modern anti-spam: rejection - no sorting
TRANSCRIPT
Modern Anti-Spam Rejection – No Sorting
Thomas Stensitzki
Introduction
Page 2
Thomas Stensitzki
Senior Consultant
MCSM Messaging, MCM: Exchange 2010
MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP
Blog: http://www.sf-tools.netEmail: [email protected]: apoc70
Spam in numbers
~88% of received messages are spam
Postini: Only 12% of received emails are legitimate (Feb 2013)
Microsoft: 94% spam, 600 million emails a week
Trend Micro: Spam ratio varies by country
Page 3
Damage and cost
Loss in end-user productivity
Restrained mobile access
Loss of communication
Loss of bandwidth
Waste of storage- Mailbox databases- Archive storage (expensive)
Example for loss of productivity:30 spams = 5 minutes x 220 working days per year
2 working days per year and employee
Page 4
Rejection No interruption of end-user routine
False positives easy to handle
Self learning connections and domain trusts
No waste of mailbox database storage
No waste of archive storage
RFC compliant rejection (NDR)
Reduced administrative intervention
Page 5
Comparison
Sorting (classic approach) Interuption of end-user working routine
Manual action by end-user required
Waste of mailbox database storage
Waste of archive storage
Risk of large number of unhandled spam messages
RejectionDelivered Blocked
Sound email OK
Spam nuisance OK
Page 6
Comparison
Sorting (classic approach)Delivered Blocked
Sound email OK danger
Spam nuisance OK
Scanning – Assessment – Rejection
Sound senders are sent a NDR
Spammers are unable to deliver
Risk of false positives is defused- Sound senders can react on NDR
Receiving – Assessment – Processing- Deletion, Quarantine, Marking
Depending on product
False Positives- Danger of important information being lost
without sender and recipient knowing about it
Solution
NoSpamProxy Rejection instead of sorting
- The alternative approach to spam protection
Sound emails are identified - Self learning mechanism to identify desired connections and handling domain trusts
Customizable to business needs- Detailed rule set of filters and actions for incoming and outgoing messages
Scalable Anti-Spam Solution
CommTouch Anti-Virus and Anti-Spam integrated in product
Component of Net at Work Mail Gateway
Page 7
Legal considerations
Applicable in Germany: § 206 StGB: „It is a criminal offence to suppress an entrusted communication“
Once an email has been received, its deletion or filtering by a third party is an offence- That is the primary reason why even spam must be archived
NoSpamProxy does not accept spam nor does it suppress or any communication entrusted to it- A regular NDR is being generated
BSI*: Analogy between Spam and unsolicited advertising
Page 8
*BSI: Federal Office for Information Security
User Interface
Page 9
Multi-Role server with default rule set
Sound email
Concentrating on negative spam characteristics leads to false positives
Unique Level of Trust technology
Bonus points for desired email connections (sender – recipient)
System learns dynamically about desired connections
Easy authorization of senders- Simple send an email to the external sender to authorize incoming messages
Enables applying more stringent spam filtering rules- Various filters and actions are available
Page 10
CommTouch Anti-Virus and Anti-Spam
Page 11
Dicovery Outbreakpeak
Firstsignature
90% of Top AV vendors have published signatures
Start of outbreak
vRPDOutbreak Protection
20-30 hours
RP
D d
ete
cti
on
: 0
.5-2
min
ute
s
AVSignature
In a nutshell
Acts as a SMTP proxy
Spam is identified while message is in transmission- Connection can be aborted with a 5xx error status to the sending MTA
Installed as the first SMTP endpoint from the internet- Next hop can be an Edge server role or an internal Hub server role
Page 12
External
SMTPservers
NoSpamProxy
Internal MTA
Topology example
Page 13
AD
External
SMTPservers
Exchange ServerTransport Role
Enterprise Network
NoSpamProxyGateway RoleServer1/2
NoSpamProxyUser Management RoleReporting Role
SMTP
Web Service
Internet facing servers not domain joined
Internal server domain joined
One gateway server possible, but no redundancy
Summary
No loss of Information – sender is informed
No wasted working hours, no manual ploughing through quarantine
Self learning system
Fully customizable set of rules
IT Resource saving (bandwidth, storage, maintenance)
Full legal compliance
Page 14
