Modern Anti-Spam with NoSpamProxy Protection
Rejection – No Sorting
Thomas Stensitzki

Introduction
Thomas Stensitzki
Principal Enterprise Consultant
Granikos GmbH & Co. KG
MCSM Messaging, MCM: Exchange 2010
MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP
E-Mail: thomas.stensitzki@granikos.eu
Web: http://www.granikos.eu
Blog: http://blog.granikos.eu

Spam in numbers
~88% of received messages are spam
~4% of received messages have malicious content
Postini: Only 12% of received emails are legitimate (Feb 2013)
Microsoft: 94% spam, 600 million emails a week
Trend Micro: Spam ratio varies by country
http://bit.ly/GlobalSpamMap

Spam ratio per country (Jan 2014 – Feb 2015)
> 80%
50% - 80%
20% - 50%
< 20%
Source: TrendMicro

Damage and cost
Loss in end-user productivity
Restrained mobile access to company resources
Loss of communication
Loss of network bandwidth
Waste of storage
- Mailbox databases
- Archive storage (expensive)
Example for loss of productivity:
30 spams per day = 5 minutes x 220 working days per year
2 working days per year and employee
Page  5

Rejection
No interruption of end-user routine
False positives easy to handle
Self learning connections and domain
trusts
No waste of mailbox database storage
No waste of archive storage
RFC compliant rejection (NDR)
Reduced administrative intervention
Sorting (classic approach)
Interuption of end-user working routine
Manual action by end-user required
Waste of mailbox database storage
Waste of archive storage
Risk of large number of unhandled spam
messages
Comparison
Page  6

Rejection
Delivered Blocked
Sound email OK
Spam nuisance OK
Sorting (classic approach)
Delivered Blocked
Sound email OK danger
Spam nuisance OK
Comparison
Scanning – Assessment – Rejection
Sound senders are sent a NDR
Spammers are unable to deliver
Risk of false positives is defused
- Sound senders can react on NDR
Receiving – Assessment – Processing
- Deletion, Quarantine, Marking
Depending on product
False Positives
- Danger of important information being lost without
sender and recipient knowing about it

Solution
NoSpamProxy® Protection – Mail Gateway
Rejection instead of sorting
- The alternative approach to spam protection
Sound emails are identified
- Self learning mechanism to identify desired connections and handling domain trusts
Customizable to business needs
- Detailed rule set of filters and actions for incoming and outgoing messages
Scalable Anti-Spam Solution
CYREN Premium Anti-Virus integrated in product
Component of Net at Work Mail Gateway

Legal considerations
Applicable in Germany: § 206 StGB:
„It is a criminal offence to suppress an entrusted communication“
Once an email has been received, its deletion or filtering by a third party is an
offence
- That is the primary reason why even spam must be archived
NoSpamProxy does not accept spam nor does it suppress any communication
entrusted to it
- A regular NDR is being generated
BSI*: Analogy between Spam and unsolicited advertising
*BSI: Federal Office for Information Security

User Interface
Multi-Role server with default rule set

Sound email
Concentrating on negative spam characteristics leads to false positives
Unique Level of Trust technology
Bonus points for desired email connections (sender – recipient)
System learns dynamically about desired connections
Easy authorization of external senders
- Simple send an email to the external sender to authorize incoming messages
Enables applying more stringent spam filtering rules
- Various filters and actions are available

In a nutshell
Acts as a SMTP proxy
Spam is identified while message is in transmission
- Connection can be aborted with a 5xx error status to the sending MTA
Installed as the first SMTP endpoint from the internet
- Next hop can be an Edge server role or an internal Hub server role
Company NetworkNoSpamProxy Protection
Multi-Role
Exchange
Server

Topology example 1
Internet facing servers
not domain joined
Internal server domain
joined
One gateway server
possible, but no
redundancy
1 Gateway Role
1 Intranet Role
AD
Exchange Server
Transport Role
Enterprise Network
NoSpamProxy
Intranet Role
NoSpamProxy Protection
Gateway Rolle
HTTPS

Topology example 2
AD
External
SMTP
servers
Exchange Server
Transport Role
Enterprise Network
NoSpamProxy
Gateway Role
Server1/2
NoSpamProxy
Intranet Role
SMTP
Web Service
Internet facing
servers not domain
joined
Internal server
domain joined
Redundant Email
Servers
N Gateway Role
1 Intranet Role

NoSpamProxy® Encryption (aka enQsig)
Centralized email signing and encryption at the gateway
Supports S/MIME and PGP
Centralized certificate store and cert provisioning
Qualified signatures applied to electronic invoices (INVOIC-Messages)
Password protected emails with PDF Mail
De-Mail connector and interface to Deutschland-Online Infrastruktur (DOI)
Interfaces to ECM- and other email systems

NoSpamProxy® Large File
Large files exchange via secure portal
Email client integration (Outlook)
Portal provided as SSL/TLS secure web server
Access password protected
No use of cloud storage

Summary
No loss of Information – sender is informed
No wasted working hours, no manual ploughing through quarantine
Self learning processes
Fully customizable set of rules
IT Resource saving (bandwidth, storage, maintenance)
Full legal compliance
Additional modules for email encryption and file exchange
- NoSpamProxy Encryption
- NoSpamProxy Large File

Questions
Email: info@granikos.eu
Web: http://www.granikos.eu
Blog: http://blog.granikos.eu
Twitter: @Granikos_DE