Entensys.com

Left menu

• Products
  • UserGate Proxy & Firewall
  • UserGate Mail Server
    • Overview
    • E-mail Management
    • Security
    • Antispam
    • Data Backup
    • Screenshots
  • UserGate Parental Control
  • Testimonials
  • Reviews
• Download
• Purchase
• Partners
• Support

News

Mail Spam Protection

For spam protection, UserGate Mail Server uses two fully functional modules, Commtouch (fee-based) and SpamAssassin (freeware), in addition to standard filtering features (white list and black list).

• Commtouch antispam module
• SpamAssasin antispam module
• Other antispam methods

Commtouch antispam module

Commtouch Anti-Spam Gateway is a patented spam protection solution for mail servers and SMTP gates. Commtouch module is uses a unique filter based on proprietary RPD (Recurrent-Pattern Detection) algorithm that helps identify spam by its main feature – frequency of occurrence. Unlike other antispam filter vendors, Commtouch does not provide filter updates based on a typical content definitions database: its product scans mail traffic for spam patterns.

When the Anti-Spam Enterprise gate receives an e-mail, it looks for the relevant rule in the local policies that applies either to the company in general or to the particular users. If the message does not match any of the rules, Commtouch module starts looking through local cache with previous responses by the Anti-Spam Detection Center. If it still cannot find a rule for the message, the gate module sends a request to the Anti-Spam Detection Center located at Commtouch. If the Center is unavailable, the message is delivered to the user’s inbox. If a message is classified as spam, the gate module acts according to its configuration settings. A legitimate message is delivered to the user mailbox.

SpamAssasin antispam module

SpamAssassin is an expandable spam mail filter. The module filters incoming mail by consecutively passing them through a series of tests. Each test has a certain “value.” If a message passes a test successfully, the value is added to the total score. The value may be both positive and negative; all positive values are called “spam” and negative values – “ham.” The message passes all tests, after which the module calculates the total score. Higher scores mean higher possibility that the message contains spam. SpamAssassin has an adjustable limit. If the message exceeds the limit, it is classified as spam. As a rule, the limit should be set to let a spam message match more than one criteria. Matching just one test is not enough to exceed the limit.

Other Antispam Methods

The product supports several spam filtering technologies, which include DNSBL (DNS blacklist), SURBL (Spam URI blacklist), Greylisting and Tarpitting.

Greylisting is a tool to delay mail delivery. An incoming message is not delivered immediately, and the sender receives a message requesting to retry sending the message later. The data triplet (information about the sender, source and destination addresses) remains unchanged. If the incoming message’s triplet matches one of the triplets in the list, the message is delivered immediately (this means the sender is trying to send the message again). This helps filter spammers, because they usually do not retry sending messages to the same addresses.

Dynamic blacklist (DNSBL) is a network service offered by blacklist providers. These providers track IP addresses (sometimes domain names) compromised by spam. Tarpitting is a method of delaying delivery of mail from a remote server suspected in spam distribution. A server may become suspicious due to the large number of recipients of the same letter. If this number exceeds a set limit, tarpitting will apply to all further messages from that server. SURBL filtering is used to detect spam by URI (Uniform Resource Identifier) contained in the message text (verification against blacklists). The module extracts the domain component (2 or 3 levels) for each URL found in the message, adds a SURBL name suffix and sends a DNS request to the SURBL server(s) address.