Greylisting has been around since 2003 when Evan Harris wrote the original whitepaper on it as a spam filtering mechanism.
|
|
- Holly Sparks
- 8 years ago
- Views:
Transcription
1 Greylisting... revisited By Steve Freegard Our BarricadeMX products have supported greylisting since they were first released. From the beginning, our greylisting used custom modifications to make it more acceptable to businesses and to address some of the original method s shortcomings. As we have started working on what will become the 3rd version of the BarricadeMX SMTP engine; I started by looking back at support issues over the past few years to see what we could do better and decide what should and should not be present in the new version. As part of that review process - I started looking again at greylisting; should we keep it or should it go? I had found a number of tickets where we had advised customers to whitelist servers because they didn t handle greylisting at all. But was this reason enough to get rid of it completely? Is it still effective? For the purpose of this paper, it is assumed that the reader has an understanding of the Simple Mail Transfer Protocol (SMTP), the Domain Name System (DNS), and related terminology. Background Greylisting has been around since 2003 when Evan Harris wrote the original whitepaper on it as a spam filtering mechanism. The basic premise was that during the SMTP connection for each connecting IP address, sender, and recipient a tuple is created in a database and the recipients deferred (with a temporary failure) for a fixed period of time. If the same tuple comes back after that period of time had passed, then the recipients are passed and the message accepted. The idea being that if the sending system implements a retry-queue it would pass the greylisting after a period of time, while spam engines would not because they do not implement retry queues, but instead work in a fire-and-forget fashion. The issues with this approach were that using the proposed tuple of IP, sender, and recipient caused mail to be delayed excessively for a period of time until the greylisting system had learnt who are the regular correspondents. Worse still, SMTP servers can have wildly varying timeouts meaning some will retry after a few seconds, others might take hours to retry meaning that genuine mail can be delayed for very long periods. The other issue was with SMTP implementations that use a shared spool for the retry-queue; this means that while one host might send the initial message, another host on a different IP might send the retry; therefore the greylist tuple will not match this retry again causing severe delays. Many implementations were created with various workarounds for these shortcomings. Many people have spoken out against greylisting and have speculated that like all anti-spam mechanisms it will become less effective over time, because the spammers will adapt to it. So in 2011, eight years after the original whitepaper was published, has this happened? Testing
2 Because traditional greylisting sends a temporary failure to each recipient, quantifying how many messages this actually equates to is impossible. So for the purposes of this test I will be sending the temporary failure at the end of DATA so that I may count unique messages and track the retries of each message. This comes with a big caveat - bitter experience with SMTP implementations tells me that greylisting a message at the end-of-data phase instead of each recipient can and probably will cause different results in the real world, because some SMTP implementations handle retries differently depending where the deferral is done and what deferral code was used. As noted in the background section above, using the IP address as part of the tuple causes problems with shared-spools. Many greylisting implementations therefore only use the first 3 octets of the IPv4 address to treat a single /24 as one entry. The problem with this approach is that some shared spools might use more than one /24 or there might be multiple unrelated hosts in that same / 24; either way this could also cause some undesired results. To overcome the issues with shared spools I will use a different approach: The full IPv4 or IPv6 address will be used if: 1. The connecting host has no PTR record, a.k.a. reverse DNS (rdns). 2. The rdns record contains the first two or last two octets of the IP address. 3. The rdns record contains the short, decimal, or hex representation of the full IP address. 4. Multiple rdns records are returned. 5. The rdns record cannot be verified by forward confirmation (e.g. FCrDNS). 6. The top-level-domain (TLD) used is not valid. Otherwise the first label, host part, of the rdns is stripped, but only until the domain boundary will be used. For example: rdns Greylist key used host.sub.domain.com sub.domain.com host.domain.com.domain.com domain.com domain.com For the remainder of this paper I will refer to this hybrid IP / rdns key as the hostid. This method presumes that shared spool hosts will always have valid rdns and that the pool of hosts will also either share a common sub-domain or domain. Experience of using this method in our BarricadeMX products has proven this to be the case. Here is an example of this from the results, this shows a single message being received and greylisted and each of the retries showing the time difference between the last retry and the IP address of the host sending the message In this case the hostid is.obsmtp.com (Outblaze): Retry Time Diff.IP address
3 TOTAL 859 As can be seen, multiple retries from a pool of hosts sharing a spool are easily handled by one greylist hostid with a total greylist delay for this message of 859 seconds. My only comment regarding this is that the retry interval used here is rather short with no back-off. The greylist tuple I am going to use for the purposes of this paper and so that I can track unique messages and their retries will be: hostid sender recipients message ID md5 As described above The envelope sender as sent in MAIL FROM: All envelope recipients as sent in RCPT TO: The Message ID header if present. If missing the md5 field will be used suffixed to the end. The md5 of the message body. The other deviation from the original paper is to prevent excessive delays for each hostid. All that greylisting proves is that a host (or group of hosts) correctly implements a retry-queue. Once that has been proven then that hostid is exempted from further greylisting for 40 days since it was last seen. This is done to reduce the impact and delays that greylisting can cause. Although I have not done so in this test I also recommend that hosts listed on the public DNS whitelists such as the DNS Whitelist (DNSWL) be exempted from greylisting for the same reason. To prevent spammers from exploiting this exemption by continuously cycling through their sender, recipient, and template lists in a effort to defeat greylisting and/or be exempted, a hostid must retry either the first or the last message that has been seen from that given hostid (this is to handle last-infirst-out and first-in-first-out queue strategies), until that time any other messages will be greylisted. I also had to choose what timeout periods I would use: 850 seconds for the greylist deferral period. This was chosen because a Wikipedia article on greylisting shows the default retry times for various MTAs with the average 1st retry being around the 15 minute mark, 850 seconds prevents a host retrying every minute from passing before this. I also believe that 15 minutes is a good margin for a DNS blacklist (DNSBL) to see the message from an IP (e.g. infected, malicious, hacked or other), list it, sync the list with any mirrors and allow for a negative cache TTL to expire. The theory being that if host is greylisted and is not already listed on a DNSBL, then prior to accepting mail from them, they could be subsequently black listed. This theory maybe the subject of a future article. 25 hours before greylist deferral records are removed. This was chosen in case someone had set their queue retry timer to 24 hours, unlikely, but you never know. I just wanted to pick an arbitrarily big number. I can revisit this choice based on the results in my conclusions.
4 Based on the 25 hours before any greylist records are removed, I decided that the test would run for a total of 50 hours. The first 25 hours would allow any messages through as normal subject to the rules of greylisting, after which I would only allow through messages for hosts that had outstanding greylist records to give them the chance to pass the test, no other messages would be allowed or tracked after this time to allow the test to finish gracefully. I should also mention the mail stream that I am running this test on: it s an old 3-letter domain that was first registered in 1989, but has been out of use for the past 10 years or so and has no real users present on it. I spent a lot of time generating addresses that were harvested and sold on a few years ago, so it gets a quite a lot of Botnet spew, mainsleaze and the occasional bit of misdirected mail. Results Messages % Rejected 71, Lost Accepted 1, TOTAL 72,713 Lost is the count of the number of messages that were not retried after the hostid that sent them had passed the greylisting test. These results were quite a surprise to me. Prior to starting this test I expected the numbers to be considerably lower. With this in mind I decided to analyse the results further to verify the outcome. I started by analysing the number of retries seen for each message for all messages that had been seen during the test. The graph speaks for itself:
5 It shows that nearly all messages that failed greylisting made only a single delivery attempt. For comparison - here is the same graph, but showing only messages that passed greylisting:
6 And here is a graph that shows the maximum delay caused by greylisting: This shows the vast majority of messages were initially delayed for less than an hour. Extremes The graphs above show some big numbers at the extremes. I decided to investigate these failed retry attempts. All of the retries counts over 17 were caused by a single group of hosts with a hostid of newsletter.m6.fr. It would appear to be a pool of hosts with a sharedspool and a retry interval of 10 seconds retry attempts for a message that passed greylisting. This was a pool of hosts with a hostid of.xraybot.com running a shared-pool that appear to be running the Lyris ListManager 10 software (verified by visiting and the SMTP banners). In this case there are 16 hosts in the pool and each host retried 1 second after the previous host, then once all of the hosts in the pool had attempted to send the message - the first host in the pool retried an hour later therefore passing the greylisting. 1. A message that was delayed for almost 24 hours. This was from a single host with a hostid of.built2go.com and an envelope from root@unknown.scnet.net, but the From header shows updates@boxedartupdates.com. It scored 1 in the SpamAssassin mass-checks and appears to be a non-spam newsletter. According to the headers, the message was delivered by Sendmail, so it was simply configured with a very long retry. 2. Not shown on the graph, but in the greylist database I found a single case where the retried message was over 25 hours old and the greylist record had been deleted. The message was
7 a lottery scam message relayed through hostdormant.esatclear.ie via authenticated SMTP from a host in the Czech Republic and was retried after 28.9 hours. According to the received header the host was running Exim The message would have passed greylisting had the record expiry time have been higher. I the only explanation I have for the very long retry timer is that the host is under heavy load and is not running its queues due to that load. SpamAssassin Mass Checks I ran a SpamAssassin mass-check for each message class that I had collected from the test. This produced some interesting results, but it should be noted that the mass-checks were run after the test was complete. That means that some of the messages checked could have been over 50 hours old and would most likely have scored lower at the time the message was received. I started with all the messages that had failed to greylist properly: This shows 0.6% of the messages were underneath the SpamAssassin threshold of 5. I manually inspected these messages and found only two that I would consider a false-positive, the rest were all false-negatives. Both of the false-positives were a newsletter from the New York Post (Subject: Daily Newsletter). Upon inspection both of these messages were only attempted to be delivered once. The Received header shows that Postfix was the MTA used to deliver the message, so it must have been configured to do this is not the default behaviour. The messages were sent from IP , which is listed on the DNSWL. The mass-check results also show a high overlap with DNSBL / URIBL services:
8 Rule % RCVD_IN_BRBL_LASTEXT RCVD_IN_XBL URIBL_DBL_SPAM URIBL_JP_SURBL URIBL_WS_SURBL URIBL_AB_SURBL RCVD_IN_PSBL RCVD_IN_RP_RNBL URIBL_SBL RCVD_IN_PBL URIBL_SC_SURBL RCVD_IN_BL_SPAMCOP_NET RCVD_IN_SORBS_DUL URIBL_PH_SURBL Here is the score distribution of messages that were not retried after the host sending the messages had passed the greylisting test with another message. As there were only 34 of these I manually looked at all of them and found them all to be spam. I would speculate that some of these messages were not retried as the hosts were found to be compromised and the messages were subsequently deleted from the queues. On previous trial runs of this test I found evidence that Google did this when it shut down compromised accounts. Again I found a significant overlap with DNSBL / URIBL services in the mass-check results: Rule %
9 RCVD_IN_BRBL_LASTEXT URIBL_DBL_SPAM URIBL_RHS_DOB RCVD_IN_RP_RNBL URIBL_JP_SURBL URIBL_AB_SURBL RCVD_IN_PSBL URIBL_OB_SURBL RCVD_IN_XBL URIBL_WS_SURBL RCVD_IN_BL_SPAMCOP_NET URIBL_SBL And finally here is the score distribution of the messages that passed greylisting: As the mail stream I m testing this on predominantly receives spam, it was not much of a surprise that a high proportion of these messages were considered to be spam. Here is the overlap with the DNSBL / URIBL services from the mass-check results: Rule % RCVD_IN_BRBL_LASTEXT URIBL_DBL_SPAM URIBL_RHS_DOB RCVD_IN_PSBL URIBL_WS_SURBL URIBL_JP_SURBL RCVD_IN_RP_RNBL URIBL_OB_SURBL URIBL_AB_SURBL 7.115
10 URIBL_SBL RCVD_IN_BL_SPAMCOP_NET RCVD_IN_XBL RCVD_IN_SBL Overheads The database that I used for this test recorded a single greylisting record for each greylist tuple which corresponds to a unique message, and a separate table tracked the retries for that tuple. This allowed me to track the bandwidth overhead associated with greylisting at the end-of-data in this way. If all messages greylisted during this test were allowed through without being greylisted, the total size of the message data accepted would have been 151 MB excluding any protocol overheads. With greylisting this rose to 210 MB which is a 39% increase. However greylisting prevented 130 MB of traffic from being content scanned, an intensive activity, which is an 89% decrease in volume. Queue strategies In the Testing section above, I mentioned the requirement that a hostid should not be able to pass greylisting until it had retried the first or last message (e.g. LIFO or FIFO) that it had sent to prevent spammers from passing the greylisting via a brute force retry method. This would also allow an optimisation to reduce the amount of bandwidth used by moving the greylisting deferral back to the RCPT TO: or DATA stage if the sender and recipients do not match either the first or last greylist tuple for that hostid. However, while doing initial testing and removing any bugs from my greylist plug-in, I observed that several messages from fre hosts were lost and never retried after the hostid had passed the test. Upon investigation, these messages were all spam and I concluded that they were never retired because the abuse was detected and the accounts that sent them were either disabled or deleted and any messages in the queues for these accounts were de-queued. If one of these messages deleted from the queue had been either the first or the last message seen by the greylisting plug-in, then all mail from that hostid would have been delayed considerably as the hostid would not be able to pass the test for over 25 hours (in the case of a FIFO queue strategy). I also realised that I commonly ran Sendmail queues on overloaded systems with sendmail -qp -OMinQueueAge=15m -OQueueSortOrder=random which would also fall foul of this requirement. The data collected for this paper showed that only 6 messages were rejected because of this requirement that would otherwise have been accepted. All of the messages were considered to be spam by me and by SpamAssassin. Based upon these observations I would not recommend making the queue strategy a requirement to pass greylisting at this time. Conclusion The numbers I think speak for themselves, even after eight years greylisting is still effective. With modifications to the greylist tuple used, such as the hostid, exempting hosts that finally pass greylisting, and skipping greylisting for hosts on DNS whitelists it can be effective without adversely delaying genuine mail.
11 It can also significantly reduce the amount of external network look-ups required and reduce the CPU cost of content filtering until a host has passed greylisting allowing greater scalability at the expense of extra bandwidth. Critics of greylisting as an anti-spam technique would say that it can cause valid mail to be lost, I would counter this argument and say that any server or web application that cannot correctly handle temporary failures as required by the RFC is going to be terminally unreliable anyway. While it might not be for everyone and it will still require some hosts to be manually exempted. Based on these results greylisting will definitely be in the next version of BarricadeMX and our customers can choose for themselves if they want to enable it or not. Thanks The original idea for greylisting using part of the PTR record was made by Anthony Howe. My thanks to Stephen Swaney, Randolph Langley and Anthony Howe for editing and contributing changes to this paper. Since publishing this paper I've since found out that David F. Skoll should be credited for the original idea as posted to comp.os.sendmail in Jan 2003 prior to Evan Harris' paper, so credit where it is due - even for competitors ;-) Copyright 2011 by Fort Systems Ltd. All rights reserved. May not be reprinted without permission.
Collateral Damage. Consequences of Spam and Virus Filtering for the E-Mail System. Peter Eisentraut 22C3. credativ GmbH.
Consequences of Spam and Virus Filtering for the E-Mail System 22C3 Introduction 12 years of spam... 24 years of SMTP... Things have changed: SMTP is no longer enough. Spam filters, virus filters are part
More informationEnhanced Spam Defence
Enhanced Spam Defence An approach to making SMTP connect time blocking a reliable method for e-mail filtering By John Jensen, Topsec Technology Ltd. As the spam problem keeps growing and the associated
More informationAntispam Security Best Practices
Antispam Security Best Practices First, the bad news. In the war between spammers and legitimate mail users, spammers are winning, and will continue to do so for the foreseeable future. The cost for spammers
More informationeprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide
eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection
More informationMDaemon configuration recommendations for dealing with spam related issues
Web: Introduction MDaemon configuration recommendations for dealing with spam related issues Without a doubt, our most common support queries these days fall into one of the following groups:- 1. Why did
More informationSpamPanel Email Level Manual Version 1 Last update: March 21, 2014 SpamPanel
SpamPanel Email Level Manual Version 1 Last update: March 21, 2014 SpamPanel Table of Contents Incoming... 1 Incoming Spam Quarantine... 2 Incoming Log Search... 4 Delivery Queue... 7 Report Non-Spam...
More informationETH Zürich - Mail Filtering Service
Eidgenössische Technische Hochschule Zürich Swiss Federal Institute of Technology Zurich Informatikdienste / IT-Services ETH Zürich - Mail Filtering Service (TERENA 2009) 09 Dec 2009 - D. McLaughlin (davidmcl@ethz.ch)
More informationSolutions IT Ltd Virus and Antispam filtering solutions 01324 877183 Info@solutions-it.co.uk
Contents Reduce Spam & Viruses... 2 Start a free 14 day free trial to separate the wheat from the chaff... 2 Emails with Viruses... 2 Spam Bourne Emails... 3 Legitimate Emails... 3 Filtering Options...
More informationHow To Block Ndr Spam
How to block NDR spam Spam generates an enormous amount of traffic that is both time-consuming to handle and resource intensive. Apart from that, a large number of organizations have been victims of NDR
More informationDo you need to... Do you need to...
TM Guards your Email. Kills Spam and Viruses. Do you need to... Do you need to... Scan your e-mail traffic for Viruses? Scan your e-mail traffic for Viruses? Reduce time wasted dealing with Spam? Reduce
More informationEmail. Daniel Zappala. CS 460 Computer Networking Brigham Young University
Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold
More informationFortiMail Email Filtering Course 221-v2.0. Course Overview. Course Objectives
FortiMail Email Filtering Course 221-v2.0 Course Overview FortiMail Email Filtering is a 2-day instructor-led course with comprehensive hands-on labs to provide you with the skills needed to configure,
More informationEmail Migration Project Plan for Cisco Cloud Email Security
Sales Tool Email Migration Project Plan for Cisco Cloud Email Security 2014 Cisco and/or its affiliates. All rights reserv ed. This document is Cisco Conf idential. For Channel Partner use only. Not f
More informationObjective This howto demonstrates and explains the different mechanisms for fending off unwanted spam e-mail.
Collax Spam Filter Howto This howto describes the configuration of the spam filter on a Collax server. Requirements Collax Business Server Collax Groupware Suite Collax Security Gateway Collax Platform
More informationAdvanced Settings. Help Documentation
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Advanced Settings Abuse Detection SmarterMail has several methods
More informationMail Avenger. David Mazières New York University
Mail Avenger David Mazières New York University Early design goals for email Work over weakly connected networks - E.g., early Internet, UUCP, etc. - Move mail closer to recipient whenever you can... -
More information2014-10-07. Email security
Email security Simple Mail Transfer Protocol First defined in RFC821 (1982), later updated in RFC 2821 (2001) and most recently in RFC5321 (Oct 2008) Communication involves two hosts SMTP Client SMTP Server
More informationBarricadeMX. QUICK GUIDE FOR COMMON TASKS Step by step instructions for Getting started with BarricadeMX, version 2.x Fort Systems Ltd 2009
2009 BarricadeMX QUICK GUIDE FOR COMMON TASKS Step by step instructions for Getting started with BarricadeMX, version 2.x Fort Systems Ltd 2009 This Quick Guide for Common Tasks This reference is intended
More informationAnti Spam Best Practices
39 Anti Spam Best Practices Anti Spam Engine: Time-Tested Scanning An IceWarp White Paper October 2008 www.icewarp.com 40 Background The proliferation of spam will increase. That is a fact. Secure Computing
More informationGRAYWALL. Introduction. Installing Graywall. Graylist Mercury/32 daemon Version 1.0.0
GRAYWALL Graylist Mercury/32 daemon Version 1.0.0 Introduction Graywall is a program that adds a graylist (or greylist) feature to the Mercury/32 SMTP server. It uses the Mercury/32 API facility that has
More informationAnalysis of Spam Filter Methods on SMTP Servers Category: Trends in Anti-Spam Development
Analysis of Spam Filter Methods on SMTP Servers Category: Trends in Anti-Spam Development Author André Tschentscher Address Fachhochschule Erfurt - University of Applied Sciences Applied Computer Science
More informationEffective Open-Source Spam Filtering
Effective Open-Source Spam Filtering For Enterprise Chris Lewis Thomas Choi October 2008 Agenda Introduction Background Something New - Rationale The Open-Source Project Basic Requirements Components IntegrationI
More informationMDaemon Vs. Microsoft Exchange Server 2013 Standard
Comparison Guide Vs. The following chart is a side-by-side feature comparison of and. Flex Licensing Maximum Accounts Unlimited Unlimited SMTP, POP3, DomainPOP, and MultiPOP POP3 & SMTP Only SSL / TLS
More informationMail filtering on medium/huge mail servers with j-chkmail
COMPUTATIONAL METHODS IN SCIENCE AND TECHNOLOGY 11(2), 101-108 (2005) Mail filtering on medium/huge mail servers with j-chkmail José-Marcio Martins da Cruz Ecole des Mines de Paris 60, bd St. Michel B
More informationAntiSpam QuickStart Guide
IceWarp Server AntiSpam QuickStart Guide Version 10 Printed on 28 September, 2009 i Contents IceWarp Server AntiSpam Quick Start 3 Introduction... 3 How it works... 3 AntiSpam Templates... 4 General...
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationone million mails a day: open source software to deal with it Charly Kühnast Municipal Datacenter for the Lower Rhine Area Moers, Germany
one million mails a day: open source software to deal with it Charly Kühnast Municipal Datacenter for the Lower Rhine Area Moers, Germany Internet many years ago... mail server mail client Seite: 2 today,
More informationSpam Filtering at CERN Emmanuel Ormancey - 23 October 2002
Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1 Topics Statistics Current Spam filtering at CERN Products overview Selected solution How it works Exchange
More informationRelease Notes. for Kerio Connect 8.0.0
Release Notes for Kerio Connect 8.0.0 Date: December 4, 2012 2012 Kerio Technologies. All rights reserved. 1 Important changes in this version New Kerio Connect client The Kerio Connect webmail interface
More informationThe State of the Email Address. Mike Afergan Rob Beverly January 27, 2005
The State of the Email Address Mike Afergan Rob Beverly January 27, 2005 Emailtester - Outline Motivation/Goals/Background Methodology Results Questions Motivation/Goals/Background Motivation Electronic
More informationTechnical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1
Technical Note FORTIMAIL Configuration For Enterprise Deployment Rev 2.1 April 7, 2009 Table of Contents 1 Introduction... 3 1.1 Objective... 3 1.2 Network deployment... 3 1.3 Convention... 3 2 System
More informationSMTP Servers. Determine if an email message should be sent to another machine and automatically send it to that machine using SMTP.
SMTP Servers SMTP: Simple Mail Transfer Protocol (TCP Port 25) The Simple Mail Transfer Protocol (SMTP) is an Internet standard for transferring electronic mail between computers. UNIX systems implement
More informationREPUTATION-BASED MAIL FLOW CONTROL
WHITE PAPER REPUTATION-BASED MAIL FLOW CONTROL Blocking Extreme Spam and Reducing False Positives Blocking unsolicited commercial email or spam is an increasingly important but difficult task for IT staff.
More informationXGENPLUS SECURITY FEATURES...
Security Features Table of Contents TABLE OF CONTENTS... 2 1. INTRODUCTION... 3 2. XGENPLUS SECURITY FEATURES... 3 3. SERVER LEVEL FEATURES... 5 4. DOMAIN LEVEL FEATURES... 8 5. USER LEVEL FEATURES...
More informationAnti-spam filtering techniques
Anti-spam filtering techniques Stéphane Bortzmeyer AFNIC (.fr registry) bortzmeyer@nic.fr ITU, 19 january 2006 1 Anti-spam filtering techniques Background on this work This work started in the french Working
More informationHow To Create A Spam Authentication Protocol Called Occam
Slicing Spam with Occam s Razor Chris Fleizach cfleizac@cs.ucsd.edu Geoffrey M. Voelker voelker@cs.ucsd.edu Stefan Savage savage@cs.ucsd.edu ABSTRACT To evade blacklisting, the vast majority of spam email
More informationAvira Managed Email Security (AMES) User Guide
Avira Managed Email Security (AMES) User Guide 1 Product information... 3 1.1 Functionality... 3 1.2 Licensing AMES... 3 2 Getting started with AMES... 4 2.1 Adding a new domain to AMES... 4 2.2 Logging
More informationescan Anti-Spam White Paper
escan Anti-Spam White Paper Document Version (esnas 14.0.0.1) Creation Date: 19 th Feb, 2013 Preface The purpose of this document is to discuss issues and problems associated with spam email, describe
More informationTechnical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2
Technical Note ISP Protection against BlackListing FORTIMAIL Deployment for Outbound Spam Filtering Rev 2.2 April 14, 2009 Table of Contents 1 Objective IP address protection... 3 1.1 Context... 3 1.2
More informationIntercept Anti-Spam Quick Start Guide
Intercept Anti-Spam Quick Start Guide Software Version: 6.5.2 Date: 5/24/07 PREFACE...3 PRODUCT DOCUMENTATION...3 CONVENTIONS...3 CONTACTING TECHNICAL SUPPORT...4 COPYRIGHT INFORMATION...4 OVERVIEW...5
More informationThe Network Box Anti-Spam Solution
NETWORK BOX TECHNICAL WHITE PAPER The Network Box Anti-Spam Solution Background More than 2,000 years ago, Sun Tzu wrote if you know yourself but not the enemy, for every victory gained you will also suffer
More informationSPAM FILTER Service Data Sheet
Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic
More informationSpamPanel Reseller Level Manual 1 Last update: September 26, 2014 SpamPanel
SpamPanel Reseller Level Manual 1 Last update: September 26, 2014 SpamPanel Table of Contents Domains... 1 Add Domain... 2 MX verification Tool... 4 Overview... 5 Incoming... 6 Incoming Bandwidth Overview...
More informationAvira Managed Email Security AMES FAQ. www.avira.com
Avira Managed Email Security AMES FAQ www.avira.com Can AMES be used immediately after an account for our organization has been set up in the MyAccount user portal? Using your account requires a change
More informationSoftware Engineering 4C03 SPAM
Software Engineering 4C03 SPAM Introduction As the commercialization of the Internet continues, unsolicited bulk email has reached epidemic proportions as more and more marketers turn to bulk email as
More informationFortiMail Email Filtering Course 221-v2.2 Course Overview
FortiMail Email Filtering Course 221-v2.2 Course Overview FortiMail Email Filtering is a 2-day instructor-led course with comprehensive hands-on labs to provide you with the skills needed to design, configure,
More informationESET Mail Security 4. User Guide. for Microsoft Exchange Server. Microsoft Windows 2000 / 2003 / 2008
ESET Mail Security 4 for Microsoft Exchange Server User Guide Microsoft Windows 2000 / 2003 / 2008 Content 1. Introduction...4 1.1 System requirements... 4 1.2 Methods Used... 4 1.2.1 Mailbox scanning
More informationLibra Esva. Whitepaper. Glossary. How Email Really Works. Email Security Virtual Appliance. May, 2010. It's So Simple...or Is It?
Libra Esva Email Security Virtual Appliance Whitepaper May, 2010 How Email Really Works Glossary 1 2 SMTP is a protocol for sending email messages between servers. DNS (Domain Name System) is an internet
More informationWhat is a Mail Gateway?... 1 Mail Gateway Setup... 2. Peering... 3 Domain Forwarding... 4 External Address Verification... 4
Contents CHAPTER 1 IMail Secure Server as a Mail Gateway What is a Mail Gateway?... 1 Mail Gateway Setup... 2 CHAPTER 2 Possible Mail Gateway Configurations Peering... 3 Domain Forwarding... 4 External
More informationCOMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007
COMBATING SPAM Best Practices March 2007 OVERVIEW Spam, Spam, More Spam and Now Spyware, Fraud and Forgery Spam used to be just annoying, but today its impact on an organization can be costly in many different
More informationHow To Filter Email From A Spam Filter
Spam Filtering A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER 2 Introduction Spam filtering is a catch- all term that describes the steps that happen to an email between a sender and a receiver
More informationEmail Reputation Metrics Troubleshooter. Share it!
Email Reputation Metrics Troubleshooter page: 1 Email Reputation Metrics Troubleshooter Written By Dale Langley Dale has been working with clients to improve their email deliverability and response rates,
More informationConfiguring Security for SMTP Traffic
4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic
More informationSecurity. Help Documentation
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Security Antivirus Administration SmarterMail is equipped with
More informationConfiguring MDaemon for Centralized Spam Blocking and Filtering
Configuring MDaemon for Centralized Spam Blocking and Filtering Alt-N Technologies, Ltd 2201 East Lamar Blvd, Suite 270 Arlington, TX 76006 (817) 525-2005 http://www.altn.com July 26, 2004 Contents A Centralized
More informationQuick Start Policy Patrol Mail Security 10
Quick Start Policy Patrol Mail Security 10 This guide will help you start using Policy Patrol Mail Security as quickly as possible. For more detailed instructions, consult the Policy Patrol manual. Step
More informationExim4U. Email Server Solution For Unix And Linux Systems
Email Server Solution For Unix And Linux Systems General Overview, Feature Comparison and Screen Shots Exim4U Email Server Solution For Unix And Linux Systems Version 2.x.x October 12, 2012 Copyright 2009
More informationSecurepoint Security Systems
HowTo: Configuration of the spam filter Securepoint Security Systems Version 2007nx Release 3 Contents 1 Configuration of the spam filter with the Securepoint Security Manager... 3 2 Spam filter configuration
More informationCipherMail Gateway Quick Setup Guide
CIPHERMAIL EMAIL ENCRYPTION CipherMail Gateway Quick Setup Guide October 10, 2015, Rev: 9537 Copyright 2015, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Typical setups 4 2.1 Direct delivery............................
More informationComprehensive Email Filtering. Whitepaper
Comprehensive Email Filtering Whitepaper Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks and the alarming influx of spam, email loses
More informationGovernment of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam
Government of Canada Managed Security Service (GCMSS) Date: June 8, 2012 TABLE OF CONTENTS 1 ANTISPAM... 1 1.1 QUALITY OF SERVICE...1 1.2 DETECTION AND RESPONSE...1 1.3 MESSAGE HANDLING...2 1.4 CONFIGURATION...2
More informationDomains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Domains All Domains System administrators can use this section
More informationOIS. Update on the anti spam system at CERN. Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010
OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010 OIS Current mail infrastructure Mail service in numbers: ~18 000 mailboxes ~ 18 000 mailing lists (e-groups)
More informationHow To Configure Forefront Threat Management Gateway (Forefront) For An Email Server
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Configuring and using the E-Mail protection feature in Microsoft Forefront Threat Management
More informationSpam blocking methods and experiences
Spam blocking methods and experiences Linuxdays Luxembourg 2003 christian mock http://www.tahina.priv.at/~cm/talks/spamblocking.{sxi,pdf} version 1.3 contents how spam is sent
More informationIntroduction... 2. Configuration & Spam Detection... 2. WinWare Webmail... 3. Email Accounts... 3. Email Account Notes... 4. Definitions...
Page 1 Table of Contents Introduction... 2 Configuration & Spam Detection... 2 WinWare Webmail... 3 Email Accounts... 3 Email Account Notes... 4 Definitions... 5 Sender Policy Framework (SPF)... 5 Email
More informationMailFoundry User Manual. Page 1 of 86. Revision: MF20120621 Copyright 2007, Solinus Inc. All Rights Reserved. Page 1 of 86
MailFoundry User Manual Page 1 of 86 MailFoundry User Manual Revision: MF20120621 Copyright 2007, Solinus Inc. All Rights Reserved Page 1 of 86 Table of Contents MailFoundry User Manual Page 2 of 86 Chapter
More informationPanda Cloud Email Protection
Panda Cloud Email Protection 1. Introduction a) What is spam? Spam is the term used to describe unsolicited messages or messages sent from unknown senders. They are usually sent in large (even massive)
More informationD3 TECHNOLOGIES SPAM FILTER
D3 TECHNOLOGIES SPAM FILTER The D3 Technologies spam filtering provides virus, attachment, and spam filtering services for email. We check all emails for viruses and malicious content, since we feel these
More informationAn Overview of Spam Blocking Techniques
An Overview of Spam Blocking Techniques Recent analyst estimates indicate that over 60 percent of the world s email is unsolicited email, or spam. Spam is no longer just a simple annoyance. Spam has now
More informationArticles Fighting SPAM in Lotus Domino
Page 1 of 5 Articles Fighting SPAM in Lotus Domino For many e-mail administrators these days, the number one complaint from the users and managers is unsolicited emails flooding the system, commonly called
More informationWhy Spamhaus is Your Best Approach to Fighting Spam
Page 1 of 10 Executive Summary The spam problem is evolving and while overall spam volumes are down, the problems are getting worse. No longer just a nuisance wasting resources and time, spam is now a
More informationBlocking Spam Sessions with Greylisting and Block Listing based on Client Behavior
Blocking Spam Sessions with Greylisting and Block Listing based on Client Behavior Pin-Ren Chiou, Po-Ching Lin, Chun-Ta Li Department of Computer Science and Information Engineering National Chung Cheng
More informationEnglish Translation of SecurityGateway for Exchange/SMTP Servers
Testing: Alt N Technologies SecurityGateway by Sandra Lucifora Administrators spend a considerable amount of their time on the job on eliminating unwanted messages. Viruses, Phishing, and Spoofing pose
More informationHow to Stop Spam Emails and Bounces
Managing Your Email Reputation For most companies and organizations, email is the most important means of business communication. The value of email today, however, has been compromised by the rampant
More informationHosted CanIt. Roaring Penguin Software Inc. 26 April 2011
Hosted CanIt Roaring Penguin Software Inc. 26 April 2011 1 1 Introduction Thank you for selecting Hosted CanIt. This document explains how Hosted CanIt works and how you should configure your network to
More informationIntroduction of the S25R anti-spam system
Introduction of the S25R anti-spam system ASAMI Hideo deo@gabacho-net.jp http://www.gabacho-net.jp/en/anti-spam/ Aug 29, 2009 1 What is S25R? The Selective SMTP Rejection Anti-spam System (port 25) Gist
More informationORF ENTERPRISE EDITION 1. Getting the Most Out of ORF
ORF ENTERPRISE EDITION 1 Getting the Most Out of ORF Revision: 1.8 (for ORF version 4.3) Date: June 12, 2009 1 ORF ENTERPRISE EDITION 2 Preface WHAT IS THIS GUIDE ABOUT? This documentation provides ORF
More informationImplementing MDaemon as an Email Security Gateway to Exchange Server
Implementing MDaemon as an Email Security Gateway to Exchange Server Introduction MDaemon is widely deployed as a very effective antispam/antivirus gateway to Exchange. For optimum performance, we recommend
More informationQuick Start Policy Patrol Spam Filter 9
Quick Start Policy Patrol Spam Filter 9 This guide will help you start using Policy Patrol Spam Filter as quickly as possible. For more detailed instructions, consult the Policy Patrol manual. Step 1.
More informationSpam, Spam and More Spam. Spammers: Cost to send
Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst *with some slides/graphics adapted from J.F Kurose and K.W. Ross Spammers: Cost to send Assuming a $10/mo dialup account: 13.4 million messages
More informationDeployment Guides. Help Documentation
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Deployment Guides SmarterMail in Individual and Micro-business
More informationHow to Build an Effective Mail Server Defense
How to Build an Effective Mail Server Defense A multi-stage approach to securing your email communication August, 21 2006 Author: Alin Dobre, Head of Customer Support, AXIGEN GECAD Technologies 10A Dimitrie
More informationUsing Email Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education
White Paper Using Email Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education Online criminals are constantly looking for new ways to reach their targets
More informationQuick Start Policy Patrol Mail Security 9
Quick Start Policy Patrol Mail Security 9 This guide will help you start using Policy Patrol Mail Security as quickly as possible. For more detailed instructions, consult the Policy Patrol manual. Step
More informationWhy Content Filters Can t Eradicate spam
WHITEPAPER Why Content Filters Can t Eradicate spam About Mimecast Mimecast () delivers cloud-based email management for Microsoft Exchange, including archiving, continuity and security. By unifying disparate
More informationGuardian Digital Secure Mail Suite Quick Start Guide
Guardian Digital Secure Mail Suite Quick Start Guide Copyright c 2004 Guardian Digital, Inc. Contents 1 Introduction 1 2 Contacting Guardian Digital 2 3 Purpose of This Document 3 3.1 Terminology...............................
More informationASAV Configuration Advanced Spam Filtering
ASAV Configuration Advanced Spam Filtering Step 1: Login to http://asav.mediaring.sg/ using the login credentials supplied in the Spam, Virus (ASAV) activation email. Step 2: Configuring Protection Level
More informationE-Mail Anti-Spam Settings: Using Only SmarterMail Anti-Spam Tools
E-Mail Anti-Spam Settings: Using Only SmarterMail Anti-Spam Tools Rev 6.250415: 12-Jun-2015 NOTE: THE SETTINGS REFERENCED WITHIN THIS DOCUMENT ARE BASED ON SMARTERMAIL ENTERPRISE 14.0.5588.31925 BETA,
More informationMail Service Reference
IceWarp Unified Communications Mail Service Reference Version 10.4 Printed on 3 January, 2013 Contents Mail Service 1 General... 2 Delivery... 2 Routing... 5 Advanced... 7 Security... 14 General... 14
More informationSMTP Status Codes & SMTP Error Codes Reference
& SMTP Error Codes Reference There comes a time in the life of a Computer Consultant where, one day, he/she will have to deal with email server problems. It is inevitable. Sometimes these problems will
More informationEmail Marketing 201. How a SPAM Filter Works. Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) 834-7577 x125
Email Marketing 201 How a SPAM Filter Works Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) 834-7577 x125 Mark Feldman NetProspexVP Marketing mfeldman@netprospex.com (781) 290-5714 www.twitter.com/pinpointe
More informationFiltering Mail with Milter. David F. Skoll Roaring Penguin Software Inc.
Filtering Mail with Milter David F. Skoll Roaring Penguin Software Inc. Why filter mail? Overview Different filtering approaches Delivery agent (e.g. Procmail) Central filtering (Milter) Milter Architecture
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationConfiguration Information
This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,
More informationAvira Managed Email Security (AMES) User Guide
Avira Managed Email Security (AMES) User Guide Table of Contents Table of Contents 1. Product information... 4 1.1 Functionality................................................................4 1.2 Licensing
More informationMailEnable Scalability White Paper Version 1.2
MailEnable Scalability White Paper Version 1.2 Table of Contents 1 Overview...2 2 Core architecture...3 2.1 Configuration repository...3 2.2 Storage repository...3 2.3 Connectors...3 2.3.1 SMTP Connector...3
More informationManual Prepared by GalaxyVisions Customer Care Team
Toll Free: 1.866-GVHOST1 (484-6781) 882 3rd Ave, 8th Floor, Brooklyn, Ny 11232 Manual Prepared by GalaxyVisions Customer Care Team Topics Covered The problem How to prevent spammers from using my server
More informationPOP3 Connector for Exchange - Configuration
Eclarsys PopGrabber POP3 Connector for Exchange - Configuration PopGrabber is an excellent replacement for the POP3 connector included in Windows SBS 2000 and 2003. It also works, of course, with Exchange
More informationQuick Start Policy Patrol Spam Filter 5
Quick Start Policy Patrol Spam Filter 5 This guide will help you start using Policy Patrol Spam Filter as quickly as possible. For more detailed instructions, consult the Policy Patrol manual. Step 1.
More information