Our Corporate Anti-Spam and Anti-Virus service for corporate email gateways and domains. Maxim extends our standard Corporate Anti-Spam and Anti-Virus gateways by providing process intensive enhanced spam and virus detection which greatly reduces the volume to Spam to virtually zero. We utilise artificial intelligence and probability modelling to identify possible spam and phishing and flag it for analysis and either pass-through or termination. Organisations can process our signal headers using their own rules to adjust the level of filtering as they see fit. Our UK team work 24/7 monitoring, analysing, flagging and adjusting the filters to ensure maximum protection is achieved at all times whilst reducing the false positive rate to almost zero.
The fight against Spam
The detection of spam is a continuos battle between the spammers and companies like us who are dedicated to eliminating it. As we evolve so do the spammers and we have to invest ever more complex and expensive technologies to counter them. Some of the technologies are outlined below:
The internet is governed by a set of standards known as RFC's and the email delivery protocol is specified by RFC822 and RFC5321. The standards exist so that email can be interoperable between all platforms and servers, but spammers using email bots don't care about being compliant. By enforcing the standards and rejecting violations we can eliminate a percentage of spam, and of course legitimate email from organisations who can't configure their email system correctly.
A number of worthy organisations like Spamhaus, SpamCop, Talos, etc are dedicated to maintaining lists of domains, hosts and subnets which are used to originate spam. Using these blacklists is an expensive but effective tool to eliminate a good percentage of spam at the first gate. Blacklists however are not truly realtime, and there is always a delay between a spammer launching a mass mailing and the blacklists listing it.
Several technologies exist to verify sender domains and hosts such as SPF & DKIM and these can serve (where used by the receiving server) to block spoofed spam which constitutes the vast majority of scams. For example, the HMRC who are under constant attack from scammers specify in their SPF records two hosts that are allowed to send email for @hmrc.gov.uk and of course the spammers cannot originate email from those addresses so SPF wins the day and any email coming from, say firstname.lastname@example.org that doesn't come from the two hosts listed in the SPF record are canned. This however all falls down then either the receiving server doesn't check, the sending organisation doesn't use it, or the sending organisation has been compromised.
The domain name system is that which coverts gen.net.uk to 126.96.36.199 and back again, and when you send email to someone @gen.net.uk DNS gives up the address of the mail server that is designated to receive that email, in this case farpoint.gen.net.uk. The RFC1124/1124 which form part of Internet Standard 1 specify clearly that every host on the internet should have forward and reverse DNS, that is gen.net.uk to 188.8.131.52 and 184.108.40.206 to gen.net.uk. So, when a host spamer.com connects from 220.127.116.11 to our mail server, we (a) check that 18.104.22.168 corresponds to spammer.com, that spammer.com has a valid MX record and that the host listed in the MX record actually exists on the internet. This is particularly hard for a spammer to forge and therefore this check eliminates a percentage of spam as well as a percentage of legitimate email from companies who don't know how to setup DNS correctly.
By far the most effective tool at eliminating spam which passes all the above tests is pattern matching. This involves looking and detecting elements in the body of an email and assigning a score to each detection. An example would be a HTML only email which scores 3 points, external links to pictures which scores 0.2 points each and so on. The more spammy the email the most points it will accumulate and once a threshold is reached the message is flagged as spam. Content filtering can make use of content lists which are maintained by third parties and provide known phrases and content to score.
Many, in fact almost all spam email contains a link (or links) to websites to complete the process. These links (or URI's) are constantly changing but lists are maintained and inward email is checked for these URI's and excluded if found to contain one or more. This means that even if a spam flood is being originated from many hosts at once we can still trap it at the gateway based on content.
Bayesian Probability Filtering
A gross simplification of this would be that email which is known to be spam can be 'learned' and that data used to identify 'similar' spam. The area of mathematics is complex and the techniques even more so, but the result is the same in that spam that looks like spam based on learned data can be flagged as such, usually by giving it a score, such as +10
Every email passing through our gateways is deconstructed, extracted and exported to a folder, then it is scanned for viruses and other threats before being re-assembled and sent onwards. Infected components are removed whereas possibly infected or malicious components are isolated and passed on with a warning. Clearly dangerous attachments such as executeables, macros, etc are removed regardless. An optional warning can be inserted into all email's carrying attachments, instructing the receipient to ONLY open the attachments if they are from a known sender.
When you combine all these techniques together you wind up with a spam detection system that, in our tests has an effective performance of 99.67% which is exceptional in the market. Spammy email is passed through with subject modifications for your gateway to filter (or not) as you require, or for individual users to filter using IMAP or similar rules. Full Diagnostic information is provided in email headers to permit more complex filtering based on spam score or infection type should this be required by your IT Team. Unlike providers such as Mimecast we will not cause you endless issues with mail delivery or receipt and we will respond quickly and efficiently to queries.
Customers with GENX and GENZone and those with gateways and dedicated services can have this added to their email feed for a nominal charge, but this service is available to any company regardless of their email system.
For more information or to request a free 30 day demo please contact us today.