Home | Case Studies | Testimonials | Whitepapers | Contact Us
Customer Portal
Home > Managed Security > Services > Email Filtering
SERVICES
Email Filtering

The Network Box email filtering works at different stages during the receipt of an email.

The Network Box works as an email relay for your internal domain, and any attempt to connect via SMTP to your email server are intercepted by the Network Box. The Network Box replies on behalf of your server, accepts the SMTP connection, scans the email, and delivers it to your server. The remote server never makes a direct connection to your email server. This offers a great deal of protection for your server from many kinds of Internet attacks.

When an SMTP connection is made, the Network Box has mechanisms to protect your network from DoS attacks and mail bomb attacks, and to limit the number of connections remote servers can make to your Network Box. It can also be configured to reject SMTP connections from entire countries, by verifying the country origin of the incoming IP address. Of course the firewall can be configured to accept or reject SMTP connections form specified IP addresses or entire subnets.

Once an SMTP connection is accepted, the Network Box accepts the Envelope of the email and runs the first stage of scanning - Envelope Verification. Only if the email passes the Envelope Verification stage, the body of the email is accepted. At this point the email is saved on the disk on the box, and it is first scanned for viruses and policy with the Anti-Virus scanning.

Among the policy verification techniques, it is to be mentioned the File and Mime Type Verification: The Network Box can recognize the true content of an attachment, independently from the name or extension of the attachment itself. As of today the Network Box is the only UTM product that can actually scan inside an email attachment to determine its true file or mime type. Which means that the Network Box can determine what a file really is, rather than what its name and extension say it is.

If the email contains malware such as a virus, a Trojan, java script, executable binary object of any kind embedded into the body of the email, or an attachment forbidden by company policy (i.e. an executable attachment), the email is quarantined on the box and a notification can be sent as specified in the configuration.

An important feature of the anti virus and policy enforcement of the Network Box is the ability to block java script, iFrame and binary code embedded into an email, even if hidden.

It was common practice for a while to send out free newsletters which contained java script. These apparently free newsletters often contained marketing spy-ware aimed at obtaining data that the sender could sell to pay for the newsletter itself. Though this practice has now greatly decreased, the use of Java code to distribute threats has actually increased and has gone from marketing spy-ware to true malware. We see often that emails that appear to be spam, in reality contain Java code. You must wonder why a spammer would send Java code in an email. The reason is simple: once on your computer, this code will activate and download the actual threat. A Java script may not contain a threat per se?, but it may download a threat on your workstation once activated. The general rule adopted by Network Box is that there is truly never a reason why someone should send you active code in an email, unless you are fully aware of it and ready to accept it.

Only if the email passes the anti virus scanning, it is passed to the anti spam feature. The Anti-Spam feature can quarantine spam on the box itself. The box can email a report to any or all of your users, with the list of emails directed to each one of them and that were quarantined because they contained malware or spam. This feature is called the Mail Portal.

Network Box Anti-SPAM engine has adapted to identify and block Multi-Defense Resistant spam that is slightly modified by the spammers to appear as unique individualized business e-mail messages. Read More...

Outbound Email Disclaimer

The Network Box provides a feature for outbound email that may be useful to many clients ? the Outbound Email Disclaimer. This feature can be setup to add at the bottom of every outbound email any disclaimer the customer wants to add, in text or html format. The disclaimer can be domain specific, so you can create a different one for every domain you own. The feature is of interest for companies desiring to control the disclaimers their users insert automatically at the bottom of their emails. You could establish a policy according to which users cannot actually add their own disclaimers, and then you could add the company approved disclaimer through this feature of the Network Box.
     
Today, a network security system updated at this time yesterday has probably been vulnerable to attacks for over twenty-three hours. Few companies in the world have the time, equipment, budget or experienced IT personnel, to keep up with the level of security threats posed by the Internet today. Any network security system based only on sporadic updating is likely to be out of date, and therefore potentially useless, even before initial installation.
Security Links
© Copyright 2003-2007 Network Box USA Inc.