Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Topics

 

Email Spam

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Email Throttling

What is Spam

Whitelists and Blacklists

 

 

Email Reputation Filters

 

Many anti-spam solutions have a feature/technology that enables you to control whether or not an email is accepted from a sender based on its previous activities. If the sender has sent spam like emails previously then an anti-spam solution may mark the email as suspicious and undertake further analysis of the email. If it has sent spam email in the past then it may be blocked or quarantined without any further analysis of the email.

To provide an example, a particular well known security vendor known as Fortinet has subscription based security service which is known as Fortiguard. Fortiguard Security Services, through its threat intelligence and research provides the functionality above. End users can view the Fortiguard website to see the latest malware threats found. Fortiguard research labs are based worldwide, and their job is to look for all types of threats, not just spam. These include viruses, spam, intrusion attacks, etc. Spam in particular is caught using various techniques such as signing up to many different websites and services like gambling websites. These websites usually pass on registered email addresses on. Over time the registered fake account setup by Fortiguard is a target by many spammers. Now the Fortiguard can identify the culprits. This is one basic technique. From this research, Fortiguard labs update their signatures and send to their Fortinet appliances worldwide for latest security updates. Mcafee's Global Threat Intelligence reputation service is similar to that of Fortinet's Fortiguard service. Websense and Message lab in particular also have a very strong network research teams to update their reputation databases as well.

These worldwide networks and centre's setup by vendors such as Fortinet, Websense and Message Labs monitor the reputation of URL's, IP addresses, domains, individual email accounts and so on, ensuring if they do something bad they would get a bad score rating, and if they started behaving as expected these sources would start building a good reputation again. This information is passed on to end users worldwide. This information is then used to identify spam, viruses and other threats.

You can view the Fortinet's Fortiguard services website here.

As things have moved on, many vendors, such as Fortinet, are using newer techniques in combatting threats. For example Fortiguard uses its seasoned artificial intelligence and machine learning systems to provide protection and visibility for its customers.

Further Reading

Wikipedia's guide to Anti Spam Techniques