DNSBL
A DNSBL is a service which provides a list of known spammers' IP addresses. The DNS server is used as a database or directory mechanism to store their IP addresses along with some other information. It can also be used as a DNSWL where the DNS server stores the IP addresses of genuine senders. In such cases you can use the DNS server for white listing and black listing purposes. DNSBL can reject messages before they actually enter the server.
|
Intrusion Prevention
This system is monitoring attempts to deliver to unknown users, to abuse SMTP commands, to send spam or to relay without authentication and when a certain treshold is reached, automatically closing further sessions for a period of time or permanently blocking connections from such IP addresses.
|
Command monitoring and service rate control
Maximum of bad commands, maximum of outstanding connection requests, exhausting command policies along with advanced rate controls effectively block mail bombing attacks.
|
Greylisting
Greylisting prevents spam by responding with a temporary SMTP error after the fist attempt for message delivery. 99% of spam and viruses are sent from mail bombers which do not ever try to deliver the mail again, so these are blocked for a defined period. RFC compliant mail servers retry after a temporary error a bit later and Greylisting allows the message through.
|
Multiple RBL Servers
RBL (Real-time Blackhole Lists) allows checking of message senders against a number of RBL resources (such as spamhaus.org) for an indication of possible spam. A number of such servers can be found on Internet which maintain list of IP addresses of known spam-sources and offer them to others free of charge. Real-time means that the database is kept updated every day, around the clock. Most widely used servers are preconfigured. Support for extended RBL server responses allows blacklisting in a timely manner.
|
SURBL
SURBLs (Spam URI Blackhole Lists) are distributed block lists similar to RBL, used to detect spam based on message body URIs (usually links to spamvertised web sites). This allows for lower false positives rates compared to RBLs that identify spam senders according to IP addresses of their connections.
|
SPF with SRS support
SPF (Sender Policy Framework) is a security extension to SMTP protocol preventing email sender domain from being forged. This technology requires that the domain owner adds an additional DNS record for the domain owned, stating machines that are authorized to send email messages from this domain. Any receiver machine that is SPF compliant finds suspicious all mail claiming to come from a domain that fails the authorized location analysis that domain defined in DNS. SRS (Sender Rewriting Scheme) is required for SMTP message transfer purposes.
|
DomainKeys
DomainKeys technology is a proposed email authentication system for validating and proving authenticity of the domain of an email sender and also the message consistency and completeness. DomainKeys performs functions similar to SPF, because it stops forgery of email sender domains. But it can also ensure that the content of the email was not changed or altered in any way during the transmission. The messages are signed with private keys, the public keys are stored in TXT field of the domain DNS record.
|
Razor2
Razor2 is a distributed, collaborative, spam detection and filtering network. Spam is reported by users worldwide as it is received and a signature of a random part of the message is recorded in the Razor2 database. The signature is regularly re-created using a different random section of the message so spammers can not modify their messages to fool the system.
|
Blacklists, Whitelists, Bypass Files
Simplified Black and White List management allows to block or authorize senders, domains and IP addresses. Further there are many bypass files on different levels of message processing that allow to skip particular tests for authentic senders. White lists will skip the processing as a whole and immediately deliver the message. They can be defined at the level of server/domain/group/user and users can maintain their own whitelist through WebMail interface.
|
Keyword filters
Keyword lists are available as part of both Blacklist and Whitelist features. A message is then blacklisted or skipped from antispam processing based on its body content. Keywords significant to your business can be used to lower false positives rate.
|
Body content filters
Predefined sets of body filters were developed to catch most of the automatically generated emails, which are usually provided by some Active-X components (automated spam mailers). Such emails mostly differ from the ones created by regular clients. These filters are very effective in blocking most of the HTML-based spam. Based on body content they allow to score messages containing:
- External SRC URL
- No text
- Script code
- Different content of text/plain and text/html parts
- No subject, No body
- No intermediate Received from: header
|
Forbidden character sets filter
Often the best protection against unwanted e-mails is rejecting e-mails written in certain languages. The character set is determined from the message header. You can easily set charsets for all languages you do not want to accept, according to your region and languages in use in email communication.
|
Super-fast SpamAssassin derivative
SpamAssassin is an intelligent, static rule-based email filter to identify spam, developed as open source project by the Apache Foundation. It incorporates a diverse range of tests and classifies the messages using statistical methods. The configuration file, test syntax and variables are fully compatible with this project. Multi-threaded RegEx engine ensures low latency to traffic. Rules support UTF-8 so they can be customized to language specific spam. Built-in is also a rule statistics function, which measures hits to each rule and lists those which have not been used at all. Such rules can then be removed to improve overall performance.
|
|
Auto-learning Bayesian filter
Standard in spam prevention, they count the statistical occurrence of words in the e-mail body and compare it with the reference base, which results in a probability that that e-mail is or is not spam. You can turn off some tests that work only for English and Western languages. You have the option to use your own reference base built by indexing spam messages received by your users, or learned automatically from recieved messages based on their Anti-Spam score (high - spam, low or authorized sender - not spam), or tune it to your typical company communication by indexing outgoing messages. When configured correctly and fed with organization and country specific spam/ham, Bayesian filter can be extremely efficient and accurate.
|
Learn Rules
Learn rules can be established for users to cooperate in increasing the accuracy of Bayesian filter and to automate building of blacklists and whitelists. Any message sent to a special email address will be black or whitelisted, indexed by Bayesian as spam or ham, or removed from the list or index.
|
Quarantine
Email from unknown senders which cannot be clearly deemed spam or ham can be quarantined and inspected by the user, spam admin or server administrator, trough WebMail or email client via Quarantine Reports or WebAdmin and Windows Administration Console's Spam Queue Manager and the sender Authorized, Message Deleted or Delivered once without authorizing (whitelisting) the sender. This allows for full manual spam processing by a person, semi-automatic by engaging Challenge Response authorization, or user-driven using the mentioned Quarantine Reports.
|
Challenge Response
Challenge/Response is a system that requires the sender of an email to verify that he/she actually sent the email. Confirmation must be provided manually by typing a few letters in a captcha. If the e-mail was sent by a mass-mailing system, there is no human at the email address that is used in the "From" header to prove its validity. There are many settings that will ease the usage and help you customize challenge text and confirmation page. This technique is usually deployed to build whitelists and is turned off afterwards as it contributes to traffic overhead and users can find it obtrusive if used heavily. Some anti-spam systems tend to score Challenges as spam.
|
Spam Traps / Honeypots
Spam traps are email addresses exposed on websites to spambots, automated scripts collecting email addresses on the Internet, which will be subsequently used in spam campaings. Email sent to a spam trap can be used in multiple ways: indexed to Bayesian spam database, block the sender's IP address for a period of time (Intrusion Prevention) or blacklist the sender IP for good. They can be configured to send a custom message to the sender (with usually invalid address though), or report his IP address by email to a collaboration antispam network of choice.
|
Processing of non-user accounts and outgoing messages
Anti-Spam module can work for all account types created within the server such as mailing lists, remote accounts, catalogues, to prevent abuse through accounts known to public. Also outgoing messages can be scanned by Anti-Spam, which is useful for ISPs who can't trust their users, but can be handy when a weak password is guessed by a spammer. Administrator can use Content Filters or Black and White Lists to achieve the desired behavior.
|
The Cloud
|