E-Mail
Guard Managed Services
Postini's Spam Filtering Technology
DCI's E-Mail Guard is based on Postini's managed services,
which utilize patented pass-through technology versus store-and-forward
methods for blocking spam, email-borne viruses, Directory
Harvesting and Denial of Service Attacks. Under Postini's
approach, email bound for your email server is processed in
real-time through Postini's secure Email Processing Center.
Postini’s Connection Manager uses heuristic rules analysis
to identify patterns of behavior associated with Directory
Harvest Attacks (DHA) and immediately rejects DHA messages.
Postini's Content Filter then separates spam and viruses from
legitimate messages using an in-memory process that takes
only milliseconds. Valid email is instantly passed on to the
destination mail server. Email suspected of containing spam
or viruses can either be quarantined in a web-based, password-protected
message center for review by an administrator or end-user,
or tagged and delivered. The entire process is fully automated.
Valid email passes through and cannot be physically accessed
by any persons other than the recipient.
This illustration outlines Postini's email security services:
Postini's system architecture is divided into public and private
security zones. The Public Zone processes the flow of email
and handles customer web access. Access to the web-based administrative
console, for company administrators, or to the message center
for end-users, is handled through Secure Socket Layer (SSL)
sessions, an industry-standard public key cryptography methodology
for authentication and encryption. Both passwords and data
are encrypted before transmission.
The Private Zone is reserved for storing quarantined messages
and customer profile and preference information. All user
information, not just highly sensitive information, is protected
in this area, and user configurations are processed automatically
by software. Postini employees do not review this data. Only
authorized services are allowed to traverse the two networks,
and only authorized personnel are allowed access to the private
network.
This illustration outlines Postini's data center system architecture:
If you are interested in using DCI's E-Mail Guard services,
call (866)666-7731 or send email to information@dcicorporation.com
Glossary of Terms Related to
Spam Technology
Term Definition
Data Center Highly secure, fault-resistant facilities housing
customer equipment connected to telecommunications networks.
The facilities accommodate Web servers, email servers, switches,
routers, modem racks, mass storage and other mission-critical
equipment.
Denial of Service Attacks (DoS) Short for denial-of-service
attack, a type of attack on a network that is designed to
bring the network to its knees by flooding it with useless
traffic.
Directory Harvesting Attacks (DHAs) Directory Harvest Attacks
(DHAs) are scripted attempts designed to steal directory information
from unprotected email servers. Spammers send messages with
various names to your SMTP mail server until the server recognizes
a name and accepts a message. The names from accepted messages
are harvested and typically sold to other spammers.
Email Business Continuity Service A backup email service
activated automatically when the enterprise email server becomes
unavailable.
Email Perimeter The outermost edge over which the enterprise
has control over an email message before the message is received
from or passed to the Internet. Examples are a firewall or
a managed service data center.
False Positive A valid email incorrectly identified as spam.
Firewall A system designed to prevent unauthorized Internet
users from accessing private networks connected to the Internet,
especially intranets. All messages entering or leaving the
intranet pass through the firewall, which examines each message
and blocks those that do not meet specified security criteria.
Heuristic Rules Analysis A branch of artificial intelligence
whereby expert systems use programs that are self-learning
and improve with experience. With spam filtering, the more
messages processed the better the results.
HTTPS See Secure Sockets Layer.
ISO 17799 Specification ISO 17799 is a code of practice that
offers guidelines for information security management. It
is meant to provide a high level, general description of the
areas currently considered important when initiating, implementing
or maintaining information security in an organization.
Load Balancing In the context of spam filtering, the measured
release of messages from a filtering service to an enterprise
email server so as not to overload the server. This is an
important feature of email business continuity service.
Managed Services Outsourced IT infrastructure services such
as spam and virus filtering.
MX Record Short for mail exchange record, an entry in a
domain name database that identifies the mail server responsible
for handling emails for that domain name. For spam filtering
to be performed by a managed service at an external data center,
the MX record must be redirected to the outsourcer.
Pass-through Filtering Email filtering done on the fly in
memory before being passed on to its intended destination.
This is a faster and more secure technique than store-and-forward
filtering.
Secure Sockets Layer (SSL) A protocol for transmitting private
documents via the Internet. SSL works by using a private key
to encrypt data transferred over the SSL connection. Many
Web sites use the protocol to obtain confidential user information,
such as credit card numbers. By convention, URLs that require
an SSL connection start with https: instead of http.
SMTP Short for Simple Mail Transfer Protocol, a protocol for
sending email messages between servers. SMTP email servers
are the target of Directory Harvest Attacks.
Spam Unwanted or malicious email
Spam Filtering Also known as spam blocking, the removal of
unwanted email before it is delivered to its intended address.
Store-and-Forward Email filtering performed on a messages
stored temporarily on disk. This is slower and less secure
than pass-through filtering.
|
