SSi Service Strategies Inc.

SPAM Filter

 
Home
Up
Information Request
Evaluation Request
Site Contents
Contact SSi
Glossary of Terms
Site search
Notices

 

 

SSi

SPAM Filter and Anti-Virus Scanner

SPAM Filter for Exchange, GroupWise, and SMTP Servers

According to various studies, SPAM is responsible for about 10 billion dollars of damages per year worldwide, spread among millions of unwilling recipients. SPAMmers commonly rely on fraud and deception to force their messages onto private computers, regardless of their owners' express wishes. SPAM is also responsible for approximately 10 percent of the average Internet service bill. MailSWAT SPAM Filter and Anti-Virus Scanner is a version of the successful WebClean product compatible with MS Exchange, GroupWise, and other SMTP servers and designed to significantly reduce the flow of SPAM though an organizations email infrastructure.

MailSWAT SPAM Filter

Testing has shown that upwards of 98% of the "true SPAM" that is received comes from the servers that are blacklisted. The downside, of course, is that some fairly prominent servers are in the databases (e.g., "mta1.rcsntx.swbell.net") as well. You can use as many or as few of the databases as you want, define your own database list, and make it as aggressive or open as you want. Just be aware that you WILL find people that have been sending messages to you that are on the "bad" lists and you will need to make some adjustments. Also, you will find some of your users don't have their e-mail client setup to use SMTP Authenticate for outbound messages. It also supports "POP before send" to make the sending more transparent for those mail clients that don't use SMTP Auth by default (e.g., Outlook).

The anti-spam function uses a pre-defined (but configurable) set of Open Relay and/or SPAM site databases (e.g., ORDB.ORG, ORBZ.ORG, SPAMCOP.NET, etc.) to block messages that are coming inbound from the mail servers that are identified in the databases. It also allows several lists of manually defined filters: IP addresses allowed even though blacklisted, IP addresses disallowed even though NOT blacklisted, "MAIL FROM:" allowed and disallowed, "RCPT TO:" allowed and disallowed.

Anti-Virus Scanning

The MailSWAT Anti-virus scanner will check mail messages passing through the mail server. The anti-virus function uses a single workstation copy of one of several anti-virus scanning engines.

When a virus is detected on a message (inbound or outbound), there are multiple options to handle the disposition:

bullet

Copy entire message to a specific directory/folder.

bullet

Send a notification message to an e-mail address (administrator).

bullet

Attach entire message to a notification message and send it to an e-mail address (administrator).

bullet

Remove the virus attachment, replace it with the contents of a pre-defined text file, and send it to the recipient.

Attachment Filtering

The MailSWAT Attachments scanner will check mail messages passing through the mail server and those messages with attachments will be handled as configured. This is in addition to the virus scanning functions.

When an attachment is detected on a message (inbound or outbound), multiple options to handle the disposition include:

bullet

Copy entire message to a specific directory/folder.

bullet

Send a notification message to an e-mail address (administrator). This message does NOT include the filtered attachment file.

bullet

Attach entire message to a notification message and send it to an e-mail address (administrator).

bullet

Remove the attachment, replace it with the contents of a pre-defined text file, and send it to the recipient.

SUMMARY of OPERATION

MailSWAT performs the following functions:

  1. Inbound message opens a connection with MailSWAT.

  2. SPAM -- After identifying the MAIL FROM, RCPT TO, and IP address, MailSWAT checks the local lists of From, To, and servers that are either allowed or blocked. Allowed messages go to the Attachment check. Blocked messages are immediately rejected. Otherwise, MailSWAT checks the Inquiry databases for known SPAM sources. If not in pass-through-mode, failure of the database lookup will result in an error code to the originating server that simulates an "unknown recipient" error.

  3. Attachments – Attachment names are compared to the list of attachments that are identified as being disallowed. Matching attachments are stripped from the messages and replaced as specified in the setup.

  4. Messages are then forwarded to the main mail server.
 

  If you would like to request additional information on a subject or evaluate a product or service, please click on the appropriate button below.
   
 

 

 

Service Strategies Inc.

2392 Mount Vernon Rd

Dunwoody, GA 30338-3092

678-441-0020   800-662-1615

assist@ssimail.com
 
 

Copyright © 1998-2002 Service Strategies Inc. All rights reserved.
Revised: November 20, 2003.