modern anti-spam - rejection, no sorting (version 2014)
TRANSCRIPT
Modern Anti-Spam Rejection – No Sorting
Thomas Stensitzki
Introduction
Page 2
Thomas Stensitzki
Owner Granikos GmbH & Co. KGPrincipal Consultant
MCSM Messaging, MCM: Exchange 2010
MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP
Blog: http://www.sf-tools.netEmail: [email protected]: apoc70
Spam in numbers
~88% of received messages are spam
~4% of received messages have malicious content
Postini: Only 12% of received emails are legitimate (Feb 2013)
Microsoft: 94% spam, 600 million emails a week
Trend Micro: Spam ratio varies by countryhttp://bit.ly/GlobalSpamMap
Page 3
Spam ratio per country (Jan 2014 - Jun 2014)
Page 4
> 80%50% - 80%20% - 50%< 20%
Source: TrendMicro
Damage and cost
Loss in end-user productivity
Restrained mobile access to company resources
Loss of communication
Loss of network bandwidth
Waste of storage- Mailbox databases- Archive storage (expensive)
Example for loss of productivity:30 spams per day = 5 minutes x 220 working days per year
2 working days per year and employee
Page 5
Rejection No interruption of end-user routine
False positives easy to handle
Self learning connections and domain trusts
No waste of mailbox database storage
No waste of archive storage
RFC compliant rejection (NDR)
Reduced administrative intervention
Page 6
Comparison
Sorting (classic approach) Interuption of end-user working routine
Manual action by end-user required
Waste of mailbox database storage
Waste of archive storage
Risk of large number of unhandled spam messages
RejectionDelivered Blocked
Sound email OK
Spam nuisance OK
Page 7
Comparison
Sorting (classic approach)Delivered Blocked
Sound email OK danger
Spam nuisance OK
Scanning – Assessment – Rejection
Sound senders are sent a NDR
Spammers are unable to deliver
Risk of false positives is defused- Sound senders can react on NDR
Receiving – Assessment – Processing- Deletion, Quarantine, Marking
Depending on product
False Positives- Danger of important information being lost
without sender and recipient knowing about it
Solution
NoSpamProxy – Mail Gateway Rejection instead of sorting
- The alternative approach to spam protection
Sound emails are identified - Self learning mechanism to identify desired connections and handling domain trusts
Customizable to business needs- Detailed rule set of filters and actions for incoming and outgoing messages
Scalable Anti-Spam Solution
CYREN Premium Anti-Virus integrated in product
Component of Net at Work Mail Gateway
Page 8
Legal considerations
Applicable in Germany: § 206 StGB: „It is a criminal offence to suppress an entrusted communication“
Once an email has been received, its deletion or filtering by a third party is an offence- That is the primary reason why even spam must be archived
NoSpamProxy does not accept spam nor does it suppress any communication entrusted to it- A regular NDR is being generated
BSI*: Analogy between Spam and unsolicited advertising
Page 9
*BSI: Federal Office for Information Security
User Interface
Page 10
Multi-Role server with default rule set
Sound email
Concentrating on negative spam characteristics leads to false positives
Unique Level of Trust technology
Bonus points for desired email connections (sender – recipient)
System learns dynamically about desired connections
Easy authorization of external senders- Simple send an email to the external sender to authorize incoming messages
Enables applying more stringent spam filtering rules- Various filters and actions are available
Page 11
In a nutshell
Acts as a SMTP proxy
Spam is identified while message is in transmission- Connection can be aborted with a 5xx error status to the sending MTA
Installed as the first SMTP endpoint from the internet- Next hop can be an Edge server role or an internal Hub server role
Page 12
Internet DMZ Internes Netzwerk
Mail Gateway Interner Mail-ServerExterner Mail-Server
Topology example
Page 13
AD
External
SMTPservers
Exchange ServerTransport Role
Enterprise Network
NoSpamProxyGateway RoleServer1/2
NoSpamProxyIntranet Role
SMTP
Web Service
Internet facing servers not domain joined
Internal server domain joined
One gateway server possible, but no redundancy
Summary
No loss of Information – sender is informed
No wasted working hours, no manual ploughing through quarantine
Self learning system
Fully customizable set of rules
IT Resource saving (bandwidth, storage, maintenance)
Full legal compliance
Page 14