|
|
Overview
XPMsoftware makes accuracy and false-positive claims for PerfectMail that no other vendor can match.
Our claims are based on feedback from customers running live, production servers - not
on artificial benchmarks performed using optimal messages streams that have no similarity to the e-mail
content received in the real world.
For example, we routinely observe production PerfectMail appliances delivering:
- Accuracy ≥ 99.9%
- False-positive reject rates for in-service appliances are well below 1 in 100,000 e-mail connections
- Accept/Reject/Tag decision confidence levels typically ≥ 99.5%
- Consistenly and correctly handling e-mail from your most important mail peers
Continue reading to learn more about how we achieve these enviable results.
E-mail Processing
When an e-mail message arrives at a PerfectMail appliance, it is subject to more than 90 validation
and verification tests.
Many of our tests and techniques
are unique to PerfectMail, and fall into one or more of the following categories:
Picture of PerfectMail Scanning Steps goes here!
- Sending Mail Server Verification
- Sending Mail Server Reputation Check & Update
- Antivirus Check
- Phishing E-Mail Check
- Unwanted Attachment Check
- Domain Name Server Verification Checks
- Real-Time Black Hole List Query
- Black & White List Scan
- Sender Validation & Verification
- Sender Reputation Tests & Update
- Spam Trap Tests
- Sender/Recipient(s) Reputation Checks
- E-Mail Envelope Verification
- E-Mail Header Scrutiny
- E-Mail Content Scan
- Sender Intention Checks
- Recipient Reputation Update
Explanation
Below is a brief explanation of the approach and techniques used
by each phase of PerfectMail's mail scanning engine.
Before going into detail, it is worth pointing out that PerfectMail is strongly influenced by
e-mail best practices including clear, concise, verifiable e-mail content.
E-mail servers that follow best practices and users who send comprehensible, verifiable messages
usually encounter few problems with PerfectMail.
Senders who lie about or fabricate mail headers, obfuscate content, patronize known spam-friendly
networks, distribute e-mail directly from PCs and/or use other common
cloaking techniques are likely to have their messages Tag'd or Reject'd.
⇑ Top
Because PerfectMail relies heavily on verifiable information, one of the first tasks it performs is
to
verify all information provided by the connecting mail server. This includes IP address, domain
name, mail Received From: headers, and more. We want to be sure that the information provided
to us is accurate and complete.
⇑ Top
Next, we check PerfectMail's Reputation System to see what kind of e-mail traffic we've
received in the past from the connecting mail server. PerfectMail favors mail servers who have a
history of delivering consistent, low scoring messages. PerfectMail will adjust its behavior in real time
to favor legitimate mail servers and punish spam engines.
⇑ Top
Once we've reviewed the sending mail server's history, we check to ensure that there are no viruses
in the e-mail message. All messages that contain malicious content (viruses, worms, etc.) are
immediately rejected - with an appropriate SMTP reject code and explanation (customizable in
PerfectMail Management Interface).
⇑ Top
E-mail messages are scanned for known Phishing (fraudulent) conent. If a message is received from a
known Phishing source, or if that message contains content known to be from a Phishing campaign,
then the message is rejected as unwanted (again, an appropriate status code and message is provided).
⇑ Top
There are some attachment types (
.com,
.bat,
.scr,
.vbs, etc.) that are
inherently dangerous to PCs running
Microsoft operating systems. We scan for more
than 30 known dangerous extensions and reject any messages that include attachments with dangerous
extensions. The list is easily updated to include any new threats, and updates are made
automatically to machines that are under maintenance.
⇑ Top
Like many of our competitors, we do both forward and reverse DNS checks to ensure that all provided
domain names exist and are properly configured.
⇑ Top
Many industrial spam gangs operate from known spam-friendly networks. There are many reputable sources of
up-to-date lists of such systems and networks. One of the most reputable is the list maintained by the
SpamHaus project.
We make extensive use of the information available on SpamHaus, and cache it locally, to ensure
the best performance and availability.
⇑ Top
PerfectMail allows administrators to create Black lists (unwanted domains and/or IPs) and White
lists (always wanted domains and/or IPs). Messages originating from white-listed sources is always
accepted, while mail from black listed sources is never accepted1
⇑ Top
E-mail senders are asked to include their own e-mail address(es) for the From:, Reply
To: and Return Path: e-mail headers. PerfectMail contacts each of the mail servers
identified in these fields to ensure that the senders' e-mail address is valid on that server.
Simply put, if you can send to us, we should be able to send to you.
⇑ Top
PerfectMail then consults its Reputation System to review past mail received from the sender.
PerfectMail favors senders who consistently send legitimate, low-scoring mail. It will also develop a
bias against senders who routinely send trash.
⇑ Top
PerfectMail implements a highly-effective Spam Trap known as a Sacrificial Lamb e-mail
account (click
here
for more details on PerfectMail's SacLamb feature). SacLambs are a simple and effective trick to get
spammers to identify themselves. PerfectMail's SacLamb test safely eliminate a great
deal of unwanted e-mail.
Hint: There is a spam-trap on this page. Without guidance, it is unlikely that you
would be able to find it. But
e-mail harvesting engines employed by Spammers would find and use the provided e-mail address, thus
identifying the spammer on their first spam attempt!
⇑ Top
Next, PerfectMail performs a complete Reputation check of the sender - looking at all of the
sender's prior history on the server
as well as past history between the sender and recipient(s).
Senders with an established history and a good reputation
are given special consideration whenever the disposition of a message is in doubt.
⇑ Top
Like many competing products, we pay close attention to the entire e-mail envelope. We review all
field values, validating and verifying everything we can.
⇑ Top
E-mail headers are field/value sets provided by the sender for the benefit of the recipient and
include From:, To: and Subject:. PerfectMail performs many checks on the
provided headers looking to validate legitimate information and debunk bogus information.
PerfectMail is exceptionally thorough in its processing of e-mail headers. In fact, PerfectMail will
correctly recognize \/|@gr/\ as Viagra
or ><a|\|a>< as Xanax.
PerfectMail will
likely block such obfuscation attempts. We are sure you won't miss these messages!
⇑ Top
Next, we thoroughly decompose the e-mail message and perform a complete content scan on it. We
perform traditional Baysian word distribution tests as well as structural checks, checks for HTML
abuse, a scan for unwanted (profane or indecent) words and other tests.
⇑ Top
Along with traditional content checks, PerfectMail scans the message to determine the senders' Intent.
HTML abuses may be indicative of a Phishing message or content hiding. References to
spam-friendly networks are common in some types of Spam.
These tests and more help us achieve an enviable level of accuracy even on
messages from first-time senders.
⇑ Top
Finally, we update our Reputation System in real-time with new information derrived from
scanning this message. By updating in real-time, we can easily detect and block high-volume spamming
techniques that might make it through other systems.
⇑ Top
Conclusion
PerfectMail contains a complete suite of unique and highly effective test to
validate and verify all aspects of a message. Prior history and sender reputation also
play a significant part in the overall determination process.
The result is antispam and antivirus protection with a level of speed, accuracy, consistency,
reliability and low maintenance that is simply not offered by other products.
We encourage you to check out the PerfectMail DashBoard just
under the menus (on the left) so that you can view a production server in action.
⇑ Top
_______________
[1] Black and White are terms in common use in computer security to denote
unwanted and wanted sources respectively. These terms derrive from older military and law
enforcement (e.g.: military black operations) uses and have nothing to do with any human attribute.
|
Link to Us
Bookmark Page
Print
