Modern Anti-Spam Protection - Rejection, no sorting

Granikos GmbH & Co. KG
Feb. 8, 2015

More Related Content


Modern Anti-Spam Protection - Rejection, no sorting

  1. Modern Anti-Spam with NoSpamProxy Protection Rejection – No Sorting Thomas Stensitzki
  2. Introduction Thomas Stensitzki Principal Enterprise Consultant Granikos GmbH & Co. KG MCSM Messaging, MCM: Exchange 2010 MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP E-Mail: Web: Blog:
  3. Spam in numbers ~88% of received messages are spam ~4% of received messages have malicious content Postini: Only 12% of received emails are legitimate (Feb 2013) Microsoft: 94% spam, 600 million emails a week Trend Micro: Spam ratio varies by country
  4. Spam ratio per country (Jan 2014 – Feb 2015) > 80% 50% - 80% 20% - 50% < 20% Source: TrendMicro
  5. Damage and cost Loss in end-user productivity Restrained mobile access to company resources Loss of communication Loss of network bandwidth Waste of storage - Mailbox databases - Archive storage (expensive) Example for loss of productivity: 30 spams per day = 5 minutes x 220 working days per year 2 working days per year and employee Page  5
  6. Rejection No interruption of end-user routine False positives easy to handle Self learning connections and domain trusts No waste of mailbox database storage No waste of archive storage RFC compliant rejection (NDR) Reduced administrative intervention Sorting (classic approach) Interuption of end-user working routine Manual action by end-user required Waste of mailbox database storage Waste of archive storage Risk of large number of unhandled spam messages Comparison Page  6
  7. Rejection Delivered Blocked Sound email OK Spam nuisance OK Sorting (classic approach) Delivered Blocked Sound email OK danger Spam nuisance OK Comparison Scanning – Assessment – Rejection Sound senders are sent a NDR Spammers are unable to deliver Risk of false positives is defused - Sound senders can react on NDR Receiving – Assessment – Processing - Deletion, Quarantine, Marking Depending on product False Positives - Danger of important information being lost without sender and recipient knowing about it
  8. Solution NoSpamProxy® Protection – Mail Gateway Rejection instead of sorting - The alternative approach to spam protection Sound emails are identified - Self learning mechanism to identify desired connections and handling domain trusts Customizable to business needs - Detailed rule set of filters and actions for incoming and outgoing messages Scalable Anti-Spam Solution CYREN Premium Anti-Virus integrated in product Component of Net at Work Mail Gateway
  9. Legal considerations Applicable in Germany: § 206 StGB: „It is a criminal offence to suppress an entrusted communication“ Once an email has been received, its deletion or filtering by a third party is an offence - That is the primary reason why even spam must be archived NoSpamProxy does not accept spam nor does it suppress any communication entrusted to it - A regular NDR is being generated BSI*: Analogy between Spam and unsolicited advertising *BSI: Federal Office for Information Security
  10. User Interface Multi-Role server with default rule set
  11. Sound email Concentrating on negative spam characteristics leads to false positives Unique Level of Trust technology Bonus points for desired email connections (sender – recipient) System learns dynamically about desired connections Easy authorization of external senders - Simple send an email to the external sender to authorize incoming messages Enables applying more stringent spam filtering rules - Various filters and actions are available
  12. In a nutshell Acts as a SMTP proxy Spam is identified while message is in transmission - Connection can be aborted with a 5xx error status to the sending MTA Installed as the first SMTP endpoint from the internet - Next hop can be an Edge server role or an internal Hub server role Company NetworkNoSpamProxy Protection Multi-Role Exchange Server
  13. Topology example 1 Internet facing servers not domain joined Internal server domain joined One gateway server possible, but no redundancy 1 Gateway Role 1 Intranet Role AD Exchange Server Transport Role Enterprise Network NoSpamProxy Intranet Role NoSpamProxy Protection Gateway Rolle HTTPS
  14. Topology example 2 AD External SMTP servers Exchange Server Transport Role Enterprise Network NoSpamProxy Gateway Role Server1/2 NoSpamProxy Intranet Role SMTP Web Service Internet facing servers not domain joined Internal server domain joined Redundant Email Servers N Gateway Role 1 Intranet Role
  15. NoSpamProxy® Encryption (aka enQsig) Centralized email signing and encryption at the gateway Supports S/MIME and PGP Centralized certificate store and cert provisioning Qualified signatures applied to electronic invoices (INVOIC-Messages) Password protected emails with PDF Mail De-Mail connector and interface to Deutschland-Online Infrastruktur (DOI) Interfaces to ECM- and other email systems
  16. NoSpamProxy® Large File Large files exchange via secure portal Email client integration (Outlook) Portal provided as SSL/TLS secure web server Access password protected No use of cloud storage
  17. Summary No loss of Information – sender is informed No wasted working hours, no manual ploughing through quarantine Self learning processes Fully customizable set of rules IT Resource saving (bandwidth, storage, maintenance) Full legal compliance Additional modules for email encryption and file exchange - NoSpamProxy Encryption - NoSpamProxy Large File
  18. Questions Email: Web: Blog: Twitter: @Granikos_DE

Editor's Notes

  1. 1
  2. A little history of Microsoft Learning titles and abbreviations LinkedIn and other social media connections on homepage