Cisco Cisco Email Security Appliance C160 Mode D'Emploi
7-3
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 7 Reputation Filtering
Reputation Filtering: the Cisco IronPort SenderBase Reputation
Service
Service
The Cisco IronPort SenderBase Reputation Service (available at
http://www.senderbase.org
) is a service designed to help email administrators
better manage incoming email streams by providing objective data about the
identity of senders. The SenderBase Reputation Service is similar to a credit
reporting service for email; it provides data that enterprises can use to
differentiate legitimate senders from spam sources. Integrated directly into the
Cisco IronPort appliance GUI, the SenderBase Reputation Service provides
objective data that allows you to identify reliably and block IP addresses
originating unsolicited commercial email (UCE) or to verify the authenticity of
legitimate incoming email from business partners, customers, or any other
important source. The SenderBase Reputation Service is unique in that it provides
a global view of email message volume and organizes the data in a way that makes
it easy to identify and group related sources of email.
identity of senders. The SenderBase Reputation Service is similar to a credit
reporting service for email; it provides data that enterprises can use to
differentiate legitimate senders from spam sources. Integrated directly into the
Cisco IronPort appliance GUI, the SenderBase Reputation Service provides
objective data that allows you to identify reliably and block IP addresses
originating unsolicited commercial email (UCE) or to verify the authenticity of
legitimate incoming email from business partners, customers, or any other
important source. The SenderBase Reputation Service is unique in that it provides
a global view of email message volume and organizes the data in a way that makes
it easy to identify and group related sources of email.
Note
If your Cisco IronPort appliance is set to receive mail from a local MX/MTA, you
must identify upstream hosts that may mask the sender's IP address. See
must identify upstream hosts that may mask the sender's IP address. See
for more information.
Several key elements of the SenderBase Reputation Service are that it is:
•
Non-spoofable
The email sender’s reputation is based on the IP addresses of the email sender.
Because SMTP is a two-way conversation over TCP/IP, it is nearly impossible to
“spoof” an IP address — the IP address presented must actually be controlled by
the server sending the message.
Because SMTP is a two-way conversation over TCP/IP, it is nearly impossible to
“spoof” an IP address — the IP address presented must actually be controlled by
the server sending the message.
•
Comprehensive
The SenderBase Reputation Service uses global data from the SenderBase
Affiliate network such as complaint rates and message volume statistics as well
as data from carefully selected public blacklists and open proxy lists to determine
the probability that a message from a given source is spam.
Affiliate network such as complaint rates and message volume statistics as well
as data from carefully selected public blacklists and open proxy lists to determine
the probability that a message from a given source is spam.
•
Configurable
Unlike other “identity-based” anti-spam techniques like blacklists or whitelists
that return a simple yes/no decision, the SenderBase Reputation Service returns a
graduated response based on the probability that a message from that source is
that return a simple yes/no decision, the SenderBase Reputation Service returns a
graduated response based on the probability that a message from that source is