|
|
|
SERVICES (Process Explanation)
|
|
Email Filtering > SMTP Envelope Verification
|
The "Pre-Scan Envelope" stage allows Network Box to pre-scan the message envelope (module, sender's IP, sender's email address, recipient list) and return a result code, prior to actually accepting the message. This has several key advantages. If the envelope is invalid, the body of the message is not received. This saves bandwidth, CPU and disk utilization as the message is never received and hence never scanned.
Another key advantage is that this feature allows the Network Box to refuse acceptance. The sender is responsible for non-delivery notifications, not the Network Box. If the envelope is invalid the Network Box never accepts ownership and responsibility of the message in the SMTP trail. This also reduces the mail queues, and overhead of NDR notification raising and delivery, on the box itself.
Envelope Verification provides for:
- Blacklisting of recipient email addresses (and domains).
- Blacklisting of sender email addresses (and domains).
- Blacklisting of sender IP addresses and subnet ranges.
- Blacklisting of sender IP addresses by real time blacklist lookup (commonly called "reputation")
- Verification of sender email address (for local domains)
- Verification of recipient email addresses (for local domains).
The last 2 points are called "envelope sender/recipient verification". This feature works at the entire email address (rather than domain) level. For example, say "acme.com" is our domain. The Network Box can already be told to accept email on behalf of "acme.com" for scanning and delivery, but what about individual users. As the box acts as a "backup MX", it can verify the domain, but it has no way of verifying the user part of the email address.
With Envelope Sender/Recipient Verification system, for each email address in a list of local domains, the Network Box queries a local server to verify that email address (including the user part of the address) and will only accept the email if the verification succeeds. In this way, the box can effectively combat non-existent email addresses (usually obtained by directory harvesting).
The problem with such sender/recipient verification is that it may potentially leak information regarding which users exist and which don't. The Network Box overcomes this issue by accepting the host, sender and recipient list, and then either accepting, temporary failing, or permanently rejecting that entire set (with a suitable error message). The Network Box never replies that a particular email address is invalid. It simply replies that "One or more of the sender's IP, address or recipients is not accepted".
Envelop verification can be applied also to the sender, if the email is coming from the client?s domain. Spammers often forge the sender as well as the recipient, and they forge the sender as one of the local email addresses. An example of this would be a spam from joe@acme.com to peter@acme.com. With Network Box Envelope Sender Verification, the Network Box can verify the sender joe@acme.com to ensure it is valid.
In tests on live customer boxes, much as 60% of incoming spam email was cut out (never accepted/scanned) by implementing sender/recipient verification. All this is done at the envelope level (before receipt of the message itself) - saving incredible amounts of resources and bandwidth.
Read More
|
|
|
|
|
| |
|
|
|
|
Today, a network security system updated at this time yesterday has probably been vulnerable to attacks for over twenty-three hours. Few companies in the world have the time, equipment, budget or experienced IT personnel, to keep up with the level of security threats posed by the Internet today. Any network security system based only on sporadic updating is likely to be out of date, and therefore potentially useless, even before initial installation.
|
|
|
|
| |
|
