Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Email Security and Spam Terminology

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Email Load balancing

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Outbound email filtering

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Spoofed email

Stopping spam for Networks guide

Email Throttling

What is Spam

Which Spam filter

Whitelists and Blacklists

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

 

Email Reputation Filters

 

Many spam proxy firewalls have a feature/technology that enables you to control whether or not an email is accepted from a sender, based on its previous activities. If the sender has sent spam like mails previously then your proxy firewall may mark the email as suspicious and further analyse the email. If it has sent spam mail in the past then it may be blocked or quarantined without further analysing the email.

Fortinet's Fortiguard Distribution Centre (FDN) provides the above functionality. End users can view the Fortiguard Distribution Network website to see the latest malware threats found. FDN's are based worldwide, and their job is to look for all types of threats, not just spam. These include viruses, spam, intrusion attacks, etc. Spam in particular is caught using various techniques such as signing up to many different website's and services like dating website's. These website's usually pass on registered email addresses on. Over time the registered fake account setup by the FDN is target by many spammers. Now the FDN can identify the culprits. This is one basic technique. From this research FDN's update their signatures and send to their Fortinet appliances worldwide for latest security updates. Mcafee's Global Threat Intelligence reputation service is similar to that of Fortinet's FDN. Websense and Message lab in particular also have a very strong network to update their reputation databases as well.

These worldwide networks and centre's setup by vendors such as Fortinet, Secure, Websense and Message Labs monitor the reputation of URL's, IP addresses, domains, individual email accounts and so on, ensuring if they do something bad they would get a bad score, and if they started behaving as expected these sources would start building a good reputation again. This information is passed on to end users worldwide. This information is then used to identify spam, viruses and other threats.

You can view the Fortinet's FDN website here.

Further Reading

Wikipedia's guide to Anti Spam Techniques