spam, spam, spam,  privacy, security & spam

For a direct link to our data privacy and computer security resources, click here.

To view video demo of TurnTide ASR by Lucinda Duncalfe-Holt and David Brussin, click here.

TurnTide technology is now part of the Symantec Mail Security 8100 Series

For an explanation of why it is okay to say "EMAIL CAN BE SPAM" but it is dumb to say email can be SPAM™ or even Spam, click.


In July of 2004, Symantec acquired a company called TurnTide and with it a piece of technology that is sold these days as the Symantec Brightmail Traffic Shaper (for a while it was sold as the Symantec Mail Security 8100 Series)

I helped invent, fund, develop, and position this technology. This page has some notes on the technology and the deal.

So Why Did Symantec Buy TurnTide?

Here is what NetsEdge Research Group said: "TurnTide produced the first in what we think will be a series of products that aim at blocking spam at the network level--TurnTide's product operates by manipulating TCP sessions to slow down connections with known spammers."

Actually, there is more to the technology than that, as the article below explains, but TurnTide was certainly first in its category. Other analysts have pointed to a good fit both with Symantec's all-in-one security appliances and with the Brightmail anti-spam service, which Symantec acquired earlier in 2004. After all, TurnTide is the only technology that stops spam at the network layer, before it gets onto the network.

Stopping Spam

Before it gets into your network

by Stephen Cobb

If you run a company network or an ISP then you know that tidal waves of spam threaten to overwhelm your email servers. The peak CPU loads are too high, servers are crashing, email is delayed and the boxes are so overloaded they can't even run admin tools.

If you manage the network for big company, you know your employees are wasting too much time deleting spam from their inboxes and the Help Desk is swamped with complaints about emails that went missing because the spam filters blocked them. The head of HR and your chief counsel are fretting over the implications of the pornographic images that spam keeps placing on corporate systems.

That's why I helped fund the development of a completely new way to keep spam out of servers. I don't mean filtering it, because then you have to accept the spam and store it until you filter it (and you may have to store the suspected spam until users check it out). The result of our efforts to find a better way is something called the TurnTide™ Anti-spam Router. This technology has been successfully deployed by ISPs, schools, and one of the largest brokerage houses in the world; in fact, email servers at a well-known security company have been protected by TurnTide technology since 2003.

SpamSquelcher is a 'drop-in' applainceThe brainchild of my good friend David Brussin, CISSP, TurnTide™, formerly known as SpamSquelcher, is based on the fact that spammers cannot afford to send spam to networks that are slow. So TurnTide makes your network look, to a spammer, like it is on a very slow dial up modem, even though you might be on a T3. Your regular email comes in just as fast as before, if not faster, and the result is not just less spam, but better performance.

If you operate a large network or ISP, with 10,000 users or more, then TurnTide can save you a lot of money on hardware AND support costs, labor, and stress. Instead of filtering spam, which does nothing to rid the Internet of this odious and onerous traffic, TurnTide slows spam down, to the point where much of it never leaves the spammer's box. Due to the unique economics of spam, this results in a lot less spam directed at your network.*

To be more specific, TurnTide analyzes inbound email traffic and performs dynamic shaping of that traffic based on the results of proprietary traffic analysis. The result for the TurnTide-protected network is better delivery of legitimate email and a lot less spam.**

By shaping incoming traffic so that spam delivery is slowed down, TurnTide™ forces spammers to give up.

Depending upon the type of network it is protecting, TurnTide can either replace or augment spam filtering. However it is important to note that TurnTide alone reduces spam dramatically, while avoiding two of the main drawbacks on spam filtering:

  • False positives: these occur with every known filtering product and in plain English they mean that some legitimate messages never get to you, or you have to weed them out of a pile of suspected spam.
  • Server resources: spam can't be filtered unless it is received, either by your servers, or those of your outsourced spam filtering service, and someone has to pay for those server (i.e. you, in-house or through outsourcing).

TurnTide samples connection requests, analyses them, and assigns resources in inverse proportion to how "spam-like" the analysis suggests the connections are. The program looks at a variety of parameters including obvious things, like delivery failure rate, and some things that make up the proprietary, patent-pending part of the product.


Intended for networks of 5,000 or more email users, TurnTide is delivered in appliance format, ready to slot into existing network architectures, somewhere between the Internet and your mail servers. Capable of auto-configuration, it has zero impact on your architecture and operates at wire speed, so there is no performance hit. The more enterprises and ISPs that use TurnTide, the tougher life will get for spammers.


* Spam is driven by the desire to make money. In this it differs from other network threats like hacking. Spammers buy the bandwidth they need in units of time and they cannot afford to spam slow networks. From the moment you turn it on, TurnTide stops spammers flooding your network, and over time they learn not to point their spam cannons in your direction because you are no longer a target of opportunity. [Back]

** In Beta tests at a regional ISP, TurnTide had a positive effect all round. It cut the cost of support and bandwidth and servers, plus it improved customer satisfaction, not to mention the ability of the administrator to sleep at night -- see this report on CNET[Back]

Back to the main spam page, click here.

Updated April, 2010 by scobb at scobb dot net © Stephen Cobb, 1996-2010. All rights reserved.