PineApp Anti IP Blacklisting



Similar documents
Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Anti Spam Best Practices

Why Spamhaus is Your Best Approach to Fighting Spam

How To Ensure Your Is Delivered

Ipswitch IMail Server with Integrated Technology

Comprehensive Filtering. Whitepaper

Panda Cloud Protection

WHITEPAPER. SendGrid Deliverability Guide V2. Everything You Need to Know About Delivering through Your Web Application

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Recurrent Patterns Detection Technology. White Paper

SPAM FILTER Service Data Sheet

Anti Spam Best Practices

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

The Growing Problem of Outbound Spam

How To Use A College Computer System Safely

Serial Deployment Quick Start Guide

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

PART D NETWORK SERVICES

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

Barracuda Spam Firewall User s Guide

MDaemon configuration recommendations for dealing with spam related issues

Mailwall Remote Features Tour Datasheet

Eiteasy s Enterprise Filter

Barracuda Spam Firewall

Migration Project Plan for Cisco Cloud Security

How To Allow and Block s using White or Black List

Evaluation Guide. eprism Messaging Security Suite V8.200

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

The Leading Security Suites

Services Deployment. Administrator Guide

Trend Micro Hosted Security Stop Spam. Save Time.

Articles Fighting SPAM in Lotus Domino

Using Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education

A D M I N I S T R A T O R V 1. 0

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2

Anti-SPAM Solutions as a Component of Digital Communications Management

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Solutions IT Ltd Virus and Antispam filtering solutions

ThreatSTOP Technology Overview

eprism Security Appliance 6.0 Release Notes What's New in 6.0

Comprehensive Anti-Spam Service

Administration Guide Revision A. SaaS Protection

Mail-SeCure for virtualized environment

Barracuda Spam Firewall Administrator s Guide

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products.

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

FortiMail Filtering Course 221-v2.2 Course Overview

Reputation Metrics Troubleshooter. Share it!

Deployment Guides. Help Documentation

An Delivery Report for 2012: Yahoo, Gmail, Hotmail & AOL

Stop Spam Now! By John Buckman. John Buckman is President of Lyris Technologies, Inc. and programming architect behind Lyris list server.

Zscaler Internet Security Frequently Asked Questions

PineApp Daily Traffic Report

Solution Brief FortiMail for Service Providers. Nathalie Rivat

Top 10 Features: Clearswift SECURE Gateway

Aloaha Mail and Archive

PineApp TM Mail Encryption Solution TM

Spam DNA Filtering System

Trustwave SEG Cloud Customer Guide

ExchangeDefender. Understanding the tool that can save and secure your business

The spam economy: the convergent spam and virus threats

Intercept Anti-Spam Quick Start Guide

Collateral Damage. Consequences of Spam and Virus Filtering for the System. Peter Eisentraut 22C3. credativ GmbH.

EXCHANGE ONLINE PROTECTION SPAM OVERVIEW. Tech Tips, Tricks and Tools by MessageOps

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

Do you need to... Do you need to...

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Acceptable Use Policy

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

Configuring MDaemon for Centralized Spam Blocking and Filtering

INinbox Start-up Pack

Comprehensive Filtering: Barracuda Spam Firewall Safeguards Legitimate

the barricademx end user interface documentation for barricademx users

Networking for Caribbean Development

How To Stop Spam From Being A Problem

. Service Option Description. Deltacom Product Management - updated 9/17/2007 1

AASTMT Acceptable Use Policy

Acceptable Use Policy

Configuration Information

Reliable & Secure . Professional, Dependable, Complete Easy to Learn, Use and Grow

Setting up Microsoft Office 365

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

MailFoundry Users Manual. MailFoundry User Manual Revision: MF Copyright 2005, Solinus Inc. All Rights Reserved

Transcription:

PineApp Anti IP Blacklisting Whitepaper 2011

Overview ISPs outbound SMTP Services Individual SMTP relay, not server based (no specific protection solutions are stated between the sender and the ISP backbone) Unlike most business organizations networks, taking protective measures for both inbound and outbound mail traffic, ISP s tend to have no or very little enforcement measures over their end users SMTP outbound traffic. Whether it s from financial or any other considerations, ISP s outgoing mail traffic leaves the ISP s backbone unregulated and with zero inspections. In some occasions, ISP s outgoing SMTP traffic s regulation and enforcement is trusted by the hands of the abuse department. The abuse department deals with user complaints (both from inside and outside of the organization), warns potential spammers to cease their criminal activity, in addition to blocking subscribers who ignored their first warning. In an age of automated, Zombie driven, massive Spam delivery, manual and individual treatments are obsolete and inefficient. DHCP Based IP allocation Most ISP s are allocating IP addresses automatically for their endusers, using dynamic DHCP configuration. That means, that each time an end users connects to the internet, he is being allocated with a new randomly assigned IP address. Upon disconnecting, the IP address comes back to the ISP s DHCP pool, set to be available for usage by another, different end user. Considering the way that RBL s are working, this fact turns out to be extremely crucial for one ISP s blacklisting problem. Decentralization unlike business organizations email service, ISP end users are not limited by domain or referring to one central outgoing email server. ISP s outgoing emails come from multiple domains, not all of which are controlled or directly supervised by the ISP. ISP s mailboxes are not commonly and frequently used as they used to be, whereas most endusers are using Gmail, Yahoo and other webmail services. The fact that sender s destinations, as well as email addresses are different states yet another enforcement challenge for SMTP outbound traffic. In order to perform overall outbound SMTP inspections and enforcement of any sort, it is crucial to find a certain common denominator between all connections. Challenge: Zombies and blacklists. Zombies 25% of all worlds computers are a part of a botnets. Spammers and malicious content distributors see a very little use of spending money over dedicated, easily tracked Spamming servers. Therefore, they have developed new methods of recruiting unknowing endusers computers, in order to assemble their own private Spam distribution army. Customers computers are being used to massively distribute Spam. The internet is filled with mischievous, malware infested websites, masquerading within innocent looking files.

once an Trojan horse contained executable file is being run on the customer s computer, a hidden exploit is being opened, set to massively distribute Spam (or other types of malware) while exhausting the system resources of the unknowing end user s computer, as well as burning end user s current IP address clean reputation. Spamcop/Spamhaus blacklists almost all ISP s worldwide are subscribed to at least one RBL service. RBL s (Real Time Blackhole Lists) are voluntarily Anti Spam bodies, in charge of classifying and blocking IP addresses globally, on account of Spam and other malicious content s email distribution. Whenever messages are leaving the ISP backbone by the numbers, and carrying malicious content from a single source, they are being classified and blacklisted accordingly. RBL s classification methods: a. Honeypots Honeypots are mailboxes, set to capture spam and analyze it accordingly. These mailboxes are not directly affiliated with any real persons or genuine mail recipients, so any email arriving to them is probably Spam, advertising junk email or any other type of illegitimate content. Location of email sender is done by checking the message s headers for the source IP address. The RBL s admins are locating the ISP which relayed the message s delivery, and delivering a warning message for the Spam deliverer s abuse department. second Spam conviction results in an introduction of the criminal IP address to the RBL s blacklist. Thus, the offending IP address will be blocked from delivering emails to all email servers subscribed on the RBL s service. b. Reporting/abuse tools another way of blacklisting IP addresses is by receiving complaints from the service providers abused department, which are subscribed to the RBL s service. The abuse representative delivers a complaint email message, containing both message content and message s headers (containing the source IP address from which the message has originated), and according to customer s complain and number of Spam convictions for this IP address it is being stated within the RBL s blacklist. One can conclude that Spam doesn t have to be necessarily delivered with massive amounts in order for the sending IP address to be blocked. It is merely enough to be convicted in Spam delivery twice and your IP address will be stated in several blacklists. One ought to pay serious consideration to that fact when implementing an Anti blacklisting solution. c. Spam/overall traffic volume classification Another method of Spam calculation is by classifying mail servers according to their risk level. According to this method, every source IP address is a mail server. Each Mail server/ip address is calculated for its overall traffic within a timely interval of 30

days. If Spam volume is found to be significantly high, this IP address will be classified as risky and will be blacklisted. As shown above, the fact that Spammers are using end users innocence and unawareness to tarnish an ISP clean IP address reputation is extremely challenging. User s anonymity and dynamic DHCP IP allocation method returns potentially blacklisted IP addresses back to the ISP s pool upon disconnection. Thus, the situation may occur: 1. Zombie infested computers can receive a new, clean IP address upon disconnecting and reconnecting, and can resume their Spam delivery (canceling the blacklisting effect). 2. Other customers may receive a blacklisted IP address, and being banned from email delivery for Spam crimes they did not commit Objective: When deploying anti blacklisting array on ISP networks, one ought to take high importance for several key aspects: Major objectives 1. Locating and stopping Spammers prior to completing delivery phase a. IP rate limiting system massive delivery from a legitimate, business based mail server is normal. However, massive email delivery from an end user s home workstation points on a problematic behavior, and probably Spam delivery attempt. Therefore, it is important to limit the amounts of connections, messages or SMTP sessions per one IP address down to a probable amount. Connections should be sufficient to assure proper functioning, in addition to preventing IP blacklisting according to Spam traffic volume calculation. b. Content scanning As shown above, Spam blockers and RBL s are not only working according to delivery amounts. Limiting rates may narrow down blacklisting in one ISP, but still with insufficient size. Message content scanning ought to take place, in order to lower blacklisting down to satisfactory levels. The major problem with content analysis for ISP scale traffic is that it requires a hefty load of system and network resources, in order to be performed properly. As mail content scanning is yet crucial, it cannot be given up. Therefore, content inspections ought to take place, but to be as less consuming in both system and network resources as possible.

2. Creating IP transparency national regulatory compliance in several geographic locations worldwide are requiring full transparency for SMTP relay arrays, in order not to harm RBL s proper work. If an SMTP relay solution is untransparently stated between the TSP s backbone and the TSP s gateway, it may serve an opposite cause of the one he s stated for: ALL emails will be listed as originated from one source, and, since it s a nation scale outgoing SMTP traffic, it will blacklisted within seconds (regardless of the blacklisting method taking effect). Solution PineApp anti blacklisting array Based on Mail SeCure s proven defensive capabilities, PineApp Anti blacklisting array is set to provide a powerful, comprehensive answer to outbound SMTP blacklisting issues within an ISP network. IP rate limiting If any attack or email blast occurs from a known, unauthorized IP address, it is automatically blacklisted according to traffic volumes. The system allows you to limit maximum messages and sessions per IP within Day/Hour/Minute (Default unlimited). Internal IP Reputation system This highly efficient engine uses proprietary technology to detect and block Spam originated from Zombies within the ISP s pool at the SMTP session level. Thus, enforcement is done internally, and the risk of blacklisting as a result of mass delivery volumes is reduced significantly. Commtouch RPD technology When checked, the Commtouch Recurrent Pattern Detection (RPD ) technology database lookups are activated (default checked). RPD technology analyzes large volumes of email traffic in real time, and is able to detect new Spam and Malware outbreaks as soon as they emerge, as well as mail sent from Zombies (language independent!), according to a repeating pattern within the actual mail message. Deep inspection Engine When checked, PineApp s Anti Spam built in Heuristic and Bayesian engines are activated. Traditional, context based inspections are providing another layer of content inspections. Working under transparent connectivity scheme PineApp Anti blacklisting array provides full transparency during the entire inspection process. Traffic is redirected in to the array, using routing rules, where it is being fully inspected without leaving any foot stamp or any record within the message s headers and without changing the source IP address by any means. Thus, the entire inspection process remains fully transparent.

Benefits 1. Rapid ROI the reliance on external databases, as well as the minimized yet highly efficient content inspection methods, are leading to a sharp reduction in system resources consumption, and as a result a major financial savings in maintenance and infrastructure related expenses. 2. Statistical analysis PineApp anti blacklisting array is supplied with a robust set of textual and graphical statistic sheets, providing tier based statistical data. The anti blacklisting statistics section provides a better understanding and a measure for the array s level of efficiency, as well as traffic trends identification. 3. Thanks to the array s tough, internal IP enforcement and regulation, ISP s IP addresses are regaining credibility and getting cleaned. 4. Logging and auditing features PineApp Anti blacklisting array supplies peripheral logging system, providing a real time tracking mechanism for all SMTP session s phases (including content inspection), in a highly detailed manner. Legal holds allow reversibility, and the releasing of messages that were accidently blocked, in an adjustable time frame, according to customer s needs. In addition, Syslog exporting is fully supported 5. Regulation compliance PineApp s Anti blacklisting array s transparent work scheme, in addition to the Mail SeCure based logging & statistics modules, are improving the ISP s content compliance and are helping in achieving maximized regulation. 6. Optional IP whitelisting the anti blacklisting array supplies tools for IP based whitelisting, set to skip rate limit based inspections for certain IP addresses (efficient for legitimate mailing lists, for example)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information