Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Modern Anti-Spam: Rejection - No Sorting


Published on

Published in: Technology, News & Politics

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Modern Anti-Spam Rejection – No Sorting Thomas Stensitzki
  • 2. Introduction Page  2 Thomas Stensitzki Senior Consultant MCSM Messaging, MCM: Exchange 2010 MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP Blog: Email: Twitter: apoc70
  • 3. Spam in numbers  ~88% of received messages are spam  Postini: Only 12% of received emails are legitimate (Feb 2013)  Microsoft: 94% spam, 600 million emails a week  Trend Micro: Spam ratio varies by country Page  3
  • 4. Damage and cost  Loss in end-user productivity  Restrained mobile access  Loss of communication  Loss of bandwidth  Waste of storage - Mailbox databases - Archive storage (expensive) Example for loss of productivity: 30 spams = 5 minutes x 220 working days per year 2 working days per year and employee Page  4
  • 5. Rejection  No interruption of end-user routine  False positives easy to handle  Self learning connections and domain trusts  No waste of mailbox database storage  No waste of archive storage  RFC compliant rejection (NDR)  Reduced administrative intervention Page  5 Comparison Sorting (classic approach)  Interuption of end-user working routine  Manual action by end-user required  Waste of mailbox database storage  Waste of archive storage  Risk of large number of unhandled spam messages
  • 6. Rejection Delivered Blocked Sound email OK Spam nuisance OK Page  6 Comparison Sorting (classic approach) Delivered Blocked Sound email OK danger Spam nuisance OK  Scanning – Assessment – Rejection  Sound senders are sent a NDR  Spammers are unable to deliver  Risk of false positives is defused - Sound senders can react on NDR  Receiving – Assessment – Processing - Deletion, Quarantine, Marking Depending on product  False Positives - Danger of important information being lost without sender and recipient knowing about it
  • 7. Solution NoSpamProxy  Rejection instead of sorting - The alternative approach to spam protection  Sound emails are identified - Self learning mechanism to identify desired connections and handling domain trusts  Customizable to business needs - Detailed rule set of filters and actions for incoming and outgoing messages  Scalable Anti-Spam Solution  CommTouch Anti-Virus and Anti-Spam integrated in product  Component of Net at Work Mail Gateway Page  7
  • 8. Legal considerations  Applicable in Germany: § 206 StGB: „It is a criminal offence to suppress an entrusted communication“  Once an email has been received, its deletion or filtering by a third party is an offence - That is the primary reason why even spam must be archived  NoSpamProxy does not accept spam nor does it suppress or any communication entrusted to it - A regular NDR is being generated  BSI*: Analogy between Spam and unsolicited advertising Page  8 *BSI: Federal Office for Information Security
  • 9. User Interface Page  9  Multi-Role server with default rule set
  • 10. Sound email  Concentrating on negative spam characteristics leads to false positives  Unique Level of Trust technology  Bonus points for desired email connections (sender – recipient)  System learns dynamically about desired connections  Easy authorization of senders - Simple send an email to the external sender to authorize incoming messages  Enables applying more stringent spam filtering rules - Various filters and actions are available Page  10
  • 11. CommTouch Anti-Virus and Anti-Spam Page  11 Dicovery Outbreak peak First signature 90% of Top AV vendors have published signatures Start of outbreak vRPD Outbreak Protection 20-30 hours RPDdetection:0.5-2minutes AV Signature
  • 12. In a nutshell  Acts as a SMTP proxy  Spam is identified while message is in transmission - Connection can be aborted with a 5xx error status to the sending MTA  Installed as the first SMTP endpoint from the internet - Next hop can be an Edge server role or an internal Hub server role Page  12 External SMTP servers NoSpamProxy Internal MTA
  • 13. Topology example Page  13 AD External SMTP servers Exchange Server Transport Role Enterprise Network NoSpamProxy Gateway Role Server1/2 NoSpamProxy User Management Role Reporting Role SMTP Web Service Internet facing servers not domain joined Internal server domain joined One gateway server possible, but no redundancy
  • 14. Summary  No loss of Information – sender is informed  No wasted working hours, no manual ploughing through quarantine  Self learning system  Fully customizable set of rules  IT Resource saving (bandwidth, storage, maintenance)  Full legal compliance Page  14
  • 15. Questions Page  15 Blog: Email: Twitter: apoc70