Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Published byJordan Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "Client X CronLab Spam Filter Technical Training Presentation 19/09/2015."— Presentation transcript:

1 Client X CronLab Spam Filter Technical Training Presentation 19/09/2015

2 Technical information 1 Detailed Information 1. Rate Control Controls spam high volume, by giving a soft reject to IP numbers with too high volumes of email per minute If the email is valid, the sender will try again This feature helps to keep legitimate emails passing through, even when servers are under spam attacks 2. Address Verification Verifies the email address is valid by checking with the receiving email server During recipient of the first email to a new address a probe is sent to the receiving email server to validate the address This method simplifies the integration with the email server and avoids Active Directory or LDAP setup The email address status is stored in a database which is updated on a regular basis If the address is invalid, the email – along with future emails to that address - is rejected. The testing of the email address validity is updated every 3 hours If the address is valid, the email – along with future emails to that address - goes through to further analysis. The testing of the email address validity is updated every 7 days Spam Control Flow Incoming email Rate control Address verification Virus scanning Spam detection Auto averaging FP prevention Delivery Quarantine User Message Center Delete / Release Stored for deletion Reject Stored for deletion DNS & URL blacklists Hash database comparison Statistic analysis (incl. Bayes) Content analysis Sender Policy Framework verification 1 2 3 4 5 6 7 8 8 9 9 10

3 Technical information (continued) 2 3. Virus Scanning Email is scanned for viruses using ClamAV anti-virus engine. BitDefender available as an add-on service. 4. Spam Detection The email is analysed for spam in a scoring system and undergoes the following checks against: Sets of commercial and freely available blacklists & whitelists Internal server blacklists and whitelists CronLab proprietary blacklists and whitelist Hash databases Internal content analysis databases SPF records Internal statistical analysis tools, including a Bayes database Detailed Information Spam Control Flow Incoming email Rate control Address verification Virus scanning Spam detection Auto averaging FP prevention Delivery Quarantine User Message Center Delete / Release Stored for deletion Reject Stored for deletion DNS & URL blacklists Hash database comparison Statistic analysis (incl. Bayes) Content analysis Sender Policy Framework verification 1 2 3 4 5 6 7 8 8 9 9 10

4 Technical information (continued) 3 5. Auto Averaging Adjusts scoring of email based on historical data This uses a combination of the receiving email address and the sender’s IP cluster If the email comes from a known valid sender and still looks like spam, the auto-averaging will lower the score based on historical data to allow the email to pass through If the email comes from a known spammer to the receiving email address, the email is likely to be stopped even if it looks valid 6. FP Prevention If an email is marked as a false positive, the sending email server is automatically added to a whitelist, preventing future emails from that server to end up in the quarantine 7. Delivery If email is deemed to be legitimate it is delivered straight to the receiving email server Detailed Information Spam Control Flow Incoming email Rate control Address verification Virus scanning Spam detection Auto averaging FP prevention Delivery Quarantine User Message Center Delete / Release Stored for deletion Reject Stored for deletion DNS & URL blacklists Hash database comparison Statistic analysis (incl. Bayes) Content analysis Sender Policy Framework verification 1 2 3 4 5 6 7 8 8 9 9 10

5 Technical information (continued) 4 8. Quarantine If the email is likely to be spam, but its status cannot definitely be established, then the email is sent to the quarantine All emails in the quarantine are subject to further analysis every hour for potential re-categorization. This minimizes the volume of emails in the quarantine The quarantine is user-based. Each user manages his own quarantine login information in a web based message center. Users can also delegate handling of their quarantine to other users of the CronLab spam filter On the first visit message center visit, the user registers for a password which can easily be changed (or reset) More information about message center is available on future slides 9. Stored for Deletion If emailed is determined to be spam or to contain a virus, the email is stored for 30 days before deletion The 30 day storage of spam allows administrator to retrieve a potential false positive Detailed Information Spam Control Flow Incoming email Rate control Address verification Virus scanning Spam detection Auto averaging FP prevention Delivery Quarantine User Message Center Delete / Release Stored for deletion Reject Stored for deletion DNS & URL blacklists Hash database comparison Statistic analysis (incl. Bayes) Content analysis Sender Policy Framework verification 1 2 3 4 5 6 7 8 8 9 9 10

6 Technical information (continued) 5 10. Learning and Adapting All actions taken by the system or the user are added back to the internal learning engine Users can report false negatives as spam by clicking on the footer at the bottom of the email (unless the user opts out from this feature in the message center) If a user reports an email as spam or ham, this will result in updating of internal statistical databases as well as blacklists and whitelists Detailed Information Spam Control Flow Incoming email Rate control Address verification Virus scanning Spam detection Auto averaging FP prevention Delivery Quarantine User Message Center Delete / Release Stored for deletion Reject Stored for deletion DNS & URL blacklists Hash database comparison Statistic analysis (incl. Bayes) Content analysis Sender Policy Framework verification 1 2 3 4 5 6 7 8 8 9 9 10

7 Message Center 6 Detailed Information The message center enables access to the user’s quarantine All emails can be reported: As legitimate - after which they are released back to the user. This also updates internal statistical databases as well as blacklists and whitelists As spam - after which they are deleted. This also updates internal statistical databases as well as blacklists and whitelists As ignored - after which they are merely deleted Users receive a notification in the morning if the content of the quarantine has changed Quarantine Search Engine The Postmaster of a domain can access all emails received in the last 30 days and release potential false positives back to the relevant user Users can search through their own emails, up to 30 days old and release potential false positives The Postmaster can also see mail log extracts for recent emails to help search for potential problems Email footers can be switched on/off Can toggle all email footers or footers applied to incoming emails only This will prevent the user from reporting emails as spam but might be desired for some users nonetheless Phishing filters can be switched on/off Sites that the user deem safe from phishing attacks can be reported Any report results in further analysis by CronLab’s support team Delegation of quarantine Users can delegate the quarantine, e.g. when having multiple email addresses or if an administrator is to take care of their quarantine This results in an aggregated quarantine for all the email addresses that the delegated recipient is to manage

8 Outgoing Filter: Send emails securely from anywhere, while reducing reputational risk 7 End user station Emails sent to recipient Spam and Viruses Administrator alerted Encrypted communication to CronLab. Communication to recipient encrypted if possible. Availability: Ensure safe delivery of emails no matter where you are. Works on all networks with all email servers and clients, including mobile phones Alarms: Alarms are sent to the administrator if a computer starts sending out spam or viruses Security: All communication is handled through strong TLS or SSL encryption Prevents blacklisting: Minimize risk of your domain being blacklisted as spam and viruses are removed before they reach the recipient Validity control: Users can only send emails from their own email address, using their own accounts. Domain accounts can be set up for authorized relaying servers to allow senders from all domain accounts and even from several domains CronLab’s cluster

9 Email Attachment Saver (EAS), an add-on that simplifies sending large files 8 User A sends large file as email attachment CronLab cluster replaces attachment with link; saves attachment User B receives email with link and downloads file from CronLab luster EAS Benefits The EAS uses a format known to users (email) - no training or extra programs required It saves network bandwidth and avoids bouncing emails It reduces user frustration common when trying (and failing) to transfer large files

10 Further important technical facts 9 Treatment of potentially dangerous files CronLab’s clusters are redundant and geographically distributed To speed up communications, CronLab chooses not to use greylisting in its filters No emails are blocked if receiving email address is valid Potentially dangerous files that are still not viruses (e.g. exe-files or bat- files) are removed from the email and replaced by a text-file containing information on the danger of the file and, if permitted by postmaster, a link to a website where the user can retrieve the file All domains will receive multiple MX pointers Emails are scanned by several geographically distributed servers. The servers are however always country-specific CronLab does not apply greylisting to control for spam Significantly speeds up email communication As long as the receiving email address is valid, an email will always be retrieved and analyzed, no matter what the reputation of the IP address is If an email has been wrongly classified as spam, the email can still be retrieved by the user or the postmaster for a period of 30 days

11 Thank you! Questions? Full tests of Pro 2000 Anti-Spam Appliance available at http://www.itpro.co.uk/630691/cronlab-pro-2000-anti-spam-appliance-review, http://www.scmagazineuk.com/cronlab-pro-2000-anti-spam/review/3421/ Full tests of Light 1100 Anti-Spam Appliance available at http://www.pcpro.co.uk/reviews/security-appliances/365746/cronlab-light-1100-anti-spam-appliance 10

Download ppt "Client X CronLab Spam Filter Technical Training Presentation 19/09/2015."

Similar presentations

1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Basic Communication on the Internet:

Basic Communication on the Internet:
· SoftScan Solna Strandväg 78 171 54 Solna Sweden The less you hear from us the better Shhh… The less.

· SoftScan Solna Strandväg Solna Sweden The less you hear from us the better Shhh… The less.
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Email Assurance Gateway Not Just Warmed-over Open Source Technology…

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Introductory Presentation. Agenda Why CronLab? Anti Spam Email Archiving Web Filter 1.

Introductory Presentation. Agenda Why CronLab? Anti Spam Archiving Web Filter 1.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
What’s New in WatchGuard XCS 10.0 Update 2 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 2 WatchGuard Training.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Using the Engaging Networks email tools Ghazal Vaghedi Toronto February 21, 2012 #12ENCONF.

Using the Engaging Networks tools Ghazal Vaghedi Toronto February 21, 2012 #12ENCONF.
October 16, 2012 2012 Community Conference Broadcast email tool Marta Fornal de Seixas: Engaging Networks.

October 16, Community Conference Broadcast tool Marta Fornal de Seixas: Engaging Networks.
Broadcast email service Core tools. Agenda 1.Introduction – email tool and its main features 2.Setting up and sending a simple broadcast email 3.Achieving.

Broadcast service Core tools. Agenda 1.Introduction – tool and its main features 2.Setting up and sending a simple broadcast 3.Achieving.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Similar presentations

Ads by Google