with the latest tactics.

Now for the good news: This week, we installed a ProofPoint antispam appliance on our network in a test mode. ProofPoint is one of the leading commercial antispam products on the market. ITS on main campus installed ProofPoint on their system in late November and has reported very positive results. We currently have ProofPoint in the audit mode where it is scanning all incoming messages and assigning a spam score to each one. Initial “out of the box” results look very promising.

We initially set up a small group of beta testers who are having all of their mail actively filtered by ProofPoint. To speed up the testing process, we plan to expand that group over the next few days. Our intent is to work out all of the kinks as quickly as possible before we roll it into production.

You might be wondering why we don’t just turn the switch on. There are some things that we have to accomplish first:

- -- We must ensure that ProofPoint isn’t blocking legitimate mail.

- -- We need to test to see if ProofPoint has any unexpected side effects on other systems. For example, it caused a temporary disruption of the list server when it was first configured on our network.

- -- We need to configure and fine tune the quarantine feature which allows individual users to have control over how their spam messages are handled.

- -- We need to develop instructions and guidelines for users on how to use the tools that come with ProofPoint.

Be assured that fixing the spam problem is our number one priority. We are very optimistic that ProofPoint will provide a much better solution that what we are currently doing. Our intent is to roll it out as quickly and as safely as possible.

Dennis Schmidt

=========================================
Dennis A. Schmidt, MS, CISSP
Director, Office of Information Systems
HIPAA Security Officer, School of Medicine
University of North Carolina at Chapel Hill
76 MacNider Hall, CB#7045
Chapel Hill, NC 27599-7045
voice: 919 966-9900, fax: 966-6923