Anti Spam

spam

 

SpamDupe Anti Spam is an antispam solution used with our enterprise class e-mail for our on server hosted mail users and for our clients who have their own mail servers at their sites.

SpamDupe Anti Spam provides inbound and outbound messaging hygiene/filtering protection with antimalware, antispam, antivirus and unwanted content blocking. We offer:

• Highly redundant, virtualized infrastructure with in service availability rates that exceed 99.99%.
• Accurate, effective spam filtering with better than 99.5% filter accuracy and less than 0.1% false positives (with SpamDupe acting as both inbound and outbound ESMTP gateways.)
• Bulk e-mail protection through our sophisticated Spamvertiser detection/blocking network.
• Virus defense by blocking e-mails with dangerous/unwanted attachments.
• Phishing and fraud defenses with sender reputation and web link validation checks.
• Denial of Service (DoS) and Distributed Denial of Service (DDoS) protection against e-mail  attacks. Even under extreme pressure, SpamDupe continues to service e-mail traffic from known peers.

SpamDupe Anti Spam also provides enhanced e-mail privacy and security with;

• Ability to force e-mail encryption between peers to ensure that no e-mail is ever sent in clear text.
• Ability to force strong encryption options to ensure your message stays private.

SpamDupe Anti Spam is safe, secure and easy to use:

• Daily reports sent to user email for easy review and control (sample.)
• Mail queuing ensures that no inbound e-mail is lost when your mail servers are off-line or your Internet connection is unavailable.
• E-mail recovery provides you with ability to recover individual user, domain or site traffic going back for weeks.
• E-mail review and redirect gives management the power to review past e-mail exchanges between any employee and peer.
• Off-site disaster preparedness services allows you to continue to process e-mail if your mail server infrastructure should experience a failure (contact us for details.)

Key Benefits

• No infrastructure to buy, house, administer, back up or recover.
• Maintain user productivity by eliminating distractions and simplifying e-mail management.
• Reduce threats by filtering out viruses, spam, malware, advertising and phishing messages.
• Enforce acceptable use policies, improve management oversight and control.
• Switch over with no e-mail service interruptions.
• Integrate SpamDupe into your environment in 30 minutes or less.

 

How It Works

Basic Setup

SpamDupe is an Edge Transport Server based e-mail filter and relay solution that resides behind the firewall.

 

Internet <=> Firewall <=> SpamDupe <=> Mail Server

 

SpamDupe is a live filtering solution. It filters e-mail in real-time during the actual e-mail exchange.

 

When an e-mail message arrives, it is subject to our suite of validation and verification tests. The result is one of three decisions: Accepted, Tagged (uncertain), or Rejected.

 

Depending on your configuration the messages may be rejected or simply scored and filtered later.

Scoring Spam

Each e-mail is assigned a numerical score, generated by our anti-spam engine. The initial score of a message is “0”. We use many techniques to scan each message to see how “spammy” it is. The cumulative value of each test becomes the spam score of the message.

 

We have two thresholds, defined for each domain, that determine what happens to each message. The more spammy a message is, the higher the score. If the score reaches the tag threshold the e-mail will be tagged. If the score reaches the reject threshold the e-mail will be rejected.

 

Similarly, we look for evidence that the message is legitimate, reducing the spam score. Thus, the spam score can be a positive or negative number. The higher the number (positive) the more spammy it is; the lower the number (negative) the less spammy.

 

Tests that result in a high impact are examined first: virus scanning, black/white listing, sender history, etc. These tests take precedence; they can set the message result by themselves and may cause other tests to be skipped.

 

Some very expensive tests can get very good information about the sender; but they are done last and only if the test can change the disposition of the message.

 

We examine the traffic patterns between the sender and recipient. For legitimate senders, as their traffic history accumulates, their spam scores drop until the sender becomes implicitly white listed. This ensures their messages will never be blocked in error.

 

If the message is not accepted or rejected by the high impact tests, it is then classified based on its spam score and the Tag and Reject thresholds defined for the recipient.

 

SpamDupe uses three categories when scoring messages:

 

Accept

After being thoroughly scrutinized, the message was deemed wanted and is immediately forwarded to the intended recipient(s).

 

Reject

Messages that are rejected typically contain any of: unwanted content, obfuscated text, misleading or inaccurate e-mail header and/or envelope information, references to spam-friendly networks or other criteria that strongly indicates spam. As a result, SpamDupe refuses the message with an appropriate explanation to the sender. Reject messages are customizable so that in the unlikely chance the message was rejected in error, the sender can contact you by other means (phone).

 

Tag

SpamDupe tags messages that score above the Accept threshold but below the Reject threshold. We “Tag the subject line of the message [SPAM?] and deliver it to the recipient. The user does not need to check a separate quarantine. Typically less than 1% of all messages are tagged.

 

Tagged Messages

Tagged messages are message that are of indeterminate disposition; they have a score that puts them on the borderline between legitimate e-mail and spam. They are tagged with a text based note (by default it is [SPAM?]) on the subject line, but otherwise is delivered normally. (You can turn off the actual subject line tagging in Filter Settings, if needed.) Messages that are tagged and are also from unknown servers, seen for the first time, may be grey listed.

 

Grey listing is a process where the server reports that it is temporarily unable to service the e-mail. The sending server receives this notification while attempting the mail exchange. The normal behavior of mail servers is to try sending the message again after a short delay (usually 5 or 10 minutes). After 3 minutes or 3 attempts to deliver a “grey listed” message, that message will be accepted.

 

Note: Messages containing viruses, unwanted file attachments, or known Phishing (fraudulent) messages are always rejected.

 

Anti-Spam Tests

SpamDupe uses a variety of anti-spam tests:

♦ Sender Reputation
•Real-time Block Lists
•Incoming Sender Lists (Black/White lists, etc.)
•Real-time dynamic sender behavior analysis
♦ Historical Information
•Past server and sender behavior
•Analysis of e-mail traffic patterns
♦ Server Analysis
•Sending server analysis
•Sending address verification
•DNS configuration validation
•Server profiling and identification
♦ Sender Intention Checks
•Test for sender/origin obfuscation
•Phishing attempt identification
•Recipient validation
•Spam Traps
♦Content Scanning
•Anti-virus scanning
•Dangerous attachment filtering
•E-mail structure analysis
•Content black listing and watch words
•Anti-obfuscation engine
•OCR analysis
•Adaptive content filtering

 

Rejecting Spam

On any type of reject, a message delivery failure is immediately returned to the sending mail server. This occurs during the actual e-mail transaction which ensures a guaranteed delivery to the sending server.

 

Because SpamDupe™ never accepted the e-mail, the responsibility for dealing with that e-mail lies with the sending server. This behavior is markedly different from many delivery failure messages which are generated after a message has been accepted, scanned, then deemed to be spam.

 

This is a subtle difference but an important one. This ensures the responsibility for the e-mail lies with the sending server. We avoid the potential responsibility for such messages and avoid any legal requirements for storage, archiving, etc. that may otherwise be implied.

 

Further, many delivery failure messages are sent to spammers who do not accept them. This can literally choke your e-mail infrastructure with garbage messages that will never be sent.

 

 

ACTIVITY REPORT SAMPLE

console

WEB CONSOLE – FULL CONTROL FOR EVERY USER

console2