Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Topics

 

Email Spam

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Email Throttling

What is Spam

Whitelists and Blacklists

 

 

Zero Day Attacks - Advanced Anti-Spam Filtering Tools

 

Your anti-spam proxy firewall should have solid and intelligent techniques against zero day attacks. Zero day attacks are attacks that have been let out into the wild in which there has been no anti-spam or anti-virus signature produced for them. For this very reason security vendors have invested in zero day prevention technologies, which are able to detect malicious threats based on their behaviour and other characteristics.

Zero day window is the time a malware threat that was out in the wild where there were no signatures created for it. This is a general term for zero day malware, not just based on email\spam messages. Anti-spam filtering solutions are be able to detect zero day attacks by analysing the behaviour. Zero day protection offers an essential defence against zero-day attacks by identifying and blocking traffic that looks and behaves like malware or a policy breach.

As well as offering zero-day protection, a good and effective anti-spam solution will include content filtering tools which will also detect a wide range of other issues such as abusive behaviour and sensitive content leaving the organisation; for example financial spreadsheets being mailed out. Anti-spam solutions have produced protection tools, typically known as a content filtering tools that lets you stop email messages that exhibit the characteristics of unwanted traffic, even if they’re not recognized as malware.

Zero day protection for email messages enables the messages be broken down to its smallest parts, completely analysed and then acted upon depending on what is found.

The zero protection policies provide configurable options to let you decide what to do with this suspicious traffic, with options such as blocking the message, quarantining it, deleting it, reporting it, informing the sender, informing the recipient or any of the combination of these just mentioned.

In a nutshell, with zero day protection, unknown attacks can be found based on the characteristics of an email. Zero-day protection offered by vendors is one of the easier and most effective defences you can deploy.

 

Further Reading

Wikipedia's guide to Zero Day Attack