Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Topics

 

Email Spam

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Email Throttling

What is Spam

Whitelists and Blacklists

 

 

Content Filtering & Connection Control Tools Explained - Guide to Email Security

 

Content Filtering

Inbound and outbound email messages can be scanned and filtered based on the content found within them. Each message will be decomposed, completely analysed including deeply embedded files, before being reconstructed and sent to its destination.

Content filtering can be applied to policies depending on routes and contents specified. Scanning of SMTP header fields such as X-headers and received headers, content such as attachments and within the body are analysed and determined to take appropriate action.

Many file types such as audio, video, documents, and potentially dangerous files like exe and batch files can be blocked. Even if the extension of such files were changed, email filtering solutions are clever enough to ignore these changes. They recognise files by their characteristics and do not have to rely on extensions.

 

Connection Control Tools

Connection control is a set of connection based options and timers, that handles and controls the SMTP connections before emails are analysed by any content control features.

The following below provides a list of connection control features typically found in anti-spam solutions.

 

Maximum concurrent connections - Maximum concurrent connections to the SMTP port that is accepted.

Maximum number of messages allowed per connection - Maximum emails from a single connection accepted.

Maximum number of received header - Maximum headers to the SMTP port the Proxy server accepts.

Maximum number of recipients - Maximum recipients for a single message that is accepted

Connection timeout - measured in seconds, which a single connection to the SMTP port remains open.

Listening port number - The port your server will listen on for SMTP email connections, which is almost always port 25.

Maximum message size - The maximum size of the email message usually measured in kilobytes or megabytes accepted.

Other connection control techniques are used as well, such as blocking emails via IP addresses, domain names and individual email addresses.

Connection control features such as the ones mentioned above do not only block spam messages, but help reduce potential DOS and DDOS attacks. This helps the anti-spam solutions to continue performing effectively, as content filtering tools that are used to break each message down to be analysed can take up a lot of memory and processing power.

Further Reading

Wikipedia's guide to Spam Techniques