symantec™ mail security 8200 series appliance

QuickStart!

Symantec™ Mail Security 8200 Series ApplianceEmail security appliance with integrated, industry-leading antispam and antivirus technologies

Availability....................................................................................3

What is Symantec™ Mail Security 8200 Series Appliance?...............3

Key Messages...............................................................................4

Value Statements..........................................................................4

Key Features & Benefits.................................................................4

System Requirements..................................................................17

Technical Specifications...............................................................17

Licensing Symantec Mail Security 8200 Series..............................18

Glossary......................................................................................22

01/13/05 Symantec Mail Security 8200 Series ApplianceQuickstart: 1

What is Symantec™ Mail Security 8200 Series Appliance?

Symantec™ Mail Security 8200 Series appliances offer the most accurate email security, powered by industry-leading Brightmail AntiSpam technology from Symantec, the global leader in information security1. Its innovative email firewall technologies reduce email infrastructure costs by restricting unwanted connections, while the appliance form factor and automatic spam filter and virus definition updates enable easy, low-cost deployment and management. With global management, administrators can easily configure, monitor, and report on all email security appliances from a single Web-based console. Content compliance features allow administrators to gain control over inbound and outbound email content so they can enforce internal or regulatory email content policies.

Available Models

The Symantec Mail Security 8200 Series appliances include two models, which enables customers to choose the appliance that best meets their needs:

Symantec Mail Security 8240 is an entry-level appliance for medium-sized businesses. It supports organizations between 100 and 1000 seats. Symantec Mail Security 8240 customers will typically purchase one appliance.

Symantec Mail Security 8260 is an enterprise-grade appliance for large-sized businesses and enterprises. It supports organizations with over 1,000 seats. Many of the customers in this segment will purchase multiple appliances.

Key Messages

Powered by industry-leading Brightmail AntiSpam and Symantec AntiVirus™ technologies for effective spam and virus protection.

Appliance form factor and automatic updates enable easy, low-cost deployment and management.

Email firewall technologies reduce email infrastructure costs by restricting connections from spam-sending servers.

Content compliance features allow administrators to gain control over inbound and outbound email content.

All email security appliances can be managed from a single console.

Pre-defined reports provide insight into trends and attack statistics.

Two models meet the needs of medium and large size organizations.

1 Yankee Group, 2004


Value Statements

The following value statements will help you articulate the tangible results customers can gain from using Symantec Mail Security 8200 Series appliances.

IT and Mail Administrators

Delivered by the global leader in information security, Symantec Mail Security 8200 Series appliances consolidate the industry-leading spam and virus protection and the most comprehensive spam prevention into a single, powerful system for flexible administration and lower management costs.

Symantec Mail Security 8200 Series appliances integrates the best spam and virus protection, to accurately and effectively filter mail that enters the gateway. Its comprehensive email abuse prevention preemptively stops email attacks that consume resources and threaten business continuity. The powerful yet simple management makes it easy to deploy, maintain, and keep up-to-date. Symantec Mail Security 8200 Series appliances helps reduce your total costs of ownership for email security.

Key Features & Benefits

Easy Deployment and Management

Appliance Form Factor

Provides an appliance-based approach to email security, enabling a single point of management for common email threats. Symantec Mail Security 8200 Series appliances include the following features:

Compact—Uses rack-mounted, 1μ half-depth server appliances (Symantec Mail Security Series 8240 is half depth and Symantec Mail Security Series 8260 is full depth).

Reliable—Installed on a RAID-1 disk storage. Symantec Mail Security 8260 Series appliances features dual power supplies and fans.

Proven Operating System—Uses a tuned, secure Linux kernel that is optimized for Symantec Mail Security 8200 Series.

Leading Open Source Mail Transfer Agent (MTA)—Built on Postfix, the leading open source MTA.

Pre-Integrated—Includes the necessary operating system, MTA, and product software pre-installed, requiring no administrator modifications or installation.

Benefits


Reduces acquisition, installation, and management cost.

Requires less time and expertise to implement and operate.

Simplifies security management.

Comprehensive Spam Prevention

A key goal of spam prevention is to identify and block abusive email sources before they have a chance to inflict damage on internal email servers. By allowing or restricting SMTP connections as appropriate, spam prevention technologies help to stop attacks in early stages, offloading the filtering burden from the email server, and preventing spam and other email threats from ending up in user inboxes.

With Symantec Mail Security 8200 Series appliances, the following spam prevention technologies comprise a first level of defense. They analyze incoming SMTP connections and enable preemptive responses and actions before messages progress further in the filtering process.

Traffic Shaping

Identifies Abusive Senders—Throttles the connection rate for senders of spam or malicious content, but allows legitimate senders to easily connect.

Gives Legitimate Senders Excellent Quality of Service—Allows legitimate email senders’ mail to flow quickly, while spammers are given very poor quality of service and their mail is slowed to a trickle. Spammers have no way to force mail into the protected network, so their spam simply backs up on their own servers

Leverages Symantec’s Probe Network—For any traffic shaping approach to precisely and reliably identify “good” and “bad” email senders, it must have access to a large stream of email sender data. By leveraging its Probe Network of decoy email accounts and the filtering statistics over its 300 million protected antispam customer base, Symantec has huge visibility into email server sending patterns. Symantec is in a unique position to characterize email sources, which is critical for the Traffic Shaping feature.

Benefits

Prioritizes sources with good traffic and stifles sources that are sending spam, reducing the capacity, load, and traffic downstream in the network.

Controls the speed at which certain senders can connect to mail server.

Reduces email load at the gateway.

Directory Harvest Attack (DHA) Prevention


Detects directory harvest attacks before they have a chance to impact the mail server. In DHA attacks, malicious senders generate email addresses using common surnames and proceed to bombard the mail server. By tracking the bounced messages, spammers can obtain a list of valid email address within an organization.

Benefits

Reduces future spam attacks.

Detects and stops directory attacks and other attempts to harvest email addresses.

Spam Attack Prevention

Detects possible spam attacks by examining the frequency and quality of the messages received from incoming IP addresses. For example, the email firewall on an appliance tracks how many messages received from a given IP address were identified as spam during a given window of time.

Benefit

Preemptively stops spam attacks that consume resources and threaten business continuity.

Administrator-Defined Blocked Senders

Recognizes blocked senders (identified by IP address) for the organization. The senders can be identified at the DNS or local level.

Benefit

Lets administrator decide how email from blocked sender will be handled.

Reject Messages

Allows the MTA to reject the message based on the quality or behavior of the sender. This is helpful in response to messages sent from senders who are disseminating spam or otherwise using abusive tactics.

Sends a delivery failure notification, along with customizable text by the administrator. Failure notifications are valuable if the sender is unknowingly (via a compromised machine) sending spam or other unacceptable content.

Benefit

Improves processing by allowing the MTA to reject messages.

Integrated Sender Reputation Service Data

Leverages the reach and visibility of Symantec's Probe Network along with sender data culled from filtering statistics. Based on objective analysis of sending patterns at the


network level, the Sender Reputation Service can identify abusive senders and prevent abusive senders and spammers from connecting to the appliance.

Benefit

Allows Symantec Mail Security 8200 Series appliances to automatically block or allow SMTP connections based on sender profile and reputation data from the Sender Reputation Service.

Third-Party Lists

Lets administrators configure lookups to third-party lists of allowed or blocked sender services to which the administrator subscribes.

Benefit

Gives administrators configuration control to third-party sender lists.

Industry-Leading Brightmail AntiSpam Protection

Symantec Mail Security 8200 Series appliances incorporates multi-layered spam protection that leverages industry-leading technology and are backed by globally distributed operations centers. Symantec Mail Security 8200 Series appliances includes the following spam protection features and technologies:

Safe IP List

Provides a constantly updated list of IP addresses from which virtually no outgoing email is spam. Symantec manages the IP address list.

Benefit

Helps limit false positives.

Language Features

Language Identification—Identifies the text of the message as belonging to one of 11 languages. Symantec Mail Security can then run only the filters that apply to the message’s language. Lets users adjust language preferences to deny or allow email based on language identification by Symantec.

Language-Specific Heuristics—Provides specially tuned heuristics based on one of 11 languages that target non-English spam. Supported languages include:

Chinese

Dutch

English

French

German

Italian

Japanese

Korean


Portuguese

Russian

Spanish

Language Expertise—Technicians deployed across the globe analyze spam and create targeted filters in over 15 languages.

Benefits

Enables the engine to run only the filters that apply to the message’s language, resulting in better performance.

Enables users to define the languages in which they want to receive messages.

Provides faster and more accurate detection and response times for network protection.

Filtering Technologies and Signatures

Updated URL Filters—Identifies and filters a spammer’s intended URL, which is often disguised and leads to spam Web pages. This URL technology was invented by Brightmail, and is now in its fourth generation.

BrightSig2 Filters—Includes signature technology that eliminates randomization and HTML-based filter evasion techniques.

Header Filters—Uses tight, targeted, regular expression-based filters based on real-time attacks or derived based on commonalities or trends present in spam messages.

Body Hash Filters—Includes first-generation signature technology.

Attachment Signatures—Targets a specific MIME attachment, for example, a ZIP file that contains a virus.

Benefits

Includes a filtering engine that uses over 20 different filtering technologies that together maximizes spam detections (95% effectiveness) and minimizes false positives (less than 1 false positive in one million messages).

Identifies and filters mail that enters the gateway accurately and effectively.

Filter Updates and False Positive Resolution


10-Minute Updates—Automatically downloads filters from Symantec to customer sites via secure HTTPS every 5–10 minutes. No need for server restart or administrator intervention.

24-Hour-A-Day False Positive Resolution—Provides quick false positive resolution. False positives are analyzed and corrected by Symantec technicians within 24-hours.

Benefits

Offers fast and convenient filter updates.

Provides fast false positives response.

Global Operations Centers and Largest Honeypot Network

Global Operations Centers—Symantec has globally distributed spam analysis and operations centers in the United States, Ireland, Australia, and Taiwan. They provide 24x7 monitoring of spam attacks and filtering performance at customer sites.

Spam Detection Network—Includes the largest honeypot network (over 2 million decoy email addresses and domains). Contains submissions and statistics from over 300 million email inboxes.

Benefit

Consists of several centers working cooperatively on three continents, comprising a round-the-clock protection network that spans the globe.

Spam Submission

Missed Spam Submission—Users can log into the Control Center, a Web-based interface, to submit missed spam to Symantec. If warranted, Symantec will adjust filters.

False Positive Submissions—Uses convenient submission tools, Symantec’s user community—300 million—can quickly inform Symantec as soon as possible in the event of a misidentified message.

Submission Responses—Based on the submissions, Symantec will adjust filters if warranted to improve filtering quality.

Benefit

Makes it easy for users to send missed spam and false positive spam to Symantec.


Award-Winning Virus Protection

Advanced, Automated Antivirus Technologies

Scans and detects viruses by integrating Symantec’s award-winning antivirus technology. Antivirus protection includes automatic virus definition updates, flexible policies to handle messages with viruses, and specific defenses against mass-mailing worms and the associated spawned emails. Antivirus protection also includes:

Rapid Response—Provides advanced automation and expert technologies for rapid virus detection. Rapid Release virus definitions are created when a new threat is discovered and help mitigate fast spreading virus outbreaks.

Antivirus Definitions Options—Lets users pick whether to use Rapid Response or Platinum antivirus signatures.

Automatic Updates—Includes antivirus signatures and definitions created by Symantec and updated at customer sites as soon as they are available.

Actions Choices—Lets administrators set policies to handle messages with viruses (i.e., clean and deliver the message, deliver the message normally, or delete the message).

Mass-Mailing Worm Auto-Deletion—Automatically removes not only the mass-mailing worm but also the associated spawned emails, which can number in the hundreds and serve no valuable purpose.

Variable Scanning Levels—Includes adjustable heuristics for more or less aggressive identification of viruses.

Adjustable Scanning Thresholds—Specifies maximum size and scanning depth levels to reduce exposure to zip bombs that tax processing.

Benefits

Provides up-to-date virus protection.

Proactively protects users’ system from virus infections.

Provides fast response for new threats.

Secure Platform Technologies

Symantec Mail Security 8200 Series appliances are backed by secure platform of technologies, including hardened and optimized MTA and operating system software. They also feature the following advanced technologies against email fraud.


Sender Policy Framework (SPF)—Provides support for SPF. Organizations publish a list of their approved email servers in the DNS. Administrators can choose to close the SMTP connections for senders whose IP addresses don’t match the appropriate SPF record.

Anti-Fraud URLs—Includes Symantec’s proprietary URL technology, which seeks out spam URLs in messages. It includes specific filters against fraud URLs. This technology also removes the obfuscation and URL-relaying tactics that spammers can employ to conceal the target fraudulent URL.

Transport Layer Security (TLS)—The included MTA supports the ability for encrypted connections using TLS. Administrators can choose whether TLS is permitted and/or required for all the appliances in the network.

Hardened MTA—Ships with MTA pre-hardened against common vulnerabilities and attacks.

Hardened Operating System—Includes embedded operating system and other software pre-hardened against common vulnerabilities and attacks. Administrators can easily install software security updates.

Benefit

Mitigates the risk of having email servers directly exposed to the Internet.

Convenient Email Content Control

Content Compliance

Helps administrators control sensitive email content and enforce content rules to conform to Information Technology (IT), Human Resources (HR), and regulatory policies.

Dictionary Filters—Enables administrators to define or import a pre-defined dictionary of prohibited words. This feature assists with HR and regulatory compliance-related issues.

Content Filter Editor—Allows administrators to create custom filters using a graphical interface. These global, server-level filters can be used to enforce company policies. Administrators can quickly activate and deactivate individual filters, display their activation status, and organize the order in which rules are run.

Annotations—Allows administrators to automatically add text to outbound email, such as a legal disclaimer or commercial information.

Archive—Automatically sends a copy of filtered message for a specified category (for example, spam) to a specific administrative account. This allows administrators to review the nature of messages targeting the organization.


Attachment Blocking—Enables administrators to scan for attachments with specific size or content attributes. Administrators can specify a maximum attachment size. They can also create filters to match against a specific MIME type, file name, or file extension.

Text File Import—Imports manually coded filters written in the Sieve language.

Benefit

Makes it easy for organizations to control sensitive email content and enforce content rules to conform to IT, HR or regulatory requirements.

Provides a convenient graphical editor.

Powerful System Management

Gives administrators control and visibility into their organizations’ email security issues.

Web Based Administration—Lets administrators use a Web browser to view a real-time dashboard of consolidated filtering performance and centrally administer multiple Symantec Mail Security 8200 appliances.

Global Management—Allows administrators to configure, manage, and monitor multiple appliances (deployed in Scanner mode), from a central location using a Web browser.

Automated Filter Downloads and Statistics Transfer—Provides secure HTTPS polling from customer sites that initiates download of updated filters. The same process transmits statistics from customer sites to Symantec, allowing Symantec to gauge the performance and effectiveness of deployed filters. The process requires no administrator intervention and filtering is never stopped during the update process.

Software Updates—Allows administrators to easily apply the latest security and software updates. Symantec provides updates and security enhancements to the operating system, MTA, and supporting software when they become available.

Multiple Administrator Accounts—Lets organizations define multiple administrator accounts, allowing them to divide up administrative tasks.

Assignable Administrator Privileges—Allows administrator accounts to be configured with the desired level of management privileges for different components. Administrators can be assigned view or modify access to any or all of the following functions:


Reporting

Policies

Appliance settings

Administration

Quarantine

Automated Email Alerts—Sends alerts to administrators or other parties when the following conditions arise:

A component is not responding or working

Antispam filters are older than a specified time

Antivirus filters are older than a specified time

Quarantine is low on disk space

Logs—Allows logging levels to be set on a 7-point sliding scale, and the settings can apply to individual filtering computers or to all. Administrators can also designate the maximum size and retention period for entries in the log database and save logs to a text file for further review.

Status View—Lets administrators view quarantine information, configured scanners in the network, and basic system status from one central location.

Command Line Interface—Allows administrators to manage certain tasks using a command line interface. Using the command line interface, the administrator can shut down the appliance, reboot appliance, and perform a variety of system management tasks. Administrators can also use the command line interface to check for, download and install software updates.

Benefit

Reduces administration burden and provides flexibility to meet the organizations’ unique needs.

Flexible Mail Policies and Administration

Includes the following flexible email management features, designed to support different levels of administrator involvement.

Group Policies—Lets administrators specify user groups, identified by email addresses, domain names, or LDAP groups and customize mail filtering for each group. For example, an organization might choose to quarantine spam and


suspected spam for review by the legal department but delete spam for the human resources department.

LDAP Synchronization—Allows Symantec Mail Security 8200 Series appliances to perform one-way LDAP synchronization from existing directory stores, eliminating the need for dual entry of user information. The supported source directories include Windows 2000 Active Directory, Windows 2003 Active Directory, iPlanet/Sun Messaging Server 5.1, and Microsoft Exchange 5.5. The LDAP Synchronization service also supports the import of organization data in LDIF files format, in case directory owners want to restrict direct access to the directory.

Flexible Actions—Administrators can assign a variety of actions to policies, based on the message verdict. Depending on the criteria, actions include the following:

Deliver message normally

Delete message

Quarantine message

Deliver message to recipient's spam folder

Forward message

Archive message

Bounce message

Modify subject

Add a header

Strip a header

Add annotation

Send notification

Strip attachments

Treat as blocked sender

Treat as allowed sender

Treat as spam

Treat as suspected

Treat as a virus

Treat as a mass-mailing worm

Adjustable Spam Threshold—Allows configurable definition of suspected spam for more aggressive filtering. Use policies to set up a unique action for messages identified as suspected spam.

Multiple Filtering Categories—Lets messages be classified as one of the following:

Spam

Suspected spam (matching the adjustable spam scoring range specified)


Email from blocked senders

Emails infected with viruses

Mass-mailing worms

Unscannable emails (could not be scanned due to size restrictions or other variables)

Custom-filtered emails (matching content filters created by administrator)

Administrator Web-Based Quarantine—Allows administrators to log in and review spam messages that Symantec Mail Security has quarantined for all users in their organization. Administrators can access quarantine database and configure settings from the Control Center.

User Quarantine Digest—Sends a periodic email summary to users, listing the newly quarantined spam messages. Includes links for users to immediately release messages to their inbox or log in to their personal quarantines.

One-Click Release of Quarantined Messages—Lets recipients of spam quarantine digest, click links to immediately release or view caught spam messages—without having to log in.

Alias Expansion—Allows quarantine to automatically resolve all aliases and delivers messages to the appropriate quarantine account for the underlying email address.

Misidentified Message Submission—Automatically sends messages identified by administrator and users as missed spam or false positives to Symantec for analysis.

Administrator Notification for Submissions—Allows administrators to receive a copy of all misidentified messages sent by users to Symantec.

Spam Expunging and Size Thresholds—Provides configurable retention period for spam messages. Includes thresholds to control the quarantine database size and the messages number limit on a global and per-user basis.

Quarantine Message Search—Lets users and administrators search messages in quarantine using multiple criteria, including:

To headers

From headers

Message body

Subject headers


Message ID headers

Time range

Customizable Notification Template—Includes customizable delivery frequency, message content, and content type (HTML, text, or both). Administrators can specify whether digest includes embedded view message and release message links to enable users to access messages without logging in.

Consolidated Reporting—Lets administrators view consolidated filtering performance statistics for all Symantec Mail Security 8200 Series appliances operating as Brightmail scanners.

Multiple Preset Reports—Provides comprehensive real-time reporting of filtering performance and email attacks with over 20 preset reports.

Report Export—Exports report data for use in reporting or spreadsheet software for further analysis.

Report Scheduling—Schedules reports for generation and email delivery.

Benefit

Lets administrators manage mail security in a way that makes sense for their organizations.

Customizable User Tools

Lets users log into a special section of the Control Center and select appropriate settings. The customizable user features include:

Blocked Senders List—Using their email client, users can specify addresses that will always be blocked. The entries are in addition to organization-wide block lists defined by administrators.

Allowed Senders List—Users can designate senders who are allowed to bypass antispam filtering. Includes convenient auto-population of trusted senders from the Microsoft Outlook address book.

Allowed Languages—Users can either specify languages in which they want to receive email or in which they don’t want to receive email. Users can choose from 11 supported languages.

Submissions—Users can submit missed spam or false positives to Symantec for analysis.


End-User Quarantine—Using an Internet browser, users can log into their personal quarantine at any time and view their quarantined messages.

Benefit

Empowers a user to manage and customize their filtering.

System Requirements

Appliance

Symantec Mail Security 8200 Series appliance is a self-contained system with preloaded software components and does not have minimum system requirements.

Management Console

Component Details

Browser Management of the appliance is via a secure Web connection using one of the following browsers:

Microsoft Internet Explorer 5.5

Microsoft Internet Explorer 6.0

Netscape 7.1

Number of users Symantec Mail Security 8240

Min: 100

Max: 1,000

Symantec Mail Security 8260

Min: 1,000

Max: 10,000 and above

LDAP Necessary if customers want to have LDAP-based group policies or alias expansion.

Mail Server Box The MTA included with Symantec Mail Security 8200 Series relays mail to existing email servers. It does not provide final mail delivery functions or client access to mail via POP.

Technical Specifications

The following table indicates the technical specifications for each Symantec Mail Security 8200 Series appliance model.

Description 8240 8260

Chassis/DimensionForm factor Half-Depth Rack- Half-Depth Rack-Mountable;


Dimensions Mountable; 1U1.68" x 16.7" x 21.5"

1U1.69" X 19" X 30"

Storage 2x40 GB SATA 2x73 GB SCSIRAID RAID 1 RAID 1 Connectivity

Ethernet 2 X 100/1000 2 X 100/1000Performance

Messages per hour 100K messages/second 250K-500KAvailability Features

Dual Power supplyDual Fans

NoNo

YesYes

Licensing Symantec Mail Security 8200 Series

Symantec Mail Security 8200 Series appliances are licensed on a per-user/per-year subscription model. Customers purchase a subscription based on the number of employees they want to protect.

Symantec Mail Security 8200 Series appliances use Symantec’s Enterprise Licensing System (ELS) to control product activation and content updates via downloads from the BLOC. Product activation includes a trialware key for 30-day activation or a license key for full product activation, which will never expire. In addition, content updates via BLOC download will be time-limited based on the license agreement signed by the customer. Following expiry of the license (and a corresponding grace period), no additional product updates will be delivered.

Demonstration Units

Evaluation Units for the Channel

Symantec provides Channel demo units (appliances) at a discount to resellers to enable them to demo the Symantec Mail Security 8200 Series appliances. A Channel demo license is provided at a discount, which is good for one year. Resale licenses are also provided.

Deliverables

When customers purchase Symantec Mail Security 8200 appliance, they receive:

The Appliance

Printed Quick Start Card

Implementation Guide

Deployment Planning Guide


License File

Customers must obtain license file(s) to permanently enable their appliances and to register for support.

The appliance will operate for up to 30 days without a license file, allowing customers enough time to contact Symantec.

Technical Support

The following Maintenance options are available. Symantec bundles one year of Gold Maintenance with the Symantec Mail Security 8200 Series appliance. Maintenance Renewals are available for subsequent years.

Telephone Support Gold PlatinumPremium

Platinum

Global

Platinum2

Local Business Hours

Extended Hours (24 x 7 x 365)

Number of Support Incidents

Unlimited Unlimited Unlimited Unlimited

Number Designated Callers 2 2 5 Custom

Additional Designated Caller(s)

Optional Optional Optional Optional

Additional Language(s) Optional Optional Optional Optional

Same day onsite hardware repair

E-Services

24 x 7 Standard Support Web Site

Platinum Web Site/Knowledge Base

Proactive e-mail/wireless security bulletins

Optional

Warranty Services

Three year hardware warranty for next business day on-site repair (available in most areas)

2 Global Platinum is a custom option. Symantec account representatives assist customers in tailoring a global program to suit their needs.


Telephone Support Gold PlatinumPremium

Platinum

Global

Platinum

Advanced hardware replacement (available in areas that aren’t eligible for on site repair)

Technical Account Mgmt

Technical Account Manager (TAM)

Optional

Global Technical Account Manager (GTAM)

Optional

Maintenance

Software Upgrade Insurance

Glossary

Term Description

Action A behavior performed against message of a given category, based on a policy defined by the administrator. For example, an administrator can specify that the “Delete” action be taken on messages identified as spam for all users in the organization.

Alerts Used to refer to system level messages produced by Symantec Mail Security 8200 Series appliances. For example: “Quarantine is low on disk space.”

Allowed Senders Trusted senders, as specified by the administrator or users. Messages from allowed senders are automatically sent to user inboxes, bypassing all filtering (except antivirus filtering, if enabled).

Annotate (Action) Refers to the action of automatically adding text to outbound email. One application of this action is to add a legal disclaimer or commercial information.

Antispam Filters The name for the defenses provided by Symantec for stopping spam.

Antivirus Definitions The name for the virus definitions created and deployed by Symantec Security Response when a new threat is discovered.

Attachment Filters A content compliance feature that allows administrators to improve security breeches and preserve network resources


Term Description

by preventing specified email attachments (e.g., vbl scripts or ZIP files) from entering the organization.

Attachment Signatures Antispam filters created by Symantec that target specific MIME attachments, for example, a pornographic image used in a specific spam attack or ZIP file that accompanies a virus campaign.

BLOC (Brightmail Logistics and Operations Centers)

The BLOC consists of several centers working cooperatively on three continents, comprising a round-the-clock protection network that spans the globe. These antispam operations centers are responsible for all of the real-time tuning and adjustments that underlie Symantec’s filters.

Blocked Senders A sender identified as blocked, either by email address or originating IP address, on the Blocked Senders List, on one of the Sender Reputation Service lists or on a third party blocked senders list. Symantec Mail Security 8200 Series can configure how messages from blocked senders are handled.

Command Line Interface

Allows the administrator to: shut down the appliance, reboot appliance, clear configuration data, change the administrative password, display the version information of all installed components, display a list of users logged into the appliance, perform DNS lookups of hostnames and IP addresses against the configured name servers, trace the route to the specified host, ping a specified host, query network statistics, look at IO statistics, display MTA statistics, control the local DNS cache, display OS statistics.

Content Compliance Allows administrators to create supplementary filters to enforce an organization’s email content policy. For example, administrators can filter messages based on defined dictionaries of unacceptable words and phrases in email messages. Other Content Compliance features include Attachment Filters and Content Filters.

Content Filtering Allows administrators to quickly write custom filters that flag specific message characteristics such as words, phrases, or attachment types. Content filters are written by the administrator using the Control Center.

Content Filters Supplemental filters created by administrators tailored specifically to the needs of their organization. Each content


Term Description

filter consists of a set of criteria that determine what messages will be filtered. Administrators can set specific actions to be taken on messages that match content filters.

Content Filter Criteria Scans words and phrases in the message body that match against specific dictionaries and checking whether specified content appears in subject lines, from addresses, to/cc/bcc addresses, message headers, envelope from address, envelope to address, envelope HELO domain, and envelope peers headers. The filters can also check whether or not messages contain specific attachments. They can also identify messages that meet a specific message size criterion.

Control Center Web-based configuration and administration interface. Using the Control Center, administrators can configure and monitor Symantec Mail Security 8200 Series appliances.

Delete (Action) Refers to the action of removing or discarding filtered mail from the email stream. A best practice for spam filtering is to delete a certain percentage mail identified as spam, taking advantage of the Symantec’s 99.9999% accuracy rate for spam filtering.

Deliver Normally (Action)

Refers to the action of sending a filtered message through for ultimate delivery to the end-user’s inbox. This action is useful for testing purposes, as reports and statistics reflecting spam volume can still be generated.

Dictionary Filters Enables administrators to define or import a pre-defined dictionary of prohibited words.

Directory Harvest Attacks

The mass emailing to a specific domain with an enormous number of generated recipient addresses in the effort to determine valid email addresses from the specific domain.

False Positive A piece of legitimate email that is mistaken for spam and classified as spam by the filtering technologies in Symantec Mail Security 8200 Series appliances.

Filters Symantec Mail Security 8200 Series appliances use both filters provided by Symantec and filters developed by customers. Antispam filters and antivirus filters are sent from the BLOC.

Filtering Engine Part of a Scanner, the Filtering Engine includes the MTA, as well as the different antispam and antivirus filtering technologies.


Term Description

Group Policies Allows administrators to specify groups of users, identified by email addresses, domain names, or LDAP groups, and to customize message filtering for each group.

Header First part of an email message, containing information such as the address of the recipient, the address of the sender, message type, routing, and time sent.

Heuristics A proactive filtering technique that looks for common spam and virus characteristics. For example, heuristic antispam filters analyze the header, body, and envelope information for incoming messages, checking for the presence of distinct spam characteristics and computing an overall score. If the score exceeds threshold, message is considered spam.

ISP Internet Service Provider

Language Identification (Language ID)

Refers to the ability of the filtering engine to identifying the language of a message if it’s written in one of 11 languages. This enables the engine to run only the filters that apply to the message’s language, resulting in better performance. It also enables users to define the languages in which they want to receive messages.

LDAP Lightweight Directory Access Protocol, a network protocol for storing, communicating, and validating user address and identification information. LDAP gives users a single tool to comb through data to find a particular piece of information, such as a user name, email address, security certificate, or other information.

LDAP Synchronization Refers to the ability to perform change-based 1- way LDAP synchronization from existing directory stores. This feature allows administrators to easily access existing LDAP data.

LDIF LDAP Data Interchange Format, an Internet Engineering Task

Mark-Up Message (Action)

Refers to the action of appending or prepending to the subject line or header of a filtered message. For example, an administrator can specify that the text [Possible-spam] be appended to the subject line of messages identified as suspected spam.

Mass-Mailing Worm A worm that propagates itself to other systems via email, often by using the address book of an email client program.

MIME Multipurpose Internet Mail Extension, a file-type definition standard that enables different mail programs to understand


Term Description

and interpret non-textual file types (such as .doc, .jpg, and .wav) in the same way.

MTA Mail Transfer Agent, a generic term for programs such as sendmail, qmail, or postfix that send and receive mail between servers.

Notification (Action) Refers to generated notifications that apply to messages (for example, end-user quarantine notifications).

Open Proxy List A dynamic database containing IP addresses of identity-masking relays, including proxy servers with open or insecure ports. Because open proxy servers allow spammers to conceal their identities and off-load the cost of emailing to other parties, spammers will continually misuse a vulnerable server until it is brought offline or secured.

Probe Network An extensive array of over 2 million decoy email addresses and domains, also known as spamtraps or honeypots. When extended with junk mail submissions from customers, the Probe Network is statistically representative of over 300 million email inboxes. This global network of email accounts attracts and collects large quantities of spam—tens of millions of spam messages pass through the Probe Network every day. As messages come into the BLOC, automated processes and expert technicians go into action, analyzing incoming spam and developing effective countermeasures.

Quarantine Provides administrators and/or users direct Web-based access to spam messages that have been sidelined into the Quarantine database for them. Users can check for misidentified messages, resend messages to their inbox, and delete or search messages. An administrator account provides access to all quarantined messages.

Relay MTA A mail server primarily used to transfer email between other mail servers. The integrated MTA in the Symantec Mail Security 8200 Series appliances operates as a relay MTA.

Reputation Filters General name for the lists created by created via the Sender Reputation Service (formerly Brightmail Reputation Service).

Safe List Part of the Sender Reputation Services, and is composed of a list of IP addresses from which virtually no outgoing email is spam.


Term Description

Scanner The part of the Symantec Mail Security 8200 Series appliances that perform email filtering. Appliances can be configured for Scanner-only functions. A Scanner includes the filtering engine and the MTA.

Send to Archive For a specified category of messages (for example, spam), automatically sends a copy of the filtered message to a specific administrative account. This feature allows administrators to review the nature of messages targeting the organization.

Sender Reputation Service

Provides comprehensive reputation tracking that enhances the protection and prevention capabilities of Symantec Mail Security 8200 Series appliances. Symantec manages three lists as part of the Sender Reputation Service. Each of these lists operates automatically and filters messages using the same technology as other filters deployed by Symantec. The Sender Reputation Service includes Open Proxy List, Safe List and Suspect List.

Signatures Symantec’s signature technology is the catalyst for Symantec’s industry-leading accuracy rate. In general, spam signatures work by distilling a specific spam attack down to a unique string of bits or a signature. This essential fingerprint of a spam attack can be used to identify variants of the attack. Accuracy is preserved because signatures are based on actual spam. Example: BrightSig2.

SMTP (Simple Mail Transfer Protocol)

A server-to-server mail transfer protocol used by many mail systems, such as Sendmail. It is based on TCP/IP.

Spam Unwanted, unsolicited commercial bulk email. Symantec uses the term spam to identify messages that are determined to be spam, according to its filters.

Spam Scoring Symantec Mail Security 8200 appliances assign a spam score to each message that expresses the likelihood that the message is actually spam. See also Suspected Spam.

SPF Sender Policy Framework (SPF) is an antispam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing. SPF and other anti-spoofing initiatives, such as Domain Keys, work by making it easier for a mail server to determine when a message came


Term Description

from a domain other than the one claimed. Symantec Mail Security 8200 Series appliances support the SPF standard.

Strip Attachment (Action)

Refers to the action of blocking and removing certain types of email attachments that are specified by the administrator.

Suspect List Part of the Sender Reputation Services, and is composed of a list of IP addresses from which virtually all of the outgoing email is spam.

Suspected Spam Administrators can use the Control Center to define a separate category of messages, called suspected spam, based upon spam scoring. Administrators can specify different actions for spam messages and suspected spam messages.

Sender Reputation Service

Provides comprehensive reputation tracking that enhances the power of the filtering engine. Symantec manages three lists as part of the Sender Reputation Service. Each of these lists operates automatically and filters messages using the same technology as Brightmail’s other filters.

TLS Transport Layer Security, a standard for encryption over email.

Traffic Shaping The Symantec Mail Security 8200 Series feature manages the quality of service that each email sender is given, based on how likely it is that they are sending spam. Legitimate senders get excellent quality of service and their mail flows quickly, while spammers are given very poor quality of service and their connection rate is slowed.

URL Filters Identifies and filters a spammer’s intended URL, which is often disguised and leads to spam Web pages. URL filters are managed and disseminated by the BLOC.

Virus A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium.

Worm Self-replicating virus that does not alter files but resides in active memory and duplicates itself. Most worms are spread as attachments to emails. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.


Symantec, the Symantec Logo, LiveUpdate are U.S. registered trademarks of Symantec Corporation. Symantec Security Response is trademark of Symantec Corporation. Other brands and products are trademarks of their respective holder/s. Copyright © 2004 Symantec Corporation. All rights reserved.


symantec™ mail security 8200 series appliance

Documents

symantec mail security

email security appliances

accurate email security

series appliances

mail administrators

series appliance quickstart

series appliancequickstart

outbound email content