ZyXEL Communications 5 Series User Manual
Chapter 16 Anti-Spam Screens
ZyWALL 5/35/70 Series User’s Guide
314
16.1.2 What You Need to Know About Antispam
MIME Headers
MIME (Multipurpose Internet Mail Extensions) allows varied media types to be used in e-
mail. MIME headers describe an e-mail’s content encoding and type. For example, it may
show which program generated the e-mail and what type of text is used in the e-mail body.
Here are some examples of MIME headers:
mail. MIME headers describe an e-mail’s content encoding and type. For example, it may
show which program generated the e-mail and what type of text is used in the e-mail body.
Here are some examples of MIME headers:
• X-Priority: 3 (Normal)
• X-MSMail-Priority: Normal
In an MIME header, the part that comes before the colon (:) is the header. The part that comes
after the colon is the value. Spam often has blank header values or comments in them that are
part of an attempt to bypass spam filters.
after the colon is the value. Spam often has blank header values or comments in them that are
part of an attempt to bypass spam filters.
Whitelist
Configure whitelist entries to identify legitimate e-mail. The whitelist entries have the
ZyWALL classify any e-mail that is from a specified sender or uses a specified MIME header
or MIME header value as being legitimate. The anti-spam feature checks an e-mail against the
whitelist entries before doing any other anti-spam checking. If the e-mail matches a whitelist
entry, the ZyWALL classifies the e-mail as legitimate and does not perform any more anti-
spam checking on that individual e-mail. A properly configured whitelist helps keep important
e-mail from being incorrectly classified as spam. The whitelist can also increases the
ZyWALL’s anti-spam speed and efficiency by not having the ZyWALL perform the full anti-
spam checking process on legitimate e-mail.
ZyWALL classify any e-mail that is from a specified sender or uses a specified MIME header
or MIME header value as being legitimate. The anti-spam feature checks an e-mail against the
whitelist entries before doing any other anti-spam checking. If the e-mail matches a whitelist
entry, the ZyWALL classifies the e-mail as legitimate and does not perform any more anti-
spam checking on that individual e-mail. A properly configured whitelist helps keep important
e-mail from being incorrectly classified as spam. The whitelist can also increases the
ZyWALL’s anti-spam speed and efficiency by not having the ZyWALL perform the full anti-
spam checking process on legitimate e-mail.
Blacklist
Configure blacklist entries to identify spam. The blacklist entries have the ZyWALL classify
any e-mail that is from a specified sender or uses a specified MIME header or MIME header
value as being spam. If an e-mail does not match any of the whitelist entries, the ZyWALL
checks it against the blacklist entries. The ZyWALL classifies an e-mail that matches a
blacklist entry as spam and immediately takes the action that you configured for dealing with
spam. The ZyWALL does not perform any more anti-spam checking on that individual e-mail.
A properly configured blacklist helps catch spam e-mail and increases the ZyWALL’s anti-
spam speed and efficiency.
any e-mail that is from a specified sender or uses a specified MIME header or MIME header
value as being spam. If an e-mail does not match any of the whitelist entries, the ZyWALL
checks it against the blacklist entries. The ZyWALL classifies an e-mail that matches a
blacklist entry as spam and immediately takes the action that you configured for dealing with
spam. The ZyWALL does not perform any more anti-spam checking on that individual e-mail.
A properly configured blacklist helps catch spam e-mail and increases the ZyWALL’s anti-
spam speed and efficiency.
Anti-Spam External Database
If an e-mail does not match any of the whitelist or blacklist entries, the ZyWALL calculates a
digest (fingerprint ID) of the e-mail and sends it to the anti-spam external database. The anti-
spam external database checks the digest against (more than a million) known spam patterns.
digest (fingerprint ID) of the e-mail and sends it to the anti-spam external database. The anti-
spam external database checks the digest against (more than a million) known spam patterns.
The anti-spam external database then uses a proprietary Bayesian
3
statistical formula to
combine the results into one score of how likely the e-mail is to be spam and sends it to the
ZyWALL. The possible range for the spam score is 0~100. The closer the score is to 100, the
more likely the e-mail is to be spam. You must subscribe to and activate the anti-spam external
database service in order to use it (see
ZyWALL. The possible range for the spam score is 0~100. The closer the score is to 100, the
more likely the e-mail is to be spam. You must subscribe to and activate the anti-spam external
database service in order to use it (see
Section on page 314
for details).
3.
Bayesian analysis interprets probabilities as degrees of belief rather than as proportions, frequencies and
such. Bayesian analysis frequently uses Bayes' theorem, hence the name.
such. Bayesian analysis frequently uses Bayes' theorem, hence the name.