Cisco Cisco Email Security Appliance C160 Mode D'Emploi
5-22
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 5 Configuring the Gateway to Receive Email
Since the SMTP protocol has no built-in method for authenticating senders of email, senders of
unsolicited bulk email have been successful at employing a number of tactics for hiding their identity.
Examples include spoofing the Envelope Sender address on a message, using a forged HELO address,
or simply rotating through different domain names. This leaves many mail administrators asking
themselves the fundamental question, “Who is sending me all of this email?” To answer this question,
the SenderBase Reputation Service has developed a unique hierarchy for aggregating identity-based
information based on the IP address of the connecting host — the one thing that is almost impossible for
a sender to forge in a message.
unsolicited bulk email have been successful at employing a number of tactics for hiding their identity.
Examples include spoofing the Envelope Sender address on a message, using a forged HELO address,
or simply rotating through different domain names. This leaves many mail administrators asking
themselves the fundamental question, “Who is sending me all of this email?” To answer this question,
the SenderBase Reputation Service has developed a unique hierarchy for aggregating identity-based
information based on the IP address of the connecting host — the one thing that is almost impossible for
a sender to forge in a message.
An IP Address is defined as the IP address of the sending mail host. The Email Security appliance
supports both Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses.
supports both Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses.
A Domain is defined as an entity that uses hostnames with a given second-level domain name (for
example, yahoo.com), as determined by a reverse (PTR) lookup on the IP address.
example, yahoo.com), as determined by a reverse (PTR) lookup on the IP address.
A Network Owner is defined as an entity (usually a company) that controls a block of IP addresses, as
determined based on IP address space assignments from global registries such as ARIN (the American
Registry for Internet Numbers) and other sources.
determined based on IP address space assignments from global registries such as ARIN (the American
Registry for Internet Numbers) and other sources.
An Organization is defined as an entity that most closely controls a particular group of mail gateways
within a network owner’s IP block, as determined by SenderBase. An Organization may be the same as
the Network Owner, a division within that Network Owner, or a customer of that Network Owner.
within a network owner’s IP block, as determined by SenderBase. An Organization may be the same as
the Network Owner, a division within that Network Owner, or a customer of that Network Owner.
Setting Policies Based on the HAT
lists some examples of network owners and organizations.
As network owners can range dramatically in size, the appropriate entity to base your mail flow policy
on is the organization. The SenderBase Reputation Service has a unique understanding of the source of
the email down to the organization level, which the Cisco IronPort appliance leverages to automatically
apply policies based on the organization. In the example above, if a user specified “Level 3
Communications” as a sender group in the Host Access Table (HAT), SenderBase will enforce policies
based on the individual organizations controlled by that network owner.
on is the organization. The SenderBase Reputation Service has a unique understanding of the source of
the email down to the organization level, which the Cisco IronPort appliance leverages to automatically
apply policies based on the organization. In the example above, if a user specified “Level 3
Communications” as a sender group in the Host Access Table (HAT), SenderBase will enforce policies
based on the individual organizations controlled by that network owner.
For example, in Table 3-7 above, if a user enters a limit of 10 recipients per hour for Level 3, the Cisco
IronPort appliance will allow up to 10 recipients per hour for Macromedia Inc., Alloutdeals.com and
Greatoffers.com (a total of 30 recipients per hour for the Level 3 network owner). The advantage of this
approach is that if one of these organizations begins spamming, the other organizations controlled by
Level 3 will not be impacted. Contrast this to the example of “The Motley Fool” network owner. If a user
sets rate limiting to 10 recipients per hour, the Motley Fool network owner will receive a total limit of
10 recipients per hour.
IronPort appliance will allow up to 10 recipients per hour for Macromedia Inc., Alloutdeals.com and
Greatoffers.com (a total of 30 recipients per hour for the Level 3 network owner). The advantage of this
approach is that if one of these organizations begins spamming, the other organizations controlled by
Level 3 will not be impacted. Contrast this to the example of “The Motley Fool” network owner. If a user
sets rate limiting to 10 recipients per hour, the Motley Fool network owner will receive a total limit of
10 recipients per hour.
Table 5-8
Example of Network Owners and Organizations
Example Type
Network Owner
Organization
Network Service Provider
Level 3 Communications
Macromedia Inc.
AllOutDeals.com
GreatOffers.com
Email Service Provider
GE
GE Appliances
GE Capital
GE Mortgage
Commercial Sender
The Motley Fool
The Motley Fool