Modern Anti-Spam - Rejection, No Sorting (Version 2014)

Modern Anti-Spam Rejection – No Sorting

Thomas Stensitzki

Introduction

Page 2

Thomas Stensitzki

Owner Granikos GmbH & Co. KGPrincipal Consultant

MCSM Messaging, MCM: Exchange 2010

MCSE, MCSA, MCITP, MCTS, MCSA, MCSA:M, MCP

Blog: http://www.sf-tools.netEmail: thomas@sf-tools.netTwitter: apoc70

Spam in numbers

~88% of received messages are spam

~4% of received messages have malicious content

Postini: Only 12% of received emails are legitimate (Feb 2013)

Microsoft: 94% spam, 600 million emails a week

Trend Micro: Spam ratio varies by countryhttp://bit.ly/GlobalSpamMap

Page 3

Spam ratio per country (Jan 2014 - Jun 2014)

Page 4

> 80%50% - 80%20% - 50%< 20%

Source: TrendMicro

Damage and cost

Loss in end-user productivity

Restrained mobile access to company resources

Loss of communication

Loss of network bandwidth

Waste of storage- Mailbox databases- Archive storage (expensive)

Example for loss of productivity:30 spams per day = 5 minutes x 220 working days per year

2 working days per year and employee

Page 5

Rejection No interruption of end-user routine

False positives easy to handle

Self learning connections and domain trusts

No waste of mailbox database storage

No waste of archive storage

RFC compliant rejection (NDR)

Reduced administrative intervention

Page 6

Comparison

Sorting (classic approach) Interuption of end-user working routine

Manual action by end-user required

Waste of mailbox database storage

Waste of archive storage

Risk of large number of unhandled spam messages

RejectionDelivered Blocked

Sound email OK

Spam nuisance OK

Page 7

Comparison

Sorting (classic approach)Delivered Blocked

Sound email OK danger

Spam nuisance OK

Scanning – Assessment – Rejection

Sound senders are sent a NDR

Spammers are unable to deliver

Risk of false positives is defused- Sound senders can react on NDR

Receiving – Assessment – Processing- Deletion, Quarantine, Marking

Depending on product

False Positives- Danger of important information being lost

without sender and recipient knowing about it

Solution

NoSpamProxy – Mail Gateway Rejection instead of sorting

- The alternative approach to spam protection

Sound emails are identified - Self learning mechanism to identify desired connections and handling domain trusts

Customizable to business needs- Detailed rule set of filters and actions for incoming and outgoing messages

Scalable Anti-Spam Solution

CYREN Premium Anti-Virus integrated in product

Component of Net at Work Mail Gateway

Page 8

Legal considerations

Applicable in Germany: § 206 StGB: „It is a criminal offence to suppress an entrusted communication“

Once an email has been received, its deletion or filtering by a third party is an offence- That is the primary reason why even spam must be archived

NoSpamProxy does not accept spam nor does it suppress any communication entrusted to it- A regular NDR is being generated

BSI*: Analogy between Spam and unsolicited advertising

Page 9

*BSI: Federal Office for Information Security

User Interface

Page 10

Multi-Role server with default rule set

Sound email

Concentrating on negative spam characteristics leads to false positives

Unique Level of Trust technology

Bonus points for desired email connections (sender – recipient)

System learns dynamically about desired connections

Easy authorization of external senders- Simple send an email to the external sender to authorize incoming messages

Enables applying more stringent spam filtering rules- Various filters and actions are available

Page 11

In a nutshell

Acts as a SMTP proxy

Spam is identified while message is in transmission- Connection can be aborted with a 5xx error status to the sending MTA

Installed as the first SMTP endpoint from the internet- Next hop can be an Edge server role or an internal Hub server role

Page 12

Internet DMZ Internes Netzwerk

Mail Gateway Interner Mail-ServerExterner Mail-Server

Topology example

Page 13

AD

External

SMTPservers

Exchange ServerTransport Role

Enterprise Network

NoSpamProxyGateway RoleServer1/2

NoSpamProxyIntranet Role

SMTP

Web Service

Internet facing servers not domain joined

Internal server domain joined

One gateway server possible, but no redundancy

Summary

No loss of Information – sender is informed

No wasted working hours, no manual ploughing through quarantine

Self learning system

Fully customizable set of rules

IT Resource saving (bandwidth, storage, maintenance)

Full legal compliance

Page 14

Questions

Page 15

Blog: http://www.sf-tools.netEmail: thomas@sf-tools.netTwitter: apoc70