Why Spamhaus is Your Best Approach to Fighting Spam



Similar documents
Panda Cloud Protection

WHITE PAPER. How Spamhaus Cost-Effectively Eliminates Spam, Malware and Botnet Threats SPON. Published January 2015 SPONSORED BY

Comprehensive Anti-Spam Service

PineApp Anti IP Blacklisting

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Anti Spam Best Practices

How ISP ihouseweb Inc eradicated spam with SpamTitan

The Growing Problem of Outbound Spam

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

escan Anti-Spam White Paper

Software Engineering 4C03 SPAM

Ipswitch IMail Server with Integrated Technology

Trend Micro Hosted Security Stop Spam. Save Time.

isheriff CLOUD SECURITY

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

Cisco Cloud Security Interoperability with Microsoft Office 365

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Security Guide

Anti Spam Best Practices

Comprehensive Filtering: Barracuda Spam Firewall Safeguards Legitimate

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Powerful and reliable virus and spam protection for your GMS installation

Deliverability Demystified:

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

The Network Box Anti-Spam Solution

Emerging Trends in Fighting Spam

100% Malware-Free A Guaranteed Approach

The Guardian Digital Control and Policy Enforcement Center

Trend Micro Hosted Security Stop Spam. Save Time.

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

Dealing with spam mail

Solutions IT Ltd Virus and Antispam filtering solutions

Anti-Spam Measures Survey Pascal Manzano ENISA

Security - A Holistic Approach to SMBs

Eiteasy s Enterprise Filter

MXSweep Hosted Protection

REPUTATION-BASED MAIL FLOW CONTROL

4 Steps to Effective Mobile Application Security

Stop Spam Now! By John Buckman. John Buckman is President of Lyris Technologies, Inc. and programming architect behind Lyris list server.

How to Stop Spam s and Bounces

Antispam Security Best Practices

LastSpam is unique in the marketplace, due to its service-based approach to real-time protection.

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Streamlining Web and Security

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Trend Micro Hosted Security. Best Practice Guide

The Role of Country-based Filtering In Spam Reduction

White Paper X-Spam for Exchange Server

Deployment Guides. Help Documentation

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

OIS. Update on the anti spam system at CERN. Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010

Mailwall Remote Features Tour Datasheet

Spam DNA Filtering System

Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost

Protect Your Enterprise With the Leader in Secure Boundary Services

Using SaaS to Reduce the Costs of Security

Precis Overview - The Threat

GET THE MESSAGE? Best Practices in Marketing

MDaemon configuration recommendations for dealing with spam related issues

Get Started Guide - PC Tools Internet Security

Cisco IronPort C670 for Large Enterprises and ISPs

Using Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education

Groundbreaking Technology Redefines Spam Prevention. Analysis of a New High-Accuracy Method for Catching Spam

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products.

ThreatSTOP Technology Overview

eprism Security Appliance 6.0 Release Notes What's New in 6.0

Cisco Security Intelligence Operations

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Empirical research on IP blacklisting

Outsourced Security Trends in Messaging April 2005

Statistical Analysis of Internet Security Threats. Daniel G. James

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

Why Content Filters Can t Eradicate spam

WHITE PAPER Uncovering the Hidden Costs of Spam in the Enterprise: Traffic Shaping Joins the Fight Against Spam

Security for Small Businesses: What's the Right Solution For You?

INTRODUCING isheriff CLOUD SECURITY

Stop Spam. Save Time.

Spyware: Securing gateway and endpoint against data theft

Protecting your business from spam

Cisco Security Appliances

Intercept Anti-Spam Quick Start Guide

Deploying Layered Security. What is Layered Security?

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

NETWORK RESOURCE THEFT PREVENTION Destroying the Economics of Spam

GFI Product Comparison. GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.0

Copyright Information. Confidentiality Notice. Anti-Spam Evaluation Guide Confidential November 2009 Page 2 of 16

USER S MANUAL Cloud Firewall Cloud & Web Security

Cisco RSA Announcement Update

Enterprise Buyer Guide

WATCHGUARD IRONPORT KEY SALES PITCH TRUTH BEHIND THE PITCH

Solution Brief: Enterprise Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Transcription:

Page 1 of 10

Executive Summary The spam problem is evolving and while overall spam volumes are down, the problems are getting worse. No longer just a nuisance wasting resources and time, spam is now a primary threat vector and a heavily targeted point of infection into organizations. Today s spam causes the following security problems: Infected files accepted by your systems contain Trojans and malware, compromising your PC s or servers. Outbound spam from your infected hosts damages your email reputation and prevents your email from being delivered. Interrupted email flow threatens your communication and lowers employee productivity. Best Practices worldwide require an accurate source of threat data - a Real Time Black List. Email administrators need up-to-date, accurate and cost effective solutions that stay current with ongoing threats while keeping email flowing smoothly. Best Practices worldwide require an accurate and up-to-date source of threat data Real Time Black Lists (RBL s) to improve anti-spam effectiveness. Real Time Threat Data from Spamhaus delivers critical protection that dramatically improves your email filter s accuracy and effectiveness. Spamhaus continues to innovate continuously adding key additions such as the PBL, DBL, and CSS in the past 18 months. Spamhaus s extensive, unparalleled expertise worldwide enables insight, visibility and coverage across all segments and geographies. In use by two-thirds of the world s ISP s and protecting 1.7 billion email users worldwide, Spamhaus is a critical piece of the Best Practices approach to stopping spam from reaching your organization. Spamhaus RBL s are the most effective in the industry - protecting 1.7 billion email users worldwide. This white paper, sponsored by SecurityZones and Spamhaus, focuses on the Best Practices approach used by modern spam filters. It describes the key reasons why Spamhaus s Real Time BlackLists are used by thousands of companies around the world: Spamhaus RBL s improve the accuracy and effectiveness of anti-spam systems worldwide. Page 2 of 10

Spam is Evolving and You Must Keep Up The problem of spam is changing. It represents anywhere from 70% to 85% of all email sent across the Internet, down from the peaks of three years ago. But does that mean that we can all relax? No! Not by a long shot! It is more complex than it was only three years ago and your email filters must keep up. No longer just a nuisance, spam creates real problems. Spam has evolved from a nuisance to a critical threat to your operations. All organizations rely on email as a critical means of communication. In addition to spam posing a security threat, the threat of incomplete or interrupted email flow is a significant threat to your company s operations. It causes infections, security breaches and serious financial losses The greatest shift in spam during the past three years has been the transition from advertising products to using it as a vector for malware infection through infected attachments or links to sites containing malware. This malware is used for a variety of purposes: hosting phishing sites, hosting malware, launching denial-of-service attacks, breaking into social networks, stealing confidential files, and redirecting emails to unauthorized 3 rd parties. Spam gangs are run by professionals, and they want your money. They are doing everything they can to get it. o It makes it harder to send email Spam gangs are run by professionals and they re after your money. If a spammer succeeds in compromising accounts within your organization, they will make it more difficult for your organization to send emails to the rest of the Internet. How? One of spammers favorite techniques is to send spam from legitimate, but compromised, accounts. Some of this spam email ends up in spam traps and your organization can easily end up on a black list. This means that your email messages sent may be rejected; your critical legitimate email may also be blocked. Getting onto an IP blacklist is very costly. You will not be able to send outbound email to important people, and it will take your IT administrators much effort to get delisted. o It reduces employee productivity Email is crucial to modern business. But without a good spam filter in place, email is useless. Nobody can spend time sifting through dozens of messages looking for the ones that are useful. Page 3 of 10

People would stop using email. Either way, not using email, or spending time trying to sort through spam, costs employees productivity. o The bottom line: spam creates significant security and operational issues The more spam that enters your organization, the more email servers, network bandwidth and support resources that are required. This drives up the cost of managing a network and messaging system. Global Best Practices Because of the increasing complexity of the spam techniques and problems it creates, there are a variety of best practices that an organization should implement to thwart it. Blacklists A blacklist, sometimes referred to as a blocklist or Domain Name System Black List (DNSBL), is the first line of defense in modern spam filters. There are two popular types of blacklists: IP Blacklists are a critical first stage filter and using them is a Best Practice. 1. The first is an IP blacklist which is a list of IP addresses that spammers send mail from. These are lists of known spammers or lists of IPs that are sending high volumes of spam (they are part of a botnet). If an email arrives from an IP that is on a blacklist, the mail should be rejected without accepting the message. This provides significant improvements to your antispam filters effectiveness by eliminating 80-90% of all spam at SMTP connect time. It also saves on network bandwidth and storage since your organization doesn t have to spend time on more expensive content filtering. 2. The second most common type of blacklist is a URL blacklist. This is a list of domains that are known to belong to spammers or have appeared in spam messages sent to spam traps. Spam filters then scan the message and if they contain a domain on the URL blacklist, use that as a weight in the content filter decision. Accuracy is Critical! An inaccurate blacklist will cause false positives and legitimate mail will not go to its intended recipient. As much as spam is unwanted, missing legitimate mail is worse because the consequences of missing a legitimate mail are greater; business critical The key factor for a blacklist is accuracy. messages, emails from friends, and other missed opportunities are byproducts of inaccurate blacklists. Any blacklist an organization uses must be accurate and absolutely minimize false positives. Whitelists A whitelist is a list of IP addresses of known legitimate senders of email. Spam filters can use this list to skip filtering if an inbound mail arrives from a sender on list whitelist. This serves two purposes: Page 4 of 10

1. It saves network resources by not spending performing expensive content filtering on it. 2. It reduces false positives by not accidentally ever marking it as spam. Best Practices Approach Why Use Blacklists? Organizations should implement a filtering strategy that uses blacklists as the first line of defense. This makes mail servers more responsive because they are not wasting CPU cycles processing the large volume of spam that would otherwise have been accepted, and reduces latency in overall message delivery. Organizations should use blacklists as the first line of defense. How Spamhaus Defeats Spam Spamhaus is an international organization whose mission is to track the Internet's spam gangs, to provide dependable real-time anti-spam protection for Internet networks, to work with law enforcement agencies to identify and pursue spammers worldwide, and to lobby governments for effective anti-spam legislation. Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 25 investigators and forensics specialists located in 10 countries. Spamhaus maintains five lists that contain the real-time data used to fight spam: 1. Spamhaus Black List (SBL) The SBL is a list of IP addresses that are controlled by known spammers. The SBL includes the Composite Snowshoe List (CSS). 2. Exploits Black List (XBL) The XBL is a list of IP addresses of computers that are infected with malware and relaying spam. 3. Policy Black List (PBL) The PBL is a list of IP addresses that should not be delivering unauthenticated SMTP email. It is key to pre-emptively blocking the vast majority of botnet-spam. Spamhaus Blocks 85-95% of all spam before it is accepted. The SBL, XBL and PBL are included together as the Zen composite list. Spamhaus has continued to innovate, adding additional lists: 1. Domain Black List (DBL) The DBL is a list of Internet domains that have been seen in spam. The DBL contains malicious URLs which are completely spammy, and a list of URL shorteners that can be used as a weight in a content filter. Page 5 of 10

2. Spamhaus White List (SWL) The SWL is a list of IP addresses of known good senders and need not be spam filtered. How To Use Spamhaus in your Email Filtering Solution: It is easy to add Spamhaus to nearly all email filtering systems. It can be included as a first as first stage filter for SpamAssassin, or all other open source email filter systems; by adding Spamhaus directly to your email filtering appliance; or by adding directly to your email system such as Exchange, Postfix or Sendmail. Spamhaus should be deployed in two phases: Spamhaus is the #1 rated, most trusted IP blacklist with the lowest false positives in the industry. Phase 1 Reject mail from IPs on the blacklist The first phase is to run the Spamhaus ZEN blacklist (the SBL, XBL and PBL combined) on the inbound mail server and reject all mail from IPs on this list without accepting the message. The ZEN list will block on average 75% - 85% of all inbound email traffic. Phase 2 Check for domains on the DBL The next stage is to examine the content of the message in your spam filter and extract all of the URLs in the message. Then, the URLs are checked against the DBL and if it matches, the spam filter uses this as a weight in the final decision. Phase 3 Check the SMTP properties of the message [optional] The DBL can next be used to compare against sender s domain in the SMTP MAIL FROM, against the domain in the HELO, and against a domain found in the reverse DNS record of the sending IP. If any of these match, the mail can be rejected without accepting the rest of the message. Phase 4 Check for domains that point to the SBL [optional] The next stage is to take the URLs from phase (2) and determine which IPs those domains point to (i.e., determine the domains A-records). The IPs are then checked to see if any of them point to IPs in the SBL. If so, this is used as a weight in the spam filter s decision. Why Use Spamhaus? Spamhaus is Highly Effective and Extremely Accurate The Spamhaus blacklist improves your accuracy and effectiveness. Page 6 of 10

Using Spamhaus alone blocks over 98% of spam with 0% false positives. This is nearly on par with full commercial solutions, at a fraction of the price. It is frequently used in conjunction with existing antispam appliances and services. Spamhaus improves your Accuracy and Effectiveness By using Spamhaus blacklists, your mail server can save valuable resources by not wasting resources on junk mail that nobody wants to receive: o You don t have to store spam on your servers, and therefore need fewer of them. o You don t have to waste bandwidth on spam. o You have fewer calls to technical support from users complaining about spam or malware. Spamhaus is Reliable Your email filtering solution must be dependable. Spamhaus is highly reliable and has never had a service interruption. Spamhaus is Trusted Spamhaus is the #1 most trusted and widely used blacklist in the world today. It is used by over 1.7 billion users worldwide by security vendors, large corporations and education institutions in order to keep their mailboxes clean. Spamhaus is the most widely used blacklist in the world, protecting 1.7 billion users worldwide. Spamhaus delivers on its promises and its passion to help protect the Internet and users from spam. Is Spamhaus Free? Spamhaus began in 1998 as a passion to address the growing spam problem. The service used to be free but to ensure it remains a sustainable, high quality initiative, Spamhaus has created a Usage Policy. The reasons for this are the following: 1. The free use public servers are constantly overwhelmed by a tremendous volume of queries. 2. Free is not a sustainable business model for a high quality service which organizations rely on. 3. However, Spamhaus is still free and always will be for small, non-commercial use. Spamhaus merely asks commercial users to contribute to the fight against spam. This charge for the service is used by the anti-spam community to help fund the Project. Spamhaus Usage Policy is based on level of Use: No charge (for non-commercial use with fewer than 100,000 queries per day) Page 7 of 10

Fee-based (for commercial use, or if more than 100,000 queries per day) Numerous organizations continue to use Spamhaus without a license; many do not realize that the service is extremely inexpensive, as shown in the following figures: Spamhaus Annual Pricing Users ISP/Enterprise 501 to 1,000 $1500 1,001 to 5,000 $1850 5,001 to 10,000 $2250 $10,001 to 20,000 $3200 $20,001 to 50,000 $5700 50,000 to 100,000 $10,000 Unlimited $18,600 The cost of the Spamhaus service represents incredible value. Why Use the Spamhaus Datafeed? The Spamhaus datafeed enables fully licensed, compliant and unrestricted access to Spamhaus via two access methods: 1. Spamhaus Datafeed Query Service (DQS) The DQS permits access to restricted Spamhaus Query Servers. The DQS servers provide faster responses, are updated more frequently and include full customer support. 2. Spamhaus Rsync Datafeed Service (rsync) The Rsync service provides a complete copy of the entire Spamhaus database, downloaded and stored locally, in your own environment. This local copy will be updated continuously via rsync. The Datafeed Services have several advantages: 1. Faster Performance For rsync users, queries are done locally instead of querying Spamhaus DNS servers over the public Internet. Local queries provide far better performance 2. Full support Full technical support is available by phone and email. You get immediate escalation to Spamhaus backline support team. 3. Continual Upgrades Spamhaus continues to add new features at no additional cost. In the past 18 months, Spamhaus has added the PBL, DBL, Composite Snowshoe List (CSS) and SWL. 4. Trial Service A free 30-day trial of the Spamhaus Datafeed Service is available. Page 8 of 10

Case Studies: Real-World Examples Spamhaus is a very effective enhancement to anti-spam systems in a wide variety of organizations including ISPs, universities, enterprises, hosted email and anti-spam services, and commercial anti-spam appliances. The following three examples are of customers that have implemented Spamhaus, along with their results: 1. A large ISP using Spamhaus as upgrade and replacement to current anti-spam provider Tier 1 ISP with over 12 million email users and managing 45 million domains. Spamhaus benefits: o Spamhaus stops more than 80% of spam at SMTP connect time, saving the ISP more than $350,000 annually by reducing the number of filtering servers and replacing other service vendor solutions. Total Cost Savings: $331,400; Spamhaus Cost: $18,600 ROI in excess of 1,800%. 2. A mid-sized corporation adding Spamhaus to an email appliance 20,000 email users on a commercial, well known, antispam appliance Spamhaus benefits: o Spamhaus eliminated the need for an expensive upgrade: $28,000 o Improved accuracy and effectiveness: priceless o Reduced IT Support (0.1 FTE): $5,000 Total Cost Savings: $33,000; Spamhaus Cost: $5,700 ROI: 578% Per senior management: Prior to using Spamhaus, we seriously considered replacing this appliance, as we were receiving far too much spam, and an intolerable amount of False Positives! The addition of Spamhaus enabled us to retain the current appliance, saving us thousands of dollars and more importantly deliver acceptable email service to our end users. An imperative was to improve the security and protection for our users, from phishing and malicious email. Spamhaus is a great addition. 3. A Small Business adding the Spamhaus Datafeed to SpamAssassin 250 email users running Exchange and using SpamAssassin messaging filters. Page 9 of 10

Spamhaus Benefits: Avoid need for Expensive Commercial Appliance: $1250; Spamhaus Cost: $250 ROI: 500% As one technical manager at this company noted, A year ago, I was receiving VAST amount of spam. You helped me to configure, test, and approve now we receive almost no spam. I stress this point very much, that there are ABSOLUTELY NO FALSE POSITIVES AT ALL. The results speak LOUD for themselves. Will I continue to use Spamhaus? ABSOLUTELY! About Spamhaus The Spamhaus Project is an international non-profit organization whose mission is to track the Internet's Spam Gangs, to provide dependable real-time anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spammers worldwide, and to lobby governments for effective anti-spam legislation. Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 25 investigators, forensics specialists, 4 dogs, a cat and a parrot, located in 10 countries. About SecurityZones securityzones provides data from the leading security research organizations worldwide. The real time threat intelligence provides protection and security from Internet threats. Used by leading organizations worldwide Internet threat data, delivered as real time datafeed, will improve your defenses and security for your enterprise and your users. Page 10 of 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information