Posted:

Posted by Adam Dawes, Gmail Product Manager

Last year, we started integrating Postini’s business-class email security and management capabilities into Gmail and today we’re excited to be rolling out the latest round of integrated features. Google Apps administrators can now take advantage of improved email compliance footers, approved/blocked sender lists and file attachment policies. These capabilities help our customers address compliance requirements and effectively manage email traffic. Previously, Google Apps customers used Google Message Security, powered by Postini, to provide these capabilities.

With this new release, we’ve improved these features and designed them specifically to meet the needs of our Apps customers. Admins will manage the features natively in the Google Apps control panel (localized in 28 languages), leverage our granular policy framework to customize settings for different types of users, and join multiple rules together to address very targeted use cases.

These new features are available globally for Google Apps for Business, Google Apps for Government and Google Apps for Education editions.

Dominie Liang, IT Director at New Media Group in Hong Kong, was able to use the new features to quickly address his company’s compliance requirements:

"Our legal team wanted us to add a compliance note to all of our outbound email. Thanks to Google's new email feature set, we could easily add the rich text format disclaimer with Chinese characters to the email footer, and solved the issue within a minute."

George Krieger, Technical Services Manager, Mazda Raceway Laguna Seca, adds:

"The new message footers in Gmail have made it easy for us to standardize our email signatures and more effectively promote our race schedules. And I love the ability to delegate control of these to our Media department so they can change them when they want without having to call me. This is a major improvement for us."

With the addition of these features to Gmail, there is no longer a need to use Google Message Security (GMS) with Google Apps so we will no longer offer GMS to Google Apps customers. We’ll work with those customers currently using GMS to migrate their settings to these new features. For more information on these features and how customers can migrate to them please refer to this Google Apps Help Center article and the Transition Guide.

Posted:


Postini email services help provide Google Apps users access to robust, cloud-based email security, filtering and archiving services. Today, we’re excited to announce our first step in creating a unified Google Apps experience by moving some Postini features directly into the Google Apps administrative interface.

The new Objectionable Content and Content Compliance email security settings, available directly in the Google Apps control panel, will allow admins to filter messages based on word lists or predefined sets of words, phrases, text patterns, or numerical patterns. And because these are built into the Google Apps infrastructure, admins will be able to use their existing user and organization structures set up for their domain to customize policies for different groups.

Bill MacKenzie, ICT Consultant for Ontario's Upper Grand District School Board, finds the new settings useful and easy to manage: "The content compliance feature has been a great addition to our cloud solution. It was a snap to set up, surprising our tech folks at how little work and time it took to implement. The compliance tool lets students, parents and administrators know that the email at our district is being supervised."

Over the coming weeks, we will be making these features available to business, education and government customers. We're especially excited to introduce these settings to K-12 schools. With these email filters and the walled garden functionality we announced earlier this year, K-12 schools will be able to address their email security needs and easily manage policies for students and teachers -- all within Google Apps.

Because all K-12 schools will automatically have these advanced email security features, we will no longer offer Google Message Security free of charge to new K-12 Google Apps customers. While we will continue to provide the service to K-12 schools currently using advanced features of Google Message Security, we plan to add even more email security features to the Google Apps control panel during the next year. Once comparable features are available in Google Apps, we will require K-12 Google Apps customers using Postini to consolidate their email security features into the Google Apps control panel. Google Apps for Business and Google Apps for Government customers are welcome to try these new features but will not be required to transition until a later date next year.

We invite everyone to start trying these new features for your domain. You can create similar filters to those you have in Postini in the improved Google Apps control panel interface. For more information about the transition to the new email security settings in Google Apps, please visit the Help Center documentation for Objectionable Content and Content Compliance and read the FAQs.

We're excited to begin the process of building Postini features into Google Apps and simplifying email security policies for Google Apps domains. Stay tuned for new features in the future!

Posted:


We’re constantly working to protect our users from email spam and phishing attempts. Some examples of these efforts include educating users about phishing and supporting open standards for email authentication such as DomainKeys Identified Mail (DKIM) in Google Apps - which can help reduce the risk of phishing attacks sent from spoofed domains.

And now our Postini services customers can take advantage of new capabilities to help protect users on legacy email servers such as Microsoft(R) Exchange. Recipient Policy Framework (RPF) is a new feature we developed for Postini that allows customers to authenticate inbound email to help ensure that each message is actually coming from who it says it’s from.

RPF uses an open Internet standard called Sender Policy Framework to authenticate inbound emails and allows customers to define policies on how to handle emails that don’t check out. When RPF is enabled by an administrator, it will help detect and block email spam and other suspicious messages.

To learn more about Postini services including our email security, compliance and continuity products, please visit our web site where you can compare pricing and sign up online.

Posted:


Is your organization running Microsoft® Exchange 2003 or 2007 and looking to upgrade its archiving and continuity capabilities?

Google Message Continuity and Google Message Discovery are helping businesses increase email reliability and reduce risk by moving key services – such as spam and virus filtering, email archiving, and email continuity – to the cloud. Join us for a live webinar on June 8th to learn how Gables Residential and the Federal Home Loan Bank of Chicago were able to deploy Google Postini services to reduce IT infrastructure costs and pave the way for a 100% web environment.

What: Google Postini services webinar (1 hr.)

When: Wednesday, June 8th, 2011 9:00am PST / 12:00pm EST

Who:
  • James Hamrick, Director of IT at Gables Residential
  • Eric Geiger, VP of IT Operations at Federal Home Loan Bank of Chicago
  • Adam Swidler, Senior Manager with Google

Click here to register. We hope to see you there!

Posted:
Gables Residential, an Atlanta-based Real Estate Investment Trust (REIT), turned to Google Message Continuity to supplement their Microsoft® Exchange 2007 email environment and minimize email downtime. Gables Residential owns, manages and develops property throughout Atlanta, Austin, Dallas, Houston, South Florida, D.C., and Southern California, contributing to a portfolio of over 38,000 apartment homes. With their managed properties distributed across the country and over multiple time zones, it was critically important that their employees always have access to their email. Gables Residential turned to Google Message Continuity, a cloud-based disaster recovery solution, to enhance the reliability of their email environment.

Google Message Continuity works by synchronizing all email stored on Microsoft® Exchange servers into Gmail, using a simple plug-in that ensures all messages are always present in both email inboxes. If Microsoft® Exchange is unavailable, users can simply login to Gmail with their usual credentials and take advantage of Gmail’s reliability–available 99.984% of the time in 2010–to send and receive messages. The simplicity of the set-up, the minimal maintenance and deployment costs, and the ability to keep their distributed workforce productive during email outages is what differentiated Google Message Continuity over other continuity alternatives.

What’s more, through using Google Message Continuity Gables Residential learned first-hand the benefits of a 100% web environment, and plans to switch from Microsoft® Exchange to Google Apps for Business later this year. With emails constantly being replicated in Gmail, switching to the rest of Google Apps can be a seamless move, both for IT admins and for users. Gables Residential plans on taking advantage of this smooth deployment path in May and looks forward to deploying Google Apps across its entire user base.

Join us during a live webinar as James Hamrick, Director of IT, explains how Gables Residential was able to successfully use Google Message Continuity to improve the reliability of their Microsoft® Exchange environment while paving the way for a 100% web future with Google Apps for Business.

Register for this live webcast on April 20th, 11 a.m. Eastern Time, 2011. We hope to see you there!

Posted:
Back in December we announced a new email continuity service that helps organizations running Microsoft Exchange® 2003 and 2007 Servers bolster the reliability of their email environments. Today, we’re excited to announce that Google Message Continuity now also supports Microsoft Exchange® 2010 Servers, helping to protect an even broader range of users from business continuity and email access disruptions.

Recent research conducted by the Radicati Group suggests that users of Microsoft Exchange® face on average over five hours of downtime a month, which is a combination of both unplanned outages and regularly scheduled downtime1. Let’s compare this to Gmail. Google Apps offers a service level agreement of 99.9% for all of its services. However, as we noted back in January, our own measurements showed that Gmail only experienced on average seven minutes of downtime per month throughout 2010 – 46 times less than an Exchange-based environment – which represented a total uptime average of 99.984% for the entire year. Google Message Continuity works by leveraging this outstanding record of reliability and extending it to Microsoft Exchange® users, allowing them to benefit from the availability and redundancy of Google’s services.

For more information on Google Message Continuity and how a cloud-based continuity solution can help your email environment remain more secure, accessible, and reliable, stop by www.google.com/postini to learn more.

1. The Radicati Group, 2010. "Corporate IT Survey – Messaging & Collaboration, 2010-2011"

Posted by Adrian Soghoian, Associate Product Marketing Manager, Google Postini Services

Posted:
Our customers expect Google Apps to be available all the time, from anywhere, and we're passionately committed to proving them right. We measure the success of every server request, every moment of every day, and the numbers support our belief that the cloud can be more reliable than on-premises software. We’ve seen in the past that Gmail can offer ten times greater reliability than a typical on-premises Microsoft® Exchange installation, and this got us to thinking...could we bring Gmail’s reliability to companies currently using Microsoft® Exchange? Today, we’re excited to introduce a new Postini service which accomplishes just that.

If you run Microsoft® Exchange 2003 or 2007, Google Message Continuity is a new email continuity service that can help you ensure that your users never lose access to email during a Microsoft® Exchange outage, whether planned or unplanned. By synchronizing your on-premises accounts with Google’s cloud, Google Message Continuity gives you access to your up-to-date email inboxes (through the Gmail interface) no matter what happens to your on-premises servers. And once your servers come back up after an outage, messages sent and received, plus message state changes (like deletions and folder assignments) that are recorded by Google Message Continuity during the outage, are then synchronized with your servers, allowing users to seamlessly transition from Microsoft® Exchange to Gmail, then back to Microsoft® Exchange.



At $25 per user per year for new customers or an additional $13 per user per year for current Postini customers, Google Message Continuity advances our commitment to providing rapidly deployed, cost-effective email management solutions for organizations of all sizes. Additionally, for organizations interested in eventually moving to Google Apps, Google Message Continuity can provide a smooth bridge to the cloud. You can experience Gmail, Contacts, and Calendar without disrupting your current email system. If you decide to deploy Google Apps, you won’t need to migrate any email data since Google Message Continuity will have already done so via synchronization.

To find out more about Google Message Continuity, please join our live webinar on December 15th where Michael Osterman, a leading technology analyst, will share current industry research and IT trends in the continuity market and explain the value of a cloud-based email continuity solution.

Google Message Continuity: A Cloud-Based Continuity Solution
Wednesday, December 15th, 2010
11 a.m. PDT / 2 p.m. EDT / 7 p.m. GMT
Register here

For more information on Google Postini’s complete suite of email security, archiving, and continuity services, please visit www.google.com/postini.

Posted by Matthew O’Connor, Product Manager, Google Enterprise

Posted:
Editor's note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, that process more than 3 billion email messages per day. More than 50,000 businesses and 22 million users use Google Postini Services to protect themselves from a range of email and web-borne threats.

Q3’10 spam and virus trends confirm that spammers are still hard at work distributing malicious content in new and creative ways. August saw a massive 241% increase in virus volume over July, representing the greatest recorded surge in viral activity since 2008. Overall, payload virus volume increased 42% over Q2’10 and 10% over Q3’09, while spam levels decreased 16% and 24% over the same periods, respectively. The spike in malware attacks during August suggests that we might see higher levels of spam moving forward into Q4 as botnet “seeds” planted during this time begin to take action.

By the numbers
Overall, spam volume stayed relatively constant throughout Q3, with a slight dip in August and September. In comparison to the same time in 2009, spam levels are down 24%. This may be attributed to some recent botnet takedowns, such as the partial Pushdo shut down, or point to a generally slower summer season for spam.


However, payload virus levels shot up to record-high levels in August. In comparison to August of 2009, we saw a 111% percent increase in volume overall. What is more remarkable, though, is that this August saw the highest registered number of viruses blocked in a single day: 188 million. This virus surge is even more pronounced than last October’s, when Mega-D, a top-ten botnet, infected over 250,000 computers worldwide before being shut down by a carefully orchestrated campaign by security professionals. This recent increase in viral activity could indicate a “gearing up” as spammers attempt to construct botnets in time for the holiday season and increased consumer spending. With the commercialization of spam in 2006, we’ve often seen a correlation between spam, malware campaigns, and seasonal consumer patterns.

The actual content of this virus wave consisted mainly of traditional spoofing of major brands, along with a new tactic involving recycling previously sent emails taken from the hard drives of infected computers. This new method is more difficult to detect as the wording and content is familiar to the recipient. As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links. Features in Gmail such as authentication icons can go a long way in protecting your computer, but it’s important to be aware and mindful of these new viral activities when managing your inbox.


An interesting and unusual trend has been in the sizes of the individual viruses being transmitted. Particularly, we’ve seen some irregularly sharp peaks in size throughout September, following the surge in total numbers during August. This could be due in part to increased use of .zip and .html attachments containing malicious JavaScripts. Overall, virus traffic continues to be strong and users need to be on high alert when handling suspicious messages. Postini Services customers are strongly encouraged to enable the Early Detection Filtering functionality in order to ensure maximum protection from zero day virus threats.


Shortened URLs can mask suspicious links
This quarter we detected an increased volume of emails containing shortened URLs linking to suspicious websites. Spammers are increasingly making use of services that shorten URLs as a way of masking the destination website to the user. With the widespread proliferation of shortened URLs, particularly among blogging sites and social networks, it has become increasingly important to remain vigilant and skeptical when evaluating URLs. A shortened URL sent from a “friend” might seem innocuous enough, but, as always, links and emails sent from unknown senders should be scrutinized before further action is taken.

Beware false financial transaction messages
We continue to see false notifications claiming to be sent by various financial authorities. Spammers will frequently send their targets a simple yet authoritative message alerting them of a rejected or unauthorized transaction, then provide a false link directing them to a website. The format of these emails is often simple and innocuous, making it difficult to ascertain the malicious content from a quick glance.

Continued use of NDRs
Non-Delivery Report/Receipt (NDR) are legitimate messages used to alert users that a sent email has not been delivered correctly. Back in July we noticed an upswing in false NDRs bearing malicious JavaScript. As a hybrid between virus and spam messages, these messages were in reality obfuscated JavaScript attacks, directing users to a particular website or initiating an unexpected download. The user is often unaware of the attacks, making these messages particularly dangerous and difficult to detect. However, Google’s vast network and patented filtering technology was able to detect these messages early on and respond quickly. The Postini-Anti-Spam-Engine (PASE) was immediately updated in response and has been protecting users throughout Q3 from the continued use of false NDRs.

Fake celebrity gossip
Although August was a slower month in terms of overall spam volume, we saw a substantial spike in messages claiming to break the news of untimely and sudden deaths of various high-profile celebrities. The messages referenced a zip file that in turn contained a virus. These messages, similar to various classic phishing scams involving “friends” in need, attempt to pique a user’s interest with an alarming subject line and content. This has proven to be a successful tactic – hence its continued popularity – as users will often open an email instinctively in response to a particularly emotional or compelling subject line. In response to these attacks, our engineers have developed and released filters designed to combat new spam waves.

Stay safe with a cloud-based security solution
Postini’s hosted email security solutions provide comprehensive spam and virus filtering in the cloud – before they reach the network level. Google’s vast network filters billions of messages a day from all over the globe, creating a “network effect” that allows Google to identify emerging threats and respond early.

For more information on how Google Postini Services can help your organization remain safe, compliant, and spam-free, please visit www.google.com/postini.

Posted:
Enterprise Holdings is the largest rental car company in North America and operates Alamo Rent A Car, Enterprise Rent-A-Car and National Car Rental. They manage over 1.1 million cars, 68,000 employees and 7,600 locations around the world. When Enterprise Holdings wanted to add more security to their corporate e-mail, they chose Google Postini Services.

Join us for a free webinar on September 28, where Michael Preuss, Manager of Windows Engineering for Enterprise Holdings, will discuss why his company chose a cloud-based message security solution and how Postini’s powerful spam filtering technology was able to help them address their email security challenges. Adam Swidler, Senior Manager with Google Enterprise, will also provide an overview of Google’s security solutions and facilitate a deep-dive discussion into best-in-class practices for organizations interested in enterprise-grade protection.

A live Q & A session will follow. We hope you can join us!

Message Security in the Cloud
Tuesday, September 28th, 2010
10 a.m. PDT / 1 p.m. EDT / 6 p.m. GMT
Register here

Posted by Adrian Soghoian, Google Postini Services team

Posted:
Editor's note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which processes more than 3 billion email messages per day in the course of providing email security to more than 50,000 businesses and 18 million business users.

Spam and virus volumes this year have continued their upward trend. Q2’10 has seen a sharp 16% increase in spam volume over Q1’10. Virus traffic has moderately increased 3% increase this quarter, however Q2’10 virus was 260% higher than Q2’09. These trends tell us that the spammers are still extremely active, and their botnets produce high levels of spam and virus traffic.

By the by numbers
Spam volume shot up 16% from Q1’10 to Q2’10. Overall, however spam levels are down 15% from Q2’09.

Virus volume grew quickly at the beginning of the quarter, shooting up 90% from March to April, but then quickly dropped off. We saw only a modest 3% uptick from Q1’10 to Q2’10 at the aggregate level. Compared to Q2’09, this represents a 260% increase.

One interesting trend we noticed is size of individual spam messages rising 35% from Q1’10. This points to the fact that spammers are sending more image-based spam, as well as viruses as attachments.

New methods of attack
We have also seen a recent surge in obfuscated (hidden) JavaScript attacks. These messages are a hybrid between virus and spam messages. The messages are designed to look like Non Delivery Report (NDR) messages, which are legitimate messages, however they contained hidden JavaScript which in some cases tried to do things the user may not have been aware of.

In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected, which is more virus-like. Since the messages contained classic JavaScript which generates code, the messages could change themselves and take multiple forms, making them challenging to identify.

Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning which allowed us to write manual filters and escalate to our anti-virus partners quickly. In addition to this, we updated our Postini Anti-Spam Engine (PASE) to recognize the obfuscated JavaScript and capture the messages based on the underlying code to ensure accuracy.

The classics
Although they’ve added a few new tricks to their bag, spammers continue to exploit tried and true techniques, including:

• False Social Networking Messages
Social networks continue to be one of the most frequently spoofed domains for the purpose of spreading phishing scams and virus downloaders. These messages do not actually come from social networks but look similar to legitimate social networks messages. Such messages often contain links to external websites which contain malicious content and/or attempt to harvest user login information. The Postini Anti-Spam Engine is very good at detecting such messages, but users should always be cautious when handling messages from popular social networking sites.

• Current events
As always, spammers continue to spoof major news stories, and this quarter, we saw an increase in spam involving the World Cup. Here is one example of a virus downloader that our spam filters caught:

• Shipping scams
The shipping scam is a favorite of spammers. This quarter we saw a more wide spread outbreak of messages claiming to be from major shipping companies because spammers get a higher success rate with these type of scams. The subject for the message made it look like an invoice and the message body contained random text such as news stories that did not look particularly "spammy." Each message had an attached zip file that presumably was intended to contain some sort of virus payload; however, the data was corrupt and did not pose any actual threat.

Stay safe from phishing scams
With the global economy continuing to lag, we have seen a continued upswing in “friend-in-need” phishing attempts, where hackers break into the email account of unsuspecting users and then hand-type a message to send to the victim’s email contacts.

The most common message told a story of the person being mugged while traveling abroad and requesting money to be sent to them in order to help them get home. The hacker is preying on the generosity of the victims friends in the hopes that one or more of them will send money to them. These messages can be difficult for spam filters to identify since they are hand typed and not sent in bulk. It goes without saying, but be wary of emails requesting money – regardless of the sender.

In response to these outbreaks, our engineers have released several updated filters to combat new spam waves.

Conclusion
Spam volume fluctuates in the short term, but overall, for the last 3 quarters spam volume has been relatively flat. Spammers continue to exploit techniques that have proven results, but as we have seen with obfuscated JavaScript attacks spammers are always experimenting with new techniques to stay ahead of security measures. Google Postini Services customers are protected from the brunt of these increases in spam volume.

For more information on how Google’s security and archiving services can help your business stay safe and compliant, please visit www.google.com/postini.

Posted by Adam Hollman and Gopal Shah, Google Postini Services team

Posted:
Editor's note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which processes more than 3 billion email connections per day in the course of providing email security to more than 50,000 businesses and 18 million business users.

In 2009, the security community started seeing diminishing returns from the takedown of malicious ISPs. After the ISP 3FN was taken down, spam levels rebounded in less than a month, and after Real Host went down, spam volumes recovered after only two days. In response, the anti-spam community turned its attention toward taking botnets offline instead.

Toward the end of 2009, Mega-D, a top-10 botnet – responsible for infecting more than 250,000 computers worldwide – was severely crippled through a carefully orchestrated campaign designed to isolate the command-and-control servers spammers were using to support the botnet. In early 2010, security professionals, along with government agencies, successfully mounted a campaign against several more targets: major botnets such as Waledac, Mariposa, and Zeus were either shut down or had their operations significantly curtailed.

However, this recent spate of botnet takedowns has not had a dramatic impact on spam levels. Although spam and virus levels did fall below Q4’09 highs, reports from Google’s global analytics show that spam levels held relatively steady over the course of Q1’10.

This suggests that there’s no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns.

Spam by the numbers
Overall, spam volume fell 12% from Q4’09 to Q1’10, which follows a trend of quarterly decreases in overall spam levels that started after the surge in Q2’09. This may be attributed to some of the recent takedowns, but spam volume was still 6% higher this quarter than it was during the same period in 2009, and spam volume as a percentage of total email messages is holding steady.


Recently, our data centers showed a 30% increase in the size of individual spam messages (measured in bytes) that occurred toward the end of March, as shown below.


This spike points to a resurgence of image spam, similar to what we reported in Q2’09. This is likely due to the fact that reusing image templates makes it easier and faster for spammers to start new campaigns.

As always, spammers tend to make use of predictable topics – cheap pharmaceuticals, celebrity gossip, breaking news – to encourage user clicks. In January, spammers hastened to exploit the Haiti earthquake crisis, sending pleas for donations that appeared to have been sent by reputable charitable organizations, politicians, and celebrities.

The frequency and variety of post-earthquake spam illustrates an unpleasant reality: spammers will exploit any means – even tragedies – to accomplish their objectives.


Virus levels fall after Q4’09 surge
During 2009, spam with attached viruses increased tenfold, with levels rising from 0.3% of total spam in the first half of the year to 3.7% in the second. Postini filters blocked more than 100 million virus-bearing messages per day during the worst of the attack.

Since then, spam with attached viruses leveled off to around 1.1% in Q1’10, and dropped as low as 0.7% in March. It’s good news that virus levels are currently trending down – but Q1’10 levels are still 12-fold higher than they were in Q1’09.

In fact, this virus surge may be part of the reason that there hasn’t been a significant impact on spam volume after the recent takedown of major botnets. With a host of new machines now infected and part of a botnet, it is unlikely that there would be a dip in spam proliferation.

Benefits of security in the cloud
Although the botnets that distribute spam are mindless drones, the spammers that take advantage of these botnets are a highly active and adaptable group. This is evidenced by the varied techniques and tactics that they employ in an ongoing effort to evade spam filters and deliver messages to their targets.

2010 is likely to see more botnets taken offline, but the question remains – will that have a long-term impact on spam volumes overall? So far in 2010, the effect has been limited, and the security community may begin to turn to other tactics that yield a more substantial impact on global spam volumes.

As long as the threat is there, however, Google is committed to using the power of the cloud to protect your enterprise from spam and viruses. Outsourcing message security to Google enables you to leverage our technical expertise and massive infrastructure to keep spammers from your inbox.

For more information on how Google’s security and archiving services can help your business stay safe and compliant, please visit www.google.com/postini.

Posted by Gopal Shah, Google Postini Services team

Posted:
Google Postini security services work in the cloud to help prevent spam and viruses before they hit your servers. These services also make it easy for admins to fine-tune filtering options to get the right level of protection for their organization's unique needs.

It can often be a delicate balance between protecting networks from attacks and allowing employees the flexibility to use email effectively. To help achieve this balance, today we're introducing a new Google Message Security reporting feature: Health Check.

Health Check helps you maximize the effectiveness of your spam filters. Think of it as a self-service "tune-up" for your Postini filters. It gives admins a comprehensive report that will help them check how current configurations impact the effectiveness of antispam and antivirus filters.

This report also highlights deviations from our recommended best practices, so that you can see areas where more protection might be helpful and select the levels that best meet your needs. For example, reports can "flag" areas of risk in user-defined settings, help optimize Approved Sender Lists, and guide the way you set up firewalls.

In this snippet from a Health Check report, the Virus Outbreak Level for this account is set to "Normal" (see red outline over item "2"). Our guidelines suggest that admins set this to Very High to increase security against viruses and malware. Deviations from recommended best practices are highlighted in red text so you can easily identify where changes can be made to tighten security.

With Health Check, we hope to empower administrators to make the best use of Postini Services. Health Check is now available through the Postini service administration console to Postini and Google Apps Premier Edition customers.

For more information the Google Postini suite of security and archving services, visit www.google.com/postini

Posted by Gopal Shah, Google Postini team

Posted:
Today we're introducing Dual Delivery, a new feature for Google Message Security that enables a copy of an email to be delivered to two different mail hosts. Dual Delivery provides two benefits. First, it can be used to support a transition to a new email service; second, it can be used as a backup email access point.

Dual Delivery allows an interruption-free transition to a new email solution. By enabling incoming email messages to be copied and sent to two different mailhosts, Dual Delivery gives users the chance to familiarize themselves with a new email platform without disrupting mailflow to the existing system. It also gives IT the chance to learn from user behavior and understand the technical implications of a transition before a full rollout.


Dual Delivery also makes it easier to pilot and transition to Google Apps. By enabling the "Send a copy to Google Apps Gmail" feature of Dual Delivery, you can test Gmail without interrupting current practice. If you choose to switch over to Google Apps, you can enable the "Use Google Apps Gmail" feature in the Administration Console to directly route all of your mail to Gmail without having to manually reroute your MX records.

Dual Delivery can also be used as a secondary email access point. If users are unable to access their primary mailbox for any reason, or if admins want to give users cloud-based remote or mobile email access, Dual Delivery can provide read/write email access through a secondary inbox.

Dual Delivery is now available to Postini customers through the Delivery Manager settings in the Postini Administration Console.

For more information about the Google Postini suite of security and archiving services, visit www.google.com/postini

Posted by Gopal Shah, Google Postini team

Update 04/05/2010: Dual Delivery is not a tool for migrating historical email or legacy data. It is a tool that makes it easier to transition to a new email system, like Google Apps, by having production email show up in both the new system and the legacy system, allowing you to evaluate both. Please check our Switching from Microsoft Exchange and Switching from Lotus Notes posts, for more information on migrating to Google Apps.

Posted:
A few months back, we learned that Google Message Security, powered by Postini, was selected as a finalist in the 2010 SC Awards for outstanding achievement in IT security. Today, we are thrilled to announce that Google Message Security has received the Reader Trust Award for Best Managed Security Service.

At Google, we think about the user experience in all that we do, so we are especially honored to receive this award from the Reader Trust Voting Panel, which consists of security and technology experts from large, medium and small enterprises from all major vertical markets.

The Postini team would like to thank SC Magazine and the many readers who voted for Google Message Security. We'd also like to congratulate our fellow nominees and award-winners and acknowledge their contributions to the field of online security.

For more information on Google Message Security and the Postini suite of security and archiving products, please visit, www.google.com/postini

Posted by Gopal Shah, Google Postini team

Posted:
Today, we're introducing a new feature for Google Postini Services: Message Log Search. This feature delivers the search and analysis capabilities normally available with on-premise solutions, but without the associated complexity or maintenance.

When messages pass through the Postini service, header and transaction data about these messages is stored in a log. Previously, admins only had access to this data through customer support. With the Message Log Search feature, email administrators can now easily run searches on these logs and drill down to the details about how specific messages were processed.

For example, admins can view the disposition of messages, such as whether a message or group of messages was delivered, quarantined, archived, or encrypted.

Say an admin was checking the delivery status of all inbound emails from Matthew Smith:


Message Log Search returns results which include who received the message, date/time, disposition, and more. Click the image below for full view.


Customers trying a beta version of Message Log Search have found many useful, time-saving applications for the feature. For example, Dave Lugo at Affiliated Computer Systems is "very happy" that Message Log Search helps him track errant emails and easily resolve the "they didn't get it / we didn't get it" tickets he receives from his users. Joe Stark at HeidelbergCement uses log searching to "proactively search for problem senders" and block them entirely from his network.

Other customers have found that the Message Log Search interface is "very fast and responsive," and helps them to determine the effectiveness of new content policies and gain insight into traffic patterns across their organization.

These are a few examples that illustrate the flexibility and power of Message Log Search, and starting today, you can try the feature for yourself. Message Log Search is now available through the Postini service administration console to Postini and Google Apps Premier Edition customers.

For more information on Google Postini Services, please visit www.google.com/postini.

Note: Message Log Search data is managed and stored in Google datacenters pursuant to the privacy and data confidentiality provisions spelled out in our customer agreements. The message security service stores information about messages in a log, such as how it is processed, but does not store the content of messages.

Posted by Gopal Shah, Google Postini team

Posted:
Google is honored to have been selected as a finalist in the 2010 SC Awards for outstanding achievement in IT security. Google Message Security, powered by Postini, was nominated for the Reader Trust award in the Best Managed Security Service category from more than 600 entries across 31 technology categories.

Widely respected in the industry for more than a decade, the annual SC Awards recognize the professionals, products, and companies providing security solutions that not only protect organizations today, but are also able to identify emerging threats as the landscape of online security evolves.

At Google, we're especially proud to be up for a Reader Trust award, since our focus is always on our users first. Voters from small, medium and large enterprises spanning all industries gave Google Message Security high marks on functionality, manageability, ease-of-use and scalability, as well as the customer service and support provided for it.

“Finalists in this year’s SC Awards including Google, represent a cross-section of the security industry’s best-in-class,” said SC Magazine Editor-in-Chief Illena Armstrong. “Our readers recognize that these companies are making today’s businesses more secure.”

Winners of this year’s SC Awards will be announced at the annual SC Magazine award dinner in San Francisco on Tuesday, March 2, 2010. To attend the SC Awards, please register here.

Google's Postini team would like to thank SC Magazine and the many readers who voted for Google Message Security. We'd also like to congratulate our fellow nominees and acknowledge their contributions to the field of online security.

Posted by Gopal Shah, Google Postini team



Posted:
Editor's note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which processes more than 3 billion email connections per day in the course of providing email security to more than 50,000 businesses and 15 million business users.

Back in 2007, we saw the first variants of a big virus attack later labeled the "Storm" virus. During that summer, Storm attacked with force, pushing payload spam activity to then-unprecedented levels and sustaining them for several months. The security community eventually caught up, and payload spam activity fell to nominal levels and held there. That is, until this year: Q2'09 saw a significant surge in payload spam activity, and now Q3'09 levels have made the 2007 Storm virus attack look small in comparison. Postini data centers have blocked more than 100 million viruses every day during what has so far been the height of the attack.


The majority (55%) of these viruses are messages like the one you see below, a fake notice of underreported income from the IRS (which the IRS distributed an alert on earlier this week). Another large contingent (33%) have come in the form of fake package tracking attachments, which were already on the rise in Q2. You might think a spoofed IRS notice or package tracking email is obviously spam, and wonder who would fall for it and actually click on the attachment.

However, at these volumes, it takes only a tiny fraction of the recipients being fooled for the spammers to add hundreds of computers to their botnets every day.


ISP takedowns continue, overall spam levels steady

Last quarter we saw a temporary 30% drop in overall spam levels following the 3FN ISP takedown, and the ISP takedown trend continues into Q3 with a new culprit called Real Host, a large Latvia-based ISP that was disconnected by upstream providers on August 1. This takedown didn't have the same drastic effects of McColo (last November), but it was comparable to 3FN. Ultimately, the effects of the Real Host takedown lasted only two days, with an initial 30% drop in spam followed by a quick resurgence.

Overall, spam levels remained steady this quarter, with little growth or decline since the Real Host incident. In Q3, spam as a percentage of total message volume is hovering around 90%, down from the Q2 average of around 95%. Q3'09 average spam levels were down 8% from Q2'09 and on par with levels in Q3'08. Spam levels also saw smaller ups and downs than in previous quarters.


Older spam techniques driving message size up

Last quarter we reported on the trend toward larger message sizes, measured in bytes. The trend has continued into this quarter, making 2009 a year of resurgence in old techniques such as image spam and payload viruses. When considering the spam bytes processed per user, growth has been steep in 2009, with Q3'09 rates up 123% from Q3'08.

Organizations that process spam inside their network should pay attention to this trend. The larger sizes create a bandwidth burden that can impact speed across your network. As the chart shows, Q2'09 delivered the record high to date for spam size – and subsequently for bandwidth drag for teams that manage spam in-house, potentially forcing those organizations to upgrade their capacity limits.


Best practices to optimize your enterprise spam filter

A common piece of feedback we get from our customers is that many of the messages in their spam folder or quarantine seem to come from "them" – from what appear to be valid email addresses from their own domain. These email addresses are actually spoofed (a common technique to mask the real origins of a message), and spammers employ this technique to take advantage of a mistake organizations sometimes make in configuring their spam filters: adding their own domain to their approved sender list.

While this might seem like a good idea at first glance – we want to make sure we don't block email from our colleagues, right? – in practice all it does is open your organization up to spoofed email. With that in mind, we strongly recommend that organizations not add their own domains to their approved sender lists. (Don't worry – legitimate mail from within your domain is correctly identified by filters and generally gets through just fine.)

For more information on how Google email security services, powered by Postini, can help your organization provide better spam protection and take a load off your network by halting spam in the cloud, visit www.google.com/postini.

Posted by Adam Swidler, Google Postini Services team

Posted:
In the past month, many of you told us how you've "gone Google" with Google Apps in your workplace. We're excited that the #goneGoogle movement continues with the millions of students who have switched to Google Apps in schools, as well as growing adoption of our Postini email security and archiving services.

More than 5 million students in 145 countries around the world have gone Google at school with our Google Apps Education Edition. To celebrate this milestone, Google's "EDU" team has created a new site that highlights many of the schools that have gone Google, as well as tips for students and educators.

Schools as well as businesses of all sizes have also chosen to protect their on-premise email systems with our hosted email security and archiving services – more than 3 billion email messages are protected by Postini each day. Postini helps your organization keep email secure, spam-free and centrally archived, without the need for hardware or software installations and upgrades. If you're still dealing with tuning your spam appliance and searching your backup tape drives, now is a good time to go Google with Postini.

We've loved hearing your feedback and encourage you to continue the conversation with us via Twitter (hashtag #gonegoogle) as well as through our Spread the Word site. The billboards may be complete (you can check out the recap video here), but we're not finished yet. Look for more "gone Google" initiatives in the US and abroad in the next few months – and don't forget to sign up for free Gone Google goodies!

Posted by Vivian Leung, Google Apps Team

Get timely updates on new features in Google Apps by subscribing to our RSS feed or email alerts.

Posted:
Editor's Note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which provide email security to more than 50,000 organizations, including businesses of all sizes, government agencies, and educational institutions. To learn more about what the Gmail team is doing to keep spam out of your inboxes, check out this post.

Our "Spam Trend" update last quarter summarized the rise in both levels and types of spam, with new players and techniques entering the market. This quarter, proliferation continues, with an unpredictable pattern of drops and spikes as 2009 moves along. Overall, spam is measurably up: Q2'09 average spam levels are 53% higher than in Q1'09 and 6% higher than in Q2'08.

After last November's McColo ISP takedown, when spam volumes dropped by 70%, spammers worked overtime to fill the void. They succeeded: Within four months, spam levels rose back to pre-McColo levels. This upward trend continued through June 4, when another large ISP spam source, 3FN, was reported to have been dismantled. Spam volume immediately dropped 30% – not as extreme as McColo, but still significant. Although this created a sudden dip in spam levels, it also created an open invitation for opportunistic spammers to once again seize a market opportunity.

Over the coming months, we anticipate watching new players once again drive spam levels back up. Since June 4, spammers have already made up a significant amount of ground, climbing 14% from the initial drop.

Here's what the trend looked like, as tracked through Postini filters, over the past six months:


"Unpredictability" summarizes the overall trend as Q2'09 winds down and spammers test both new and "retro" techniques. For example, on June 18 we tracked a new attack that unleashed 50% of a typical day's spam volume in just two hours' time. This attack used a simple "newsletter" template – somewhat "old school" by today's spam standard – with malevolent links and images inserted into the content. Google's Postini filters detected more than 11,000 variants of this spam during those two hours. Because this spam enabled spoofing of the recipient domain (meaning the "from" field was falsified), distribution lists were especially hard-hit by this attack.


Resurgence of image spam

One of the other trends we're watching closely is the sudden popularity of "image spam"a form of spam that rose to prominence in 2007, before most anti-spam filters learned how to block it. It's simple stuff: basic email with advertising content, usually containing a related image. They can also include malicious links or contentand either way, the large file size of an image spam can place a heavy load on an email network.

An image spam email might look something like this:



Evidence of the resurgence in image spam can be seen in the graph below, which shows that the actual size of spam messages, measured in bytes, is back on the rise:


There are a couple of possible explanations for the resurgence in image spam, despite the fact that most spam filters out there have adapted to the technique. One theory is that this wave is designed to test the defenses
of the different spam filters out there, so that spammers can do statistical analysis on what subject lines and content have the highest probability of success.

Another is that there may be some new players entering the spam game, following the McColo and 3FN takedowns, and these new players are opening with some well-tested techniques. Either way, we're watching this trend and will share insights as we gain them in the weeks and months ahead.

Spike in payload viruses

June was also an active month for viruses sent as email attachments, otherwise known as "payload viruses." Volumes rose to their highest level in almost two years as spammers returned to yet another tried-and-true technique to expand their botnets.

As you can see in the chart below, June's activity is almost as high as the two-month payload virus surge seen in Q3'07. Fortunately, Google's Postini zero-hour heuristics detected this uprise early and kept payload attacks in the cloud and away from users' email networks.


Everything old might be new again

In summary, Q2'09 saw continued unpredictability and the resurgence of old-style spam attacks. Are spammers finally running out of original ideas? And if so, like Hollywood, are we now starting to see spam "remakes," based on originals of a few years ago? And what are spammers looking to accomplish as they unleash these remakes? Only time will tell.

For more information on how Google email security services, powered by Postini, can help your organization provide better spam protection and take a load off your network by halting spam in the cloud, visit www.google.com/postini.

Posted by Amanda Kleha, Google message security and archiving team

Posted:
In the year and a half since we acquired Postini, we've integrated a number of their message security features into Google Apps Premier Edition, including additional spam and virus filtering, content policy management tools, and archiving. Today we're pleased to announce the addition of another feature to Google Apps that many of you have been asking for: policy-enforced Transport Layer Security (TLS, RFC 2246) to help you secure the transport of messages between domains with a simple point-and-click interface.

With policy-enforced TLS, IT administrators can
set up policies for securely sending and receiving mail between specific domains. For example, you could specify that all external mail sent by your accounting team members with your bank be secured with the TLS standard, and defer if TLS is not possible. Similarly, you could mandate a secure TLS connection between your domain and your outside legal counsel, auditors, and any other partners with whom your employees may trade sensitive communications. The new functionality makes it easy for an IT admin to use the TLS standard for reliable, secure email delivery – with no hardware or software to add or maintain.

We're also making a change to the message discovery and archiving feature in Google Apps for new customers. We've learned that most of our customers want at least one year of archiving, so the 90-day message archive is no longer being offered to customers who sign up after April 22. All customers can continue to buy one year of message archiving with unlimited storage for $13 per user per year, and up to 10 years of archiving with unlimited storage for $33 per user per year. Note that those of you already using Premier Edition will continue to be able to retain mail for 90 days.




Enforce an email footer to apply to outbound emails.



On the 'Outbound Servers' tab, set your TLS policies easily in the Google Postini Admin console. Settings can apply to inbound and outbound messages.


Let us know what you think about today's news. We're committed to providing the world class security and compliance technology you need in an easy and affordable way, and we welcome your comments and feedback.

Posted by Navneet Goel and Matt O'Connor, Product Managers, Google Postini services team