Sentinel Anti-Spam FAQ's

What is Spam?

Email, as a highly effective and universally used form of online communication, is vulnerable to manipulation by unscrupulous advertisers, criminals and hackers. Phishing, Malware and spam are commonly distributed to unsuspecting users by email. Spam email (unsolicited bulk commercial email) comprises over 80% of all email in the world today.

Spam Email - also known as junk email, involves nearly identical messages sent to numerous recipients by email. A common synonym for spam is unsolicited bulk email. The email is unsolicited and sent in bulk to hundreds of email addresses, frustrating and annoying email users.

Malware - viruses, worms, Trojan horses etc, designed to infiltrate or damage a computer system.

Phishing - criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and financial information (credit card details, account numbers) by masquerading as a trustworthy entity in an electronic communication.

Definitions from Wikipedia.

The Spam Problem

  • Spam accounts for 50-60% of all mail traffic during an average week and 85-90% over weekends.
  • Approximately 5 in 120 email messages contain a virus.
  • A site processing 50,000 messages per day wastes time and resources on around 45,000 spam and virus messages!

Sentinal Anti-Spam Solution

ITNT Sentinal Anti-Spam is designed to protect your organisation from emails containing spam, malware (viruses) and phishing. These emails can flood organisations’ networks and cause major disruptions, in addition to the irritation of receiving hundreds of emails that have nothing to do with your day-to-day business dealings. Our anti-spam solution will save your organisation a considerable amount of bandwidth by ensuring that only legitimate email is delivered. All Spam is quarantined and blocked from being delivered to your corporate networks.

Sentinal Anti-Spam includes the following:

  • A virus engine that updates hourly.
  • A dynamic anti-spam engine that learns from emails being delivered by the system for spam classification.
  • Every email is checked for spam and viruses.
  • A quarantine area that holds all blacklisted or virus related email. All emails are stored in the quarantine area for 30 days.
  • An email release mechanism to allow users to release quarantined emails.
  • Detailed reports showing the following:
  • Email usage
  • Viruses blocked by the system
  • Spam rules used to block spam emails
  • Top senders
  • Top recipients

Sentinal Anti-Spam Process

ainti-spam process

Spam Scanning and Handling

Most of the spam scanning is done with the help of SpamAssassin:

  • DNS blacklists
  • Over 850 heuristic rules
  • Bayesian probability system
  • Distributed network-based checks such as
  • Razor, DCC, Pyzor which track the frequency of messages around the world to identify spam
  • Sender and recipient header checks to reject bogus or spoofed mail prior to delivery
  • Suspicious messages are tagged and quarantined on server (30 days)
  • Messages are stripped to plain text and encapsulation - extremely effective against the rising tide of pornographic spam

Virus Scanning and Handling

  • Scans all e-mail passing through it for viruses using any combination of the supported anti-virus engines
  • Attachments containing viruses or other security problems are removed
  • All safe content is delivered untouched

Attachment Filenames & Contents

  • Allows/denies attachments based on filename and file content, providing implementation of any email security policy
  • Easily used to block attachments which are common ways of disguising viruses, e.g. ReadMe.doc.exe

HTML-based Attacks

  • Scans for common signs of attack such as <IFrame> and <Script> HTML tags. Both have been used many times to exploit vulnerabilities in Outlook (& Express) and Internet Explorer
  • Dangerous HTML content can be stripped

Other Attacks handled

  • Removes and/or highlights potential Phishing fraud
  • Denial of Service attacks such as the “Zip of Death” and DNS blocks
  • Looks for, and will optionally ban messages with “external bodies” and
  • “partial” or fragmented messages
  • Attempts to scan these would open up system to Denial of Service attacks
  • Quietly fixes Eudora/Cyrus IMAP incompatibilities

All emails classified as spam are stored in a quarantine section on the server for 60 days. An administrator has rights to release these if necessary. All data is stored in a SQL database for ease of reporting and statistical analysis.

ITNT MAIL SPOOLING

ITNT offers a mail spooling service for hosts that do not have a full time connection or as a backup email solution in the event of your mail exchange server going offline. Emails coming to yourdomain.com will be queued in our mail server. If your mail server has an intermittent Internet connection then the mail server in your corporate LAN connects to our server to de-queue the mails. Common PC LAN GroupWare Applications like Novell GroupWise and Microsoft Exchange support ETRN for mail retrieval. The ETRN command is an extended Simple Mail Transfer Protocol (SMTP) e-mail de-queuing command that is issued to an e-mail host for Internet e-mail retrieval. Otherwise, our server will automatically send all queued mail to your server when it becomes available.

To ensure that your e-mail is free from viruses and spam, we protect your mailbox with anti-spam and anti-virus software. You can therefore receive e-mails without having to worry about downloading a computer virus or have your staff members receiving unwanted spam.

Greylisting

Learn more about greylisting.

Phishing

Learn more about phishing.