Cisco Cisco Email Security Appliance C160 Mode D'Emploi
7-2
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 7 Reputation Filtering
The SenderBase Reputation Service allows enterprises to identify known spam based on the connecting
IP address, allowing organizations to block spam as soon as it reaches the gateway. This increases the
effectiveness of the anti-spam scanning engine being used or any content-based filter.
IP address, allowing organizations to block spam as soon as it reaches the gateway. This increases the
effectiveness of the anti-spam scanning engine being used or any content-based filter.
•
Protect against spam floods
Viruses such as SoBig and “hit and run” spam attacks can create sudden and unexpected spikes in
message volume. If a particular sender starts sending at high volumes, the SenderBase Reputation
Service can detect this through its global affiliate network and assign a more negative score, which the
Cisco IronPort appliance can use to immediately begin limiting the number of recipients per hour
allowed from the sender. (See also
message volume. If a particular sender starts sending at high volumes, the SenderBase Reputation
Service can detect this through its global affiliate network and assign a more negative score, which the
Cisco IronPort appliance can use to immediately begin limiting the number of recipients per hour
allowed from the sender. (See also
•
Improve throughput
The Cisco IronPort appliance can reduce system load and increase message throughput by immediately
rejecting known spam and routing known good messages past content filters.
rejecting known spam and routing known good messages past content filters.
Reputation Filtering: the Cisco IronPort SenderBase Reputation Service
The Cisco IronPort SenderBase Reputation Service (available at
http://www.senderbase.org
) is a
service designed to help email administrators better manage incoming email streams by providing
objective data about the identity of senders. The SenderBase Reputation Service is similar to a credit
reporting service for email; it provides data that enterprises can use to differentiate legitimate senders
from spam sources. Integrated directly into the Cisco IronPort appliance GUI, the SenderBase
Reputation Service provides objective data that allows you to identify reliably and block IP addresses
originating unsolicited commercial email (UCE) or to verify the authenticity of legitimate incoming
email from business partners, customers, or any other important source. The SenderBase Reputation
Service is unique in that it provides a global view of email message volume and organizes the data in a
way that makes it easy to identify and group related sources of email.
objective data about the identity of senders. The SenderBase Reputation Service is similar to a credit
reporting service for email; it provides data that enterprises can use to differentiate legitimate senders
from spam sources. Integrated directly into the Cisco IronPort appliance GUI, the SenderBase
Reputation Service provides objective data that allows you to identify reliably and block IP addresses
originating unsolicited commercial email (UCE) or to verify the authenticity of legitimate incoming
email from business partners, customers, or any other important source. The SenderBase Reputation
Service is unique in that it provides a global view of email message volume and organizes the data in a
way that makes it easy to identify and group related sources of email.
Note
If your Cisco IronPort appliance is set to receive mail from a local MX/MTA, you must identify upstream
hosts that may mask the sender's IP address. See
hosts that may mask the sender's IP address. See
for more information.
Several key elements of the SenderBase Reputation Service are that it is:
•
Non-spoofable
The email sender’s reputation is based on the IP addresses of the email sender. Because SMTP is a
two-way conversation over TCP/IP, it is nearly impossible to “spoof” an IP address — the IP address
presented must actually be controlled by the server sending the message.
two-way conversation over TCP/IP, it is nearly impossible to “spoof” an IP address — the IP address
presented must actually be controlled by the server sending the message.
•
Comprehensive
The SenderBase Reputation Service uses global data from the SenderBase Affiliate network such as
complaint rates and message volume statistics as well as data from carefully selected public blacklists
and open proxy lists to determine the probability that a message from a given source is spam.
complaint rates and message volume statistics as well as data from carefully selected public blacklists
and open proxy lists to determine the probability that a message from a given source is spam.
•
Configurable
Unlike other “identity-based” anti-spam techniques like blacklists or whitelists that return a simple
yes/no decision, the SenderBase Reputation Service returns a graduated response based on the
probability that a message from that source is spam. This allows you to set your own threshold for where
you choose to block spam and automatically assign senders to different groups based on their
SenderBase Reputation Score.
yes/no decision, the SenderBase Reputation Service returns a graduated response based on the
probability that a message from that source is spam. This allows you to set your own threshold for where
you choose to block spam and automatically assign senders to different groups based on their
SenderBase Reputation Score.