Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Email Security and Spam Terminology

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Email Load balancing

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Outbound email filtering

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Spoofed email

Stopping spam for Networks guide

Email Throttling

What is Spam

Which Spam filter

Whitelists and Blacklists

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

 

Advanced Spam filter tools & Email Security

 

Zero day Attacks

Your spam proxy firewall should have solid and intelligent techniques against zero day attacks. These are attacks that have been let out into the wild in which there are no spam or virus signatures produced for it. Content filtering lets you stop messages that exhibit the characteristics of unwanted traffic even if they’re not recognized for malware. Your policy should decide what to do with this suspicious traffic, such as blocking it, quarantine the email, deleting it, reporting it, informing the sender, informing the recipient or do any of the combinations. Every message should be broken down to its smallest parts, completely analysed and then acted upon depending on what is found. So with zero day protection unknown attacks can be found based on the characteristics of an email.

Zero day window is the time a malware threat was out in the wild where there were no signatures created for it. This is a general term for zero day malware, not just spam attacks. Spam filters should be able to detect zero day attacks by analysing the behaviour.

Content filtering offers an essential defence against zero-day attacks by identifying and blocking traffic that looks and behaves like malware or a policy breach. As well as offering this zero-day protection, a good and effective content filter will also detect a wide range of abusive behaviour and undesirable content such as financial spreadsheets being mailed out from the accounts department before the quarterly results announcement. The zero-day protection offered by content filtering is one of the easier and most effective defences you can deploy.

Further Reading

Wikipedia's guide to Zero Day Attack