Modern Anti-Spam
Rejection – No Sorting
Thomas Stensitzki
Introduction
Page  2
Thomas Stensitzki
Senior Consultant
MCSM Messaging, MCM: Exchange 2010
MCSE, MCSA, MCITP, MCTS, MCSA...
Spam in numbers
 ~88% of received messages are spam
 Postini: Only 12% of received emails are legitimate (Feb 2013)
 Mi...
Damage and cost
 Loss in end-user productivity
 Restrained mobile access
 Loss of communication
 Loss of bandwidth
 W...
Rejection
 No interruption of end-user routine
 False positives easy to handle
 Self learning connections and domain
tr...
Rejection
Delivered Blocked
Sound email OK
Spam nuisance OK
Page  6
Comparison
Sorting (classic approach)
Delivered Block...
Solution
NoSpamProxy
 Rejection instead of sorting
- The alternative approach to spam protection
 Sound emails are ident...
Legal considerations
 Applicable in Germany: § 206 StGB:
„It is a criminal offence to suppress an entrusted communication...
User Interface
Page  9
 Multi-Role server with default rule set
Sound email
 Concentrating on negative spam characteristics leads to false positives
 Unique Level of Trust technology
...
CommTouch Anti-Virus and Anti-Spam
Page  11
Dicovery Outbreak
peak
First
signature
90% of Top AV vendors have
published s...
In a nutshell
 Acts as a SMTP proxy
 Spam is identified while message is in transmission
- Connection can be aborted wit...
Topology example
Page  13
AD
External
SMTP
servers
Exchange Server
Transport Role
Enterprise Network
NoSpamProxy
Gateway ...
Summary
 No loss of Information – sender is informed
 No wasted working hours, no manual ploughing through quarantine
 ...
Questions
Page  15
Blog: http://www.sf-tools.net
Email: thomas@sf-tools.net
Twitter: apoc70
Upcoming SlideShare
Loading in...5
×

Modern Anti-Spam: Rejection - No Sorting

1,125

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,125
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Modern Anti-Spam: Rejection - No Sorting

  1. 1. Modern Anti-Spam Rejection – No Sorting Thomas Stensitzki
  2. 2. Introduction Page  2 Thomas Stensitzki Senior Consultant MCSM Messaging, MCM: Exchange 2010 MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP Blog: http://www.sf-tools.net Email: thomas@sf-tools.net Twitter: apoc70
  3. 3. Spam in numbers  ~88% of received messages are spam  Postini: Only 12% of received emails are legitimate (Feb 2013)  Microsoft: 94% spam, 600 million emails a week  Trend Micro: Spam ratio varies by country Page  3
  4. 4. Damage and cost  Loss in end-user productivity  Restrained mobile access  Loss of communication  Loss of bandwidth  Waste of storage - Mailbox databases - Archive storage (expensive) Example for loss of productivity: 30 spams = 5 minutes x 220 working days per year 2 working days per year and employee Page  4
  5. 5. Rejection  No interruption of end-user routine  False positives easy to handle  Self learning connections and domain trusts  No waste of mailbox database storage  No waste of archive storage  RFC compliant rejection (NDR)  Reduced administrative intervention Page  5 Comparison Sorting (classic approach)  Interuption of end-user working routine  Manual action by end-user required  Waste of mailbox database storage  Waste of archive storage  Risk of large number of unhandled spam messages
  6. 6. Rejection Delivered Blocked Sound email OK Spam nuisance OK Page  6 Comparison Sorting (classic approach) Delivered Blocked Sound email OK danger Spam nuisance OK  Scanning – Assessment – Rejection  Sound senders are sent a NDR  Spammers are unable to deliver  Risk of false positives is defused - Sound senders can react on NDR  Receiving – Assessment – Processing - Deletion, Quarantine, Marking Depending on product  False Positives - Danger of important information being lost without sender and recipient knowing about it
  7. 7. Solution NoSpamProxy  Rejection instead of sorting - The alternative approach to spam protection  Sound emails are identified - Self learning mechanism to identify desired connections and handling domain trusts  Customizable to business needs - Detailed rule set of filters and actions for incoming and outgoing messages  Scalable Anti-Spam Solution  CommTouch Anti-Virus and Anti-Spam integrated in product  Component of Net at Work Mail Gateway Page  7
  8. 8. Legal considerations  Applicable in Germany: § 206 StGB: „It is a criminal offence to suppress an entrusted communication“  Once an email has been received, its deletion or filtering by a third party is an offence - That is the primary reason why even spam must be archived  NoSpamProxy does not accept spam nor does it suppress or any communication entrusted to it - A regular NDR is being generated  BSI*: Analogy between Spam and unsolicited advertising Page  8 *BSI: Federal Office for Information Security
  9. 9. User Interface Page  9  Multi-Role server with default rule set
  10. 10. Sound email  Concentrating on negative spam characteristics leads to false positives  Unique Level of Trust technology  Bonus points for desired email connections (sender – recipient)  System learns dynamically about desired connections  Easy authorization of senders - Simple send an email to the external sender to authorize incoming messages  Enables applying more stringent spam filtering rules - Various filters and actions are available Page  10
  11. 11. CommTouch Anti-Virus and Anti-Spam Page  11 Dicovery Outbreak peak First signature 90% of Top AV vendors have published signatures Start of outbreak vRPD Outbreak Protection 20-30 hours RPDdetection:0.5-2minutes AV Signature
  12. 12. In a nutshell  Acts as a SMTP proxy  Spam is identified while message is in transmission - Connection can be aborted with a 5xx error status to the sending MTA  Installed as the first SMTP endpoint from the internet - Next hop can be an Edge server role or an internal Hub server role Page  12 External SMTP servers NoSpamProxy Internal MTA
  13. 13. Topology example Page  13 AD External SMTP servers Exchange Server Transport Role Enterprise Network NoSpamProxy Gateway Role Server1/2 NoSpamProxy User Management Role Reporting Role SMTP Web Service Internet facing servers not domain joined Internal server domain joined One gateway server possible, but no redundancy
  14. 14. Summary  No loss of Information – sender is informed  No wasted working hours, no manual ploughing through quarantine  Self learning system  Fully customizable set of rules  IT Resource saving (bandwidth, storage, maintenance)  Full legal compliance Page  14
  15. 15. Questions Page  15 Blog: http://www.sf-tools.net Email: thomas@sf-tools.net Twitter: apoc70
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×