Outbreak Protection (OP) is a revolutionary real time anti-spam and anti-virus technology capable of proactively protecting your email infrastructure automatically and within minutes of an outbreak. OP is completely content agnostic, meaning that it doesn't rely on strict lexical analysis of message content. Thus, it doesn't require heuristic rules, content filtering, or signature updates. Further, that means it is not fooled by the addition of seed text, clever spelling changes, social engineering tactics, language barriers, or differences in encoding techniques. Instead, OP relies on the mathematical analysis of message structure and message distribution characteristics over SMTP — it analyzes "patterns" associated with an email transmission and compares them to similar patterns collected from millions of email messages worldwide, which are sampled and compared in real time.
Because messages are being analyzed worldwide in real time, protection is provided within minutes (often seconds) of a new outbreak. For viruses, this level of protection is critical since it is often hours after an outbreak before a traditional antivirus vendor can verify and submit a virus signature update, and it can then be even longer before that update is put into production use. During that interval, servers without Outbreak Protection are vulnerable to that particular outbreak. Similarly, for spam messages it will often take time and effort to analyze the spam and create a safe filtering rule before it will be recognized by traditional heuristic and content based systems.
It is important to note, however, that the Outbreak Protection feature is not a replacement for traditional anti-virus and anti-spam techniques. In fact, OP provides another specialized layer of protection on top of the existing heuristics, signature, and content based tools found within SecurityGateway. Specifically, OP is designed to deal with large-scale outbreaks rather than old, unique, or specifically targeted messages that can be more readily caught by the traditional tools.
|
Outbreak Protection is based on Recurrent-Pattern Detection and Zero-Hour technology. It works by extracting patterns from your incoming mail and comparing them to patterns taken from millions of internet email messages sampled daily from numerous sources all over the world. In no way is the actual content of any message ever transmitted, nor can the message content ever be derived from the extracted patterns. |
Anti-Spam
Enable Anti-Spam Outbreak Protection
Outbreak Protection's Anti-Spam option is enabled by default. Incoming messages will be analyzed to see if they are part of an ongoing spam outbreak. The remaining options in this section are used to determine what will be done with messages found to be part of an outbreak, and to designate the senders that will be exempt from OP processing.
If Outbreak Protection determines that a message is spam:
The option selected below determines the action that will be taken when OP identifies a message as spam.
...refuse the message
Choose this option if you wish to block messages during the SMTP process when OP confirms that they are part of a spam outbreak. These messages will not be quarantined or tagged as spam and delivered to their intended recipients — they will be rejected by the server.
...quarantine the message
When this option is selected, Outbreak Protection will quarantine messages that it determines are spam.
...accept the message
By default, OP will accept a message it determines to be spam and adjust its message score according to the "...add [XX] points to message score" option below.
...tag subject with [text]
This option is disabled by default. If you enable this option then it will add text to the beginning of a message's Subject header when Outbreak Protection determines that it is spam. The default text added is: "*** SPAM ***", but you can edit that text if you choose.
|
There are a number of other places within SecurityGateway where you can optionally add text to the Subject header, including two other Outbreak Protection options below. When the designated text in those options is identical, the text will only be added to a message's Subject once, even if that message meets the criteria under each option. If, however, you change the text in one or more of those options to something else, then that customized text will be added as well. For example, if you set the text under multiple options to "*SPAM*" then that text would only be added to the subject once, regardless of whether or not it matched the criteria under more than one option. But, if you changed the text under one of the options to something else, such as "*Junk email*", then both tags would be added. |
...add [XX] points to message score
Using this option adds the designated number of points to a message's score when Outbreak Protection determines that it is spam. This option is enabled by default and adds 5.5 points to the Message Score.
|
Even when SecurityGateway is configured to accept a message rather than refuse or quarantine it, it could still be refused or quarantined if its Message Score ends up being sufficiently high, depending on how you have configured the other Security options and the options on the Message Scoring page. |
If Outbreak Protection determines that a message is potentially spam:
Outbreak Protection will categorize some messages as "potential" spam, being unable to make a more definitive determination. The option selected below determines what OP will do with those messages.
...refuse the message
Choose this option if you wish to block messages during the SMTP process when OP determines that they are potentially spam. Because these messages are only categorized as potential spam, this option is not recommended since it will not quarantine or tag them, but refuse them completely.
...quarantine the message
When this option is selected, Outbreak Protection will quarantine messages that are potentially spam.
...accept the message
By default, OP will accept a message it determines is to be potentially spam. If you choose, you can configure OP to then adjust its message score according to the "...add [XX] points to message score" option below.
...tag subject with [text]
This option is disabled by default. If you enable this option then it will add text to the beginning of a message's Subject header when Outbreak Protection determines that it is potentially spam. The default text added is: "*** POTENTIAL SPAM ***", but you can edit that text if you choose.
...add [XX] points to message score
Using this option adds the designated number of points to a message's score when Outbreak Protection determines that it is potential spam. This option is enabled by default and adds 2.0 points to the Message Score.
If Outbreak Protection determines that a message is bulk:
Sometimes Outbreak Protection will identify certain largely distributed messages that can't be clearly identified as spam because they aren't being sent from a known spammer or bot-net — as is sometimes the case with legitimate bulk mailings and newsletters. OP classifies these types of messages as bulk rather than spam. The options below govern what will be done with these messages.
...refuse the message
This option will cause SecurityGateway to reject a message during the SMTP session when OP classifies it as "bulk." This option is not recommended since it could cause some legitimate widely-distributed messages to be refused.
...quarantine the message
Choose this option if you wish to quarantine messages that Outbreak Protection classifies as "bulk."
...accept the message
By default, bulk messages aren't blocked or quarantined by OP, because messages classified as "bulk" could simply be a part of certain very large mailing lists or other similar widely-distributed content.
...tag subject with [text]
This option is disabled by default. If you enable this option then it will add text to the beginning of a message's Subject header when Outbreak Protection determines that it is bulk mail. The default text added is: "*** BULK ***", but you can edit that text if you choose.
...add [XX] points to message score
When this option is enable, the Message Score will be increased when OP classifies the message as "bulk." This is enabled by default and 3.0 points are added.
Exclude messages from allowlisted senders
By default, any messages from allowlisted senders are exempt from Outbreak Protection's Anti-Spam options.
Exclude messages from authenticated sessions
This option is enabled by default and used to exclude messages from Outbreak Protection when they are using an authenticated session.
Exclude messages from domain mail servers
Messages sent from your Domain Mail Servers will be exempt from Outbreak Protection by default. Clear this option if you do not wish to exclude these messages from the Outbreak Protection restrictions.
Anti-Virus
Enable Anti-Virus Outbreak Protection
Outbreak Protection's Anti-Virus option is enabled by default. Incoming messages will be analyzed to see if they are part of an ongoing virus outbreak. The remaining options in this section are used to determine what will be done with messages found to be part of an outbreak, and to designate the senders that will be exempt from Anti-Virus Outbreak Protection.
If Outbreak Protection determines that a message is infected:
The option selected below determines the action that will be taken when OP identifies a message as infected.
...refuse the message
By default SecurityGateway will refuse a message during the SMTP session when Outbreak Protection determines that it is part of a virus outbreak.
...quarantine the message
Choose this option if you wish to quarantine messages that Outbreak Protection determines are infected.
Exclude messages from allowlisted IP addresses and hosts
Click this checkbox if you wish to exempt a message from Anti-Virus Outbreak Protection when it is coming from an allowlisted IP address or allowlisted host.
Exclude domain email server
Messages sent from your Domain Mail Servers will be exempt from Anti-Virus Outbreak Protection when this option is enabled.
Configuration
Use HTTPS for Outbreak Protection queries
By default Outbreak Protection uses HTTPS connections when connecting to the Outbreak Protection service.
Proxy Settings
SecurityGateway's Outbreak Protection technology must be able to communicate with the Outbreak Protection online service via HTTP. If necessary you can use the options in this section to define an HTTP proxy for Outbreak Protection to use.
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its Outbreak Protection settings, or click Reset to reset the domain's settings to the default Global values.
