Documentation Home
Help! Errors
Help! False Positives
Help! Spam Leakage
Installation Guides
Features
Procedures
SNF Community
Software
Technology
Tools
Direct Support
Glossary
Q&A

Features

Efficiency

No Extra Parts

There are no extra parts to Message Sniffer. SNF does not depend on external DNS servers or hash databases. This can be very important in large scale filtering environments where DNS lookups for conventional anti-spam tests can quickly overload internal network and DNS infrastructures. This also makes SNF particularly well suited for appliances because it eliminates key points of complexity and performance problems.

No Maintenance

Once Message Sniffer is set up properly no additional administration is required! Virtually all of our ongoing improvements are delivered through new rulebases and updates to our network, so actual software upgrades are generally simple and infrequent. Rulebase updates can be downloaded and installed automatically; collaborative filtering systems are maintained, monitored, and upgraded automatically; and each SNF node is self-tuning.

Heavy Metal Not Required

All of SNF's components are highly optimized and purpose built. The programs are compiled from efficient C++ code that goes "straight to the metal" to get the most out of the hardware you have. The scanning engine is so efficient that it can be run in real-time against incoming messages during the SMTP session (on compatible platforms). Other anti-spam engines with similar accuracy (such as SpamAssassin) typically require more than 10 times as much CPU power* and simply can't respond fast enough to be used in a real-time environment.

*During real-world tests running SpamAssassin and SNF in parallel on the same postfix box SNF consistently required less than 10% of the CPU required by SpamAssassin while scanning the same message stream! During the same tests SNF's capture rates were slightly higher than SA's while SNF's false positive rates were notably lower!

Working Smart

Using GBUdb (the Good, Bad, Ugly data base), Message Sniffer is able to "truncate" its content scan on between 10% and 50% of real-world messages**. If the source IP of the message has a sufficiently "black" reputation then SNF stops the scanning process immediately saving time and resources without reducing accuracy.

**Based on telemetry received from production systems in the wild. 10% truncation rates are typical of systems that pre-screen messages using filters, connection blocking, graylisting and/or black-lists driven by GBUdb data. It is typical to see 25% truncation rates on systems with partial black-list blocking, and between 30% and 50% truncation rates on systems with no front-end filtering prior to SNF.