A Moving Target
Blocking Spam is a dynamic task. Spam is constantly changing with Spammers testing against existing anti-spam solutions to find a way through the defences. We have seen this over the past year, with Spam being delivered in pictures rather than text. Spammers moved from using clean pictures, to fuzzy pictures and then on to animated pictures. Effectively, a campaign to counter the defences put in place by the security industry. They then moved on to attachment Spam where they put their message into attachments that most people would trust. Initially pdf attachments, then Word documents and onto Excel. The Spammers are well motivated by financial reward and so they will continue to look for new ways and it needs a solution that is constantly changing to counteract the latest ploys that Spammers implement.
The Network Box anti-spam solution is the most comprehensive and effective gateway anti-spam solution in the market today. It provides 24 anti-spam engines, combining over a dozen different techniques and is backed by a vast database of anti-Spam signatures. It provides true defense-in-depth, in a single managed gateway appliance.
Some of the solutions deployed by Network Box are:
- Co-operative Spam Checksums
This technique involved breaking apart a message, and taking cryptographic checksums of each component of the message.
- Signatures and Spam Scoring
Lists of "signatures" which match aspects of spam messages.
- White lists and Black lists
A list of words/patterns which make a message "ham" (good email) or "spam".
By examining behaviour, tests can be designed to determine if an e-mail is Spam.
- Real-Time IP Blacklists
Lists of gateways known to be either:
- known sources of spam,
- known open-relays (allowing third-party relaying of messages)
- known dial-up networks
- Real-Time URL Blacklists
Lists of URLs used by Spammers
- URL to IP Mapping and Blacklists
Lists of IP addresses used by Spammers
- URL Categorisation
Using the on-board SurfControl database, URLs can be categorised
- Domain Age
If a domain is very young this can be an indicator of Spam.
- Bayesian Filtering
Statistical (or Bayesian) filters can be used to automatically maintain word/ pattern white lists and blacklists, together with statistical probabilities as to whether the given word/pattern makes the message spam/ham.
- Challenge/Response Systems
Network Box can challenge previously unknown senders to check they are not Spammers.
- Digital Signatures
This technique is normally used to indicate that an email message is "ham", and is not used to determine spam.
- Optical Character Recognition (OCR)
Spams sent as pictures can be interpreted as text and hence detected.
Individually, each of the above techniques are of limited value. However, taken together they form an effective anti-spam system. Network Box deploys these, and other techniques, and weights the results depending on the test. This provides a high degree of accuracy and flexibility.
The Network Box Anti Spam email gateway achieves an industry-record 97.5% detection rate, with almost zero false-positives.
The Network Box email system is extremely configurable. Individual engines can be enabled/disabled based on tests, including:
- Direction of the message (inbound or outbound)
- Whether the message is being filtered (eg; POP3, IMAP4)
- Whether the message is redirectable (eg; SMTP)
- Globally (ie; for everything)
- Based on the content of a message headers
- Based on the proxy handling the message (eg; SMTP, POP3)
- Based on a single recipient of the message
- Based on a recipient being one of the recipients of the message
- Based on the sender of the messages
- Based on the sender IP address
Individual engine parameters can be set to adjust scores and weightings to suit end-user requirements.
The following documents provide additional detailed information about the Anti-Spam functionality.