spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer spacer
Igaware Anti Spam Appliance

Technical Overview

 
Igaware Anti Spam Appliance image
image
home page customer support partner logon contact igaware spacer

Anti Spam

Igaware Anti Spam has two key parts; an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam, and Greylisting.

Intelligent Filtering

Igaware Anti-Spam uses the combined score from multiple types of checks to determine if a given message is spam. You can control how messages are handled according to their score. Handling options include:

  • Deliver to recipient (and amend Subject to e.g. "Possible Spam")
  • Delete message
  • Convert into attachment
  • Bounce back to sender
  • Strip HTML
  • Forward to user

Its primary features are:

  • Header tests
  • Body phrase tests
  • Bayesian filtering
  • Automatic address whitelist/blacklist
  • Manual address whitelist/blacklist
  • Collaborative spam identification databases (DCC, Pyzor, Razor2)
  • RBL
  • DNS Blocklists
  • Character sets and locales

You can create your own Spam rules and edit existing rules for advanced fine tuning. The default configuration is fine for most users as it stops 99.5% of Spam.

Blocked spam is logged and these logs can be viewed in the Igaware Activity Reports. Reports show any blocked spam + the spam score and how the spam was identified.

Even though any one of these tests might, by themselves, misidentify a message as Spam, their combined score is terribly difficult to fool which is why Igaware's Anti-Spam is successful in identifying 99.5% of incoming SPAM email.

Greylisting

Greylisting is a simple method of defending electronic mail users against email spam.In short, with Greylisting enabled, an Igaware box will "temporarily reject" any email from a sender it does not recognise. If the mail is legitimate, the originating server will try again to send it later, at which time the Igaware box will accept it. If the mail is from a spammer, it will probably not be retried.

Greylisting requires a single MX record to be set for each email domain that feeds mail direct to your Igaware box.

How it works

The Igaware box will record the following three pieces of information (known as a "triplet") for each incoming mail message:

* The IP address of the connecting host.
* The envelope sender address.
* The envelope recipient address.

This is checked against the Igaware box's internal whitelist. If any of this information has never been seen before, the email is greylisted for a set period of time (e.g. 5 minutes is set as the default.), and it is refused with a temporary rejection. The assumption is that since temporary failures are built into the RFC specifications for email delivery, a legitimate server will attempt to connect again later on to deliver the email.

Greylisting is effective because many mass email tools utilized by spammers are not set up to handle temporary bounces (or any bounces, for that matter; they will never bother to retry a failed delivery), so the spam is never delivered.

Igaware Anti-Spam is continually updated ensuring it keeps up with Spammers who are continually looking to evade detection.

 spacer