Anti-Spam - IronMail Powered by TrustedSource

Spam frustrates workers and creates corporate liability for offensive material that reaches end users. It is a constant drain on bandwidth and availability and, when it spikes in volume, it acts as a de facto denial of service attack, knocking out filtering and mail servers and creating vulnerabilities to other types of attack.

Utilizing CipherTrust’s best-in-class TrustedSource Reputation Service, IronMail delivers the most accurate, effective, scalable and easy-to-manage anti-spam protection available. CipherTrust pioneered the email security appliance market and we remain at the forefront in the war against spam, committed to delivering the highest level of protection available.

Real-World Return on Investment: Reducing Volume at Cox Communications

Key Benefits and Functionality

Message Profiler: Accuracy and Effectiveness

IronMail was the first product to integrate and correlate signature- and content-based techniques into a single, combined detection engine. IronMail’s Message Profiler technology uses a variety of detection techniques to examine over 1000 characteristics of a message, which creates a precise score for each message in order to determine the probability that a message is spam or some other threat.

But even with the power of the Message Profiler, new techniques must be added to stay ahead of the bad guys. The most significant recent addition to the Message Profiler was combining analysis of the message, both signature-based and content–based, with analysis of the sender. Known as “reputation tracking,” this technique involves monitoring and categorizing e-mail senders by their IP addresses and tracking whether those IP addresses send spam. Reputation has been proven to be a very reliable indicator of whether a message will be spam. In fact, IronMail’s integration of reputation tracking brought its industry-leading spam effectiveness rate to 98-99% with a false positive rate of virtually zero.

Reputation scoring approaches can be very simple, based on information as basic as total mail volume sent by a given IP address or number of complaints about spam originating from an IP address, but those data sources do not provide enough precision to really determine sender intent. More sophisticated information and analysis, such as precisely measured message quality, relationship between sender and recipient and sending frequency analysis, provides a highly precise “scalpel” for identifying and even predicting message quality based on who sent the message.

CipherTrust’s reputation system, TrustedSource, predicts the behavior of a sender, even if that IP address does not have an established reputation. CipherTrust research has proven that senders are “guilty until proven innocent,” meaning senders who have not been previously encountered by any of the more than 3000 IronMail appliances in the field are highly likely to be “zombie” machines – PCs that have been hijacked by hackers and used to send spam, viruses and other unwanted messages. As opposed to other offerings that do not integrate reputation into the spam scoring, leveraging TrustedSource data ensures the most accurate and effective spam blocking.

Connection Control: Volume Reduction

Given the growing volume of spam, connection management – “throttling” the incoming e-mail traffic by intelligently deciding whether to accept incoming connections from a sender – is now a critical part of the protection solution. Sender reputation data plays a key role in this process and the more accurate and precise the reputation data, the smaller the risk of dropping connections from good senders.

IronMail’s Connection Control uses the TrustedSource reputation system, rejecting mail from senders that have a history of sending spam. While the total number of IP addresses blocked is only a small percentage of the total incoming connections, the number of messages dropped range from 30% to 60%. Connection Control is far more accurate than a black list because the “bad” IPs are blocked for proprietary intervals of time (up to a few days) and then by dynamically re-evaluating the sender. If the sender continues to send unwanted mail, the blocking cycle begins again, a truly unique approach not seen anywhere else in the industry. Since having to resend messages costs money, over time Connection Control convinces spammers that your domain is a poor target for their efforts. With fewer emails to scan, IronMail’s effective throughput rises significantly, increasing your protection along with IronMail’s ROI.

ThreatResponse™: Maximum Protection, Minimal Administration

Spammers develop new attack vectors every day. Therefore, anti-spam solutions must be constantly tuned, factoring in new techniques and optimizing them based upon what’s happening in real time. Many enterprises however, don’t have the resources to keep tuning; they just want the spam to stop.

CipherTrust research scientists and engineers continually collect, verify and update lists, rules, and configurations used by customers and then tune and test the updates against vast, up-to-date data stores of new spam and good mail from over 4000 IronMail appliances deployed worldwide. CipherTrust has automated this process using Genetic Tuning, a proprietary analysis technique borrowed from DNA research. Genetic Tuning tests combinations of values for thousands of message characteristics and identifies the optimal combination of values for all characteristics examined by IronMail, quickly and with unprecedented accuracy.

CipherTrust’s ThreatResponse Updates are then streamed automatically to IronMail units in the field, keeping them up-to-date with the latest algorithms and settings to ensure optimum performance at all times, no matter what technique spammers choose to employ.