|
|
|
|
|
The UTM-1 appliance includes VStream Antispam, an embedded antispam engine that scans emails for spam. VStream Antispam is composed three antispam engines, each of which can be enabled or disabled separately:
The IP Reputation engine protects mail servers by checking the email sender’s IP address against an online and constantly updated IP reputation database, before accepting the SMTP email connection. If the IP address belongs to a known spammer, the connection can be immediately blocked at the TCP connection level, thereby stopping the spam before it reaches your mail server.
|
Note: If you have a mail server in your network, it is recommended to enable the IP Reputation engine as a first line of defense for incoming SMTP connections. When enabled, the IP Reputation engine blocks emails that would otherwise reach your mail server and require extensive analysis by the Content Based Antispam and Block List engines, both of which examine email content and consume network, gateway, and mail server resources. By reducing the amount of emails that require in-depth analysis, the IP Reputation engine helps prevent Denial of Service (DoS) attacks on your gateway or mail server. If you do not have a mail server in your network, there is no need to enable the IP Reputation engine. (If you do enable this engine anyway, it will have no negative effects.) |
VStream Antispam allows configuring a list of senders whose emails should be blocked. When an email reaches your mail server, the Block List engine determines whether the sender's email address appears on the list. If so, then VStream Antispam blocks the emails.
The Content Based Antispam engine calculates a “spam fingerprint” for each incoming email message. The fingerprint is then sent to a VStream Antispam data center and compared to a constantly updated database of spam messages. The data center returns a "spam score", which is a value in percentages indicating the likelihood that the message is spam. If the spam score exceeds a user-configurable threshold called the “confidence level”, the message can be flagged as spam, or the message can be deleted altogether.
In addition, VStream Antispam allows you to define a Safe Sender List, which consists of senders who are exempt from the Block List and Content Based Antispam engines.
The following table provides a comparison of the VStream Antispam engines.
Comparison of VStream Antispam Engines
|
IP Reputation |
Content Based Antispam and Block List |
|---|---|---|
Supported Protocols |
Protects mail servers only, and applies to the SMTP protocol only |
Protects both mail servers and mail clients, and applies to both POP3 and SMTP protocols |
Email Scanning Time |
Scans the email before accepting the connection |
Scans the email after accepting the connection |
Detection Method |
Examines the sender's IP address |
Content Based Antispam examines the email's content, and Block List examines the email's Sender field. |
SMTP Error Message |
Does not return an SMTP error message to the email sender |
Returns an SMTP error message to the email sender |
Mail Rejection Method |
Resets the TCP connection |
Marks the email Subject line, marks the email header, rejects the email (SMTP only), or deletes the email (POP3 only) |
Server Overload Protection |
Prevents spammers from overloading gateway and mail server resources |
Does not prevent spammers from overloading gateway and mail server resources |
|
Important: In order to use VStream Antispam, your UTM-1 appliance must be subscribed to a Service Center. |
