How the SafePoint Works
The Safepoint Anti-Spam Firewall system provides an integrated Anti-Spam and Anti-Virus solution offering complete email protection at the “network perimeter” level, before unwanted or potentially dangerous and costly email reaches your network or mail server.
The design of the Safepoint Anti-Spam Firewall system leverages open source Anti-Spam and Anti-Virus solutions in conjunction with a number of additional filtering and defense layers to detect and filter out Spam and other unwanted email messages along with Viruses and other potentially dangerous attachments.
Filtering and defense layers and methods employed include Connection Control and Validation, IP/Domain RBL Blocking, Virus scanning with archive decompression,
Spam Fingerprint Checking, and a comprehensive rule-based Spam Scoring System incorporating Content Analysis (Heuristics) and Bayesian Analysis.
This multi-layer Spam and Virus Filtering Technology results in a highly accurate Spam and Virus detection rate without filtering legitimate email.
This diagram provides a graphic representation of how email is processed by the Safepoint system.
When an email message is received by the SpamWall system it is subjected to multiple layers of email filtering and defense. First, the system runs several connection control and validation tests to determine whether connecting mail servers are valid sources of Internet email.
Connection Control/Validation
These tests include the verification of parameters such as the “MAIL FROM” address as well as the HELO/EHLO domain information. The system also performs reverse DNS lookups for each message to ensure that the domain associated with the sender address is valid and resolving.
RBL/Blacklist checks
RBL/Blacklist checks are then carried out to see if the IP address or domain of the connecting sender is associated with a known Spam sender, open mail relay or other recognized source of Spam and/or Virus laden email. The Safepoint system features local blacklisting capabilities that allow you to specify any IP address, domain or email address to reject connections or email messages from.
Connections from blacklisted IP addresses, domains or email addresses are rejected immediately. This results in reduced load on your Safepoint system and the on the receiving email server as well as increased capacity for the expedient processing of other email.
Anti-Virus Scanning
Email messages which make it past the Connection Control and Validation stage and which pass all RBL/Blacklist checks are then subjected Anti-Virus scanning.
All email messages are checked against a database of over 100,000 virus definitions. The Safepoint Anti-Spam Firewall system automatically receives multiple updates of Virus definitions up to several times per hour providing up to the minute defense against the latest virus and worm threats ensuring effective and accurate virus protection.
If a virus or other dangerous attachment is detected the Safepoint system will disinfect or “defang” the contents of the email and deliver the message to either the Virus Quarantine mailbox on the Safepoint system or to any other offsite email address specified in the Virus Quarantine section of the control panel. The SafePoint system administrator can then decide if suspect attachments should be stripped/cleaned and then forwarded with notification to the end user recipient or deleted from the quarantine.
Whitelisting/Delivery
Email messages that make it past the Connection Control and Validation, RBL/Blacklisting and Virus Scanning stages are then checked to see if they are contained in the system Whitelist. A “whitelisted” email address or domain is an address or domain from which email is always accepted regardless of how it scores with respect to Spam or other undesirable content. If a message is associated with an email address or domain contained in the system Whitelist it is “passed clean” and delivered immediately to the intended recipient.
Spam Scanning and Filtering
The Spam Scanning and Filtering engine on the SafePoint Anti-Spam Firewall incorporates an extensive rule-based scoring system which determines whether a particular e-mail message is spam or not-spam.
The SafePoint system examines the content of each message received and assigns it a “spam level” score according to how much a “looks like” Spam based on a comprehensive set of rules and algorithms derived from analyzing millions of known Spam messages.
Thousands of rules are run against every email message in the space of a few milliseconds. A complex algorithm optimizes the rule-based scoring by using an archive of millions of spam and non-spam messages to determine the scores for the individual rules. When combined, these individual scores give each email an overall “Spam Scoring Level”.
When a potential Spam message is detected by the system the message is either “tagged” with the **SPAM** tag and forwarded on to the recipient, or blocked from delivery. Appending the **SPAM** tag to the subject line makes it easy for end users to identify email detected as Spam.
Depending on the “Tag” and “Action” level scores which have been configured in the SafePoint system control panel any messages scoring below the “Tag Level 1”, which is the level at which a message is determined unlikely to be Spam, will be “passed clean” and immediately forwarded on to the end user recipient.
Messages which score above the “Tag Level 2”, which is the level at which a message is considered to be probable Spam, will result the message being identified as probable Spam by appending the “**SPAM**” tag to the “Subject” line and changing the “X-Spam-Status” tag from “No” to “Yes”.
Messages which score above the “Action Level”, the level at which a message is considered to be almost definitely Spam, will result in the SafePoint system taking the appropriate specified action on any messages that score above this level. This action is usually to either send the messages to the Spam Quarantine mailbox on the SafePoint system or otherwise forward them to any other offsite email address specified in the Spam Quarantine section of the control panel.
In it’s default configuration the SafePoint system is designed to minimize false positives (legitimate email messages being identified and blocked as Spam). With no additional configuration or tuning the false positive rate is typically at less than 0.1%, or less than one in every 10,000 email messages processed by the system.
In addition to Spam Scoring Level control the Spam Scanning and Filtering engine on the SafePoint system also incorporates a number of automatic “self-tuning” and “auto-learning” mechanisms including Bayesian Analysis and Learning which are able to automatically increase accuracy and sensitivity of the system over time.
Altogether these layers form a smart filtering technology which in it’s default “out of the box” configuration is able to detect and block or tag up to 98% of all Spam and other unwanted email messages processed by the system. This detection rate can be further improved by the automatic self-tuning and learning mechanisms built into the SafePoint system as well as by adjustments made to the Spam Scanning and Filtering engine.
Next : Using SafePoint Anti-Spam Firewall |