Given that only around 10 per cent of email is legitimate traffic, but that 83 per cent of all messages are believed to be denial of service attacks, directory harvest attacks or have invalid recipients, blocking this mail at an early a stage as possible vastly reduces the load on conventional, content-based filtering systems.

Edge-based systems work by examining the sender’s IP address and the “envelope” headers of an email message, in order to detect dark traffic. If the message is rejected, the content simply never reaches the content filtering systems, let alone the corporate email servers.

As an edge system only looks at envelop data, it will typically be five to six times as quick as a content filter with a similar configuration. In fact, combining a single content filter system with an edge-based filter should be as effective as six standalone content filters.


By blocking more illegitimate email, the combined filters will also save on storage and processing needs, further bolstering the return on investment. Moreover, only edge-based systems can pick up and block denial of service attacks. By the time the messages reach the content filters, it is already too late to stop a denial of service attack.

Filtering out dark traffic at the network edge is cost effective, removes bottlenecks and ultimately, improves corporate information security in a way that other anti-spam measures cannot achieve on their own.