Spam DNA Filtering System



Similar documents
Solutions IT Ltd Virus and Antispam filtering solutions

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Eiteasy s Enterprise Filter

How To Ensure Your Is Delivered

Setting up Microsoft Office 365

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

An Overview of Spam Blocking Techniques

MDaemon configuration recommendations for dealing with spam related issues

Do you need to... Do you need to...

Antispam Security Best Practices

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

Services Deployment. Administrator Guide

Enhanced Spam Defence

Setting up Microsoft Office 365

Anti Spam Best Practices

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

Spam Configuration/Training Guide

SPAM FILTER Service Data Sheet

Gateways Using MDaemon 6.0

WHITEPAPER. SendGrid Deliverability Guide V2. Everything You Need to Know About Delivering through Your Web Application

EFFECTIVE SPAM FILTERING WITH MDAEMON

Cloud Services. Anti-Spam. Admin Guide

Why Bayesian filtering is the most effective anti-spam technology

Articles Fighting SPAM in Lotus Domino

Intercept Anti-Spam Quick Start Guide

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

Configuring Your Gateman Server

eprism Security Appliance 6.0 Release Notes What's New in 6.0

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Avira Managed Security AMES FAQ.

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Serial Deployment Quick Start Guide

How To Block Ndr Spam

Anti-SPAM Solutions as a Component of Digital Communications Management

Thexyz Premium Webmail

Recurrent Patterns Detection Technology. White Paper

Symantec Hosted Mail Security Getting Started Guide

FILTERING FAQ

The Network Box Anti-Spam Solution

Guardian Digital Secure Mail Suite Quick Start Guide

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

The spam economy: the convergent spam and virus threats

What is a Mail Gateway?... 1 Mail Gateway Setup Peering... 3 Domain Forwarding... 4 External Address Verification... 4

IMail Server. Twenty Ways to Stop Spam with IMail Server. Abstract

AntiSpam. Administrator Guide and Spam Manager Deployment Guide

Reputation Metrics Troubleshooter. Share it!

XGENPLUS SECURITY FEATURES...

Barracuda Spam Firewall User s Guide

Mailwall Remote Features Tour Datasheet

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

s and anti-spam Page 1

Comprehensive Anti-Spam Service

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Barracuda Spam Firewall

About the Junk Filter

How To Get The Most Out Of Your From Your Mail Server (For A Small Business)

anomaly, thus reported to our central servers.

Anti-Spam White Paper

eprism Security Suite

The Leading Security Suites


Spear Phishing Attacks Why They are Successful and How to Stop Them

FortiMail Filtering Course 221-v2.2 Course Overview

Configuring MDaemon for Centralized Spam Blocking and Filtering

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Stop Spam Now! By John Buckman. John Buckman is President of Lyris Technologies, Inc. and programming architect behind Lyris list server.

Security. Help Documentation

IMF Tune Opens Exchange to Any Anti-Spam Filter

Implementing MDaemon as an Security Gateway to Exchange Server

T E C H N I C A L S A L E S S O L U T I O N

Comprehensive Filtering. Whitepaper

INLINE INGUARD GUARDIAN

How to keep spam off your network

DDL Systems, Inc. ACO MONITOR : Managing your IBM i (or AS/400) using wireless devices. Technical White Paper. April 2014

Tufts Technology Services (TTS) Proofpoint Frequently Asked Questions (FAQ)

Antispam Evaluation Guide. White Paper

Installing GFI MailEssentials

Quarantine Central for end users: FAQs

Ipswitch IMail Server with Integrated Technology

Transcription:

The Excedent Spam DNA Filtering System provides webmail.us customers with premium and effective junk email protection. Threats to email services are rising rapidly. A Growing Problem As of November 2002, Excedent Technologies estimates that 65% of all email traffic on the Internet is unsolicited bulk email ( Spam ). Spam is one of the fastest growing, most complex problems facing the Internet today. The problem has already led to millions of dollars in lost productivity and added systems costs for corporations and small businesses. Businesses who maintain in-house email servers are fighting a losing battle to protect their systems from this epidemic because complexity of the problem is constantly evolving. As each week goes by, Spammers are growing wiser, learning new tricks to fool common Spam defenses and obtaining more sophisticated software to penetrate more mailboxes. Is There A Solution? Yes, luckily there is: Evolve your Spam defenses as fast as Spammers evolve their techniques. Excedent Spam Filtering accomplishes this by gathering real-time Spam intelligence from a number of sources, and then actively using this intelligence to block unwanted email. Excedent tracks tens of thousands of live Spam email characteristics ( DNA ), which by itself identify 85% of all Spam. In addition, approximately 25 third-party Spam databases, several DNS checks, and several message-formatting tests are used when analyzing each email. In all, approximately 45 constantly evolving tests are performed on every email that enters the system. The results of these tests are combined using a methodical weighting system that successfully identifies over 95% of Spam. Weighted Tests There are two important factors to consider when dealing with Spam: - No single test can identify all Spam. - Tests will sometimes falsely identify legitimate email as Spam. Therefore, Excedent allows no single test to cause an email to be flagged as Spam. Instead, multiple tests are used in conjunction via a weighting system, where each test is assigned a point value. When an individual test fails, its point value gets added to the email s overall weight. If the total weight of the email is greater than a certain threshold, the email gets flagged as Spam. Normally it takes a minimum of two to four tests to fail, depending on the severity of the tests, before the total weight reaches the necessary threshold. 1

Spam DNA Excedent collects thousands of Spam samples through the use of dummy mailboxes ( Spam traps ) as well as data submitted by clients. Spam messages are then broken down into identifiable components, which are used to develop Spam DNA. Spam DNA is similar to anti-virus fingerprints, and can accurately identify most Spam based on specific content that would only be found in certain emails. Advanced pattern recognition technology allows Excedent to simultaneously apply thousands of heuristic algorithms to each email in search of parts of the email that are identifiable by the Spam DNA. When a match is found, the email fails this heavily weighted Spam test. Dictionary attacks, can bring SMTP services to a halt. Open mail relays can enable Spammers to send Spam through corporate systems, causing PR, availability and legal hassles. Open Relays and Known Spam Sources Open relays are the most common source of Spam. These are improperly configured mail servers that allow outbound mail to be sent by just about anybody. Spammers use automated tools to search the Internet for vulnerable servers, and then hijack these servers to increase the amount of Spam they can send. To combat this problem, there are several third-party organizations that maintain active databases that blacklist open relays. Databases also exist that blacklist other known Spam sources such as proxies, insecure web forms, and dial-up IP addresses. Excedent tests each email against approximately 25 of these well-known blacklist databases, including those from Osirusoft, SpamCop, SpamHaus and NJABL. These databases are updated multiple times each day. Each blacklist test that fails adds an additional weighting to the email. DNS and RFC Violations Spammers tend to be sloppy in how they send email. Therefore it is important to scrutinize each inbound email to see if it followed all of the rules defined by current RFC s. The following tests examine the mail server that delivered the email as well as the domain name used in the sender s return address: - Did the mail server falsely identify its self in the HELO/EHLO data? - Is the mail server missing its reverse DNS record? - Is the domain missing A and MX DNS records? - Is the domain missing postmaster and/or abuse addresses? - Does the domain not accept delivery status notifications? The email s message headers are also examined: - Are the message headers improperly formatted or missing required data? - Are the message headers in a format consistent with Spam? - Is the return address in a format consistent with automated mailers? 2

Blocking based on any of these tests alone would block a large amount of legitimate email. However, when used in conjunction with a weighted filtering system, these tests are extremely effective. Geographical Routing This test analyzes the Internet route that an email travels, and looks for highly inefficient routing that is very common in Spam. For example, an email might fail this test if it is sent from an account in the U.S. to another account in the U.S., but is routed through a server in Korea. A second geographical test uses recent Spam statistics to identify countries that have a high probability of sending Spam. If an email travels through one of these countries, a variable weight is added to the email based on the country s current Spam rate. Hackers can flood gateways with junk email, straining system components. Elusive Spammers Spammers are very aware of the filtering techniques used by top-tier email providers. This has led Spammers to develop creative tactics and advanced software in an attempt to bypass filtering systems. For instance, many Spammers now use binary encoding to hide their text and html email from signature-based filters. Excedent s pre-processors decode binary mime segments, rendering this trick useless against the Spam DNA filters. To take things a step further, because there is no legitimate reason why a text or html email should be binary encoded (other than to bypass Spam filters), an additional weighting is added when this type of email is discovered. More aggressive Spammers are also engaged in Polymorphic Spam Attacks. These are attacks where many copies of the same email is sent, but with each email containing subtle differences in punctuation or spacing designed to circumvent content filters. Excedent uses its Spam DNA to recognize similar pieces of these different email versions and trap them in Spam filters. Spam is often times sent through several different mail servers before arriving at its final destination. This is done to disguise the original source of the email, in an attempt to avoid Spam blacklists. However, unlike most filtering systems, Excedent traces the email back to its origin and scans each hop along the way. If any server that the email was routed through fails a blacklist or DNS test, additional weighting is added to the email. 3

Habeas SENDER WARRANTED EMAIL SM (SWE SM ) Excedent has integrated technology from Habeas (www.habeas.com) that helps to ensure that legitimate email does not get blocked as spam. Habeas has created an enforcement system called SENDER WARRANTED EMAIL SM (SWE SM ) that enables individuals and companies to warrant that the email they are sending is not Spam. The SWE SM technology is based on existing trademark and copyright laws, which allows Habeas to obtain enforceable injunctions and judgments against Spammers through the Courts. What this means is that any email sent under the Habeas system is warranted (guaranteed) not to be Spam, and meets the exacting standards for a HABEAS COMPLIANT MESSAGE SM. Habeas has some of the strictest standards in the industry, including only permitting mailing lists that are verified opt-in. When a Habeas SENDER WARRANTED EMAIL SM arrives to the Excedent system, it is delivered to the recipient with confidence that it is Spam free. Combining the Tests Most organizations currently approach mail hygiene on a piecemeal basis, mostly in a reactive mode. After rigorous testing, a final weighting is assigned to each email. A threshold is then used to determine if the email should be identified as Spam. If the email s weighting is lower-than the threshold, the email is deemed to be Spam-free and is delivered normally. However, if the email s weighting is equal-to or greater-than the threshold, the email is identified as Spam. Each domain administrator using the Excedent email platform can control the sensitivity used to determine if an email is Spam, and can override that sensitivity for individual users. A high sensitivity causes a low threshold to be used and catches almost all Spam. This is the optimal setting for most companies. A low sensitivity causes a higher threshold to be used, and catches only the most obvious Spam. This can be used as a safeguard if there are concerns that legitimate email is getting blocked. In most cases this is not necessary. What To Do With Spam Once a Spam email has been identified, there are then several actions that can occur. The following actions are available to each domain administrator. These can also be overridden for specific users: - Delete the email immediately. This is usually not advised, just incase a legitimate email gets falsely identified as Spam. - Deliver to a Junk Mail folder. This will allow each user to review their Spam in their own WebMail folder. - Deliver as an attachment. This hides Spam from the user, and delivers them an alert message notifying them that they received the attached Spam email. - Deliver to an alternate email address. This is useful if a company wants to have one administrator review all of the Spam that is received. 4

- Add text to the beginning of the subject. This will allow each user to set up custom filtering rules inside of MS Outlook or other email programs. - Add text to the beginning of the body. This will discreetly tell the user that the mail is Spam, and may be beneficial in cases where a company initially is paranoid about using the more aggressive actions. - Add text to the end of the body. There is not much use for this action, unless you want to tell the user You have just read Spam! When domain administrators use the Deliver to a Junk Mail folder action, an additional feature becomes available. An automated cleanup script can be run each day to delete old Spam from users Junk Mail folders. The domain administrator can specify how many days to keep Spam in folders, or how many total Spam emails to keep before old ones are deleted. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information