Docstoc

Email Best Practices

Document Sample
Email Best Practices Powered By Docstoc
					Email Security Overview


David Maislin – Director, North American Sales Engineering
July 12, 2011
Understanding Email




                      2
 Understanding Email




                                           TRANSPORT
           Clients              Servers                Protocols               Routes                 Servers                Clients
COMPOSE




                                                                                           DELIVER
           Outlook             Exchange                  DNS: 53             MX Records              Exchange                Outlook




                                                                                                                 RECEIVE
                                                        LDAP: 389




                                                                     ROUTE
            Notes               Domino                                            or                  Domino                  Notes
                        SEND




                                                                                                                                         READ
                                                       SLDAP: 636
          GroupWise            GroupWise                 AD: 3268
                                                                              Static IPs             GroupWise             GroupWise
          Web Email            AppleMail               (S)AD: 3269                                   AppleMail             Web Email
            Other              Gateways                 SMTP: 25                                     Gateways                 Other
          Protocols              Other                    TLS: 25                                      Other               Protocols
          SMTP: 25                                                                                                          POP: 110
          Proprietary                                                                                                      IMAP: 143
                                                                                                                           Proprietary




                                                                       3
      Size Matters

                      As organizations grow expertise is segregated

     Outsourced       Shared Knowledge          Limited Sharing         Knowledge Expert       Knowledge Expert
                                                                       • Network              • Network
 • Email Servers     • Network                • Network
                                                                       • DNS                  • DNS
 • LDAP / AD         • DNS                    • DNS
                                                                       • Firewall             • Firewall
 • Antispam          • Firewall               • Firewall
                                                                       • Compliance           • Compliance
 • Network
 • DNS                Shared Knowledge          Limited Sharing         Knowledge Expert       Knowledge Expert
 • Firewall
 • Database          • Email Servers          • Email Servers          • Email Servers        • Email Servers
 • Web Servers       • LDAP / AD              • LDAP / AD              • LDAP / AD            • LDAP / AD

                      Shared Knowledge         Knowledge Expert         Knowledge Expert       Knowledge Expert

                     • Database               • Database(s)            • Database(s)          • Database(s)

  Shared Knowledge    Internal    Outsource    Internal    Outsource   Internal   Outsource   Internal   Outsource

 • Generalist        • Antispam               • Antispam               • Antispam             • Antispam
                     • Consultant(s)          • Programmer(s)          • Programmer(s)        • Programmer(s)
                     • Web Servers            • Consultant(s)          • Consultant(s)        • Consultant(s)
                                              • Web Servers            • Web Servers          • Web Servers
                                              • IT Management          • IT Management        • IT Management
                                                                       • Help Desk            • Help Desk
                                                                                              • Change Control
          VS                      S                       M                       L                      XL

IT Staff: 1                      1-2                      3-6                 7-20                  20-100+
                                                            4
Understanding Compliance




                           5
Understanding Major Security & Privacy Regulations

    HIPAA: Health Insurance Portability & Accountability Act
     • Mandates specific technology standards and policies that healthcare
       organizations must implement for compliance.



    GLBA: Gramm-Leach-Bliley Act
     • Forces financial institutions to design, implement and maintain
       necessary safeguards to protect consumers’ nonpublic personal
       information.



    SOX: Sarbanes-Oxley Act
     • Requires public companies to automate their processes of building audit
       trails and control procedures into their IT systems.



    CA SB 1386: California Senate Bill 1386
     • A state regulation that requires companies to implement systems to
       detect and prevent security breaches, as well as provide counter-
       measures and publicly report breaches

                                    6
Other Regulations

    SEC 17a-4 and NASD 3010
      • Requires public companies to keep records for auditing security
        transactions, including review of brokers’ communications with the
        public




    FDA 21 CFR Part 11
      • Controls the authenticity, integrity, non-repudiation and confidentiality
        of electronic records




    Payment Card Industry (PCI) Data Security Standard
      • Mandates the protection of credit cardholder and account information
        across public networks




    USA Patriot Act – Homeland Security
      • Requires companies to build and maintain an infrastructure that can
        report details of information handled and stored online

                                     7
  Email Filtering Compliance Strategy
  Content-Based Filtering

  Sender                                                              Receiver


                              Content-Based
                             Filtering Strategy
                  Subject



                                    Manual      Yes
  Email                             Trigger?                           Email
 Sender                                                               Sender
                                           No            Encrypt
 Receiver         Message                                             Receiver

 Subject                           Regulated
                                                                      Subject
                                   Content?     Yes
 Message                                                              Message

Attachment                                                           Attachment
                                           No             Send
                Attachment
                                                      In The Clear




                                       8
  Email Filtering Compliance Strategy
  Identity-Based Filtering

  Sender                                                                Receiver



                               Identity-Based
                              Filtering Strategy


                                                Yes
                                                         Encrypt
                 Who is the
  Email                           Authorized?                            Email
                 receiver?
 Sender                                               Content Filter    Sender
                                                No

 Receiver                                                               Receiver
                                                Yes
 Subject                                                 Encrypt        Subject
                 Who is the
 Message                          Designated?                           Message
                  sender?

Attachment                                            Content Filter   Attachment
                                                No




                                       9
Understanding Email Encryption




                            10
 Understanding Email Encryption




           TLS encrypts the network: server to server encryption




S/MIME and PGP can encrypt or sign email: server to server, server to client,
   client to server, and client to client. Also for authentication purposes




 Secure WebMail: Stores encrypted email on the server, retrieved by client
                                     11
   Email Encryption Methods - TLS


TLS: Transport Layer Security
  • Creates a secure connection between email gateways over
    which any amount of data can be sent securely using SSL.         Email Servers
    Note: SSL encryption is only in effect when the email is in
    transit.
  • Gateway to Gateway (company to company) encryption                    Email
                                                                        Gateway


Benefits:
  • Seamless partner to partner encryption
  • Completely transparent to the sender and receiver             Internet




                                                                         Email
                                                                        Gateway


                                                                    Email Servers




                                               12
   Email Encryption Methods – S/MIME and PGP


S/MIME and PGP
  • Encrypts and decrypts the email body and attachments
    S/MIME certificates                                          Email Servers
  • Gateway to Gateway (company to company)
  • Gateway to Client (from your company to an external
    recipient)                                                        Email
  • Client to Gateway (from external sender to your                 Gateway

    company)

Benefits:                                                     Internet
  • Seamless partner to partner encryption
  • Completely transparent to the sender and receiver
  • Automatic harvesting of inbound signing/public
    certificates
                                                                      Email
  • Generates proxy certificates for any internal employees          Gateway
    via email
  • Proxy encryption and signing                                Email Servers
  • Proxy decryption




                                               13
   Email Encryption Methods – Secure WebMail

• Encrypts email and provides access through a secure
  web portal
  • Gateway to client (from your company to any external recipient)
  • Universal (zero client side software requirements)
  • Online and offline secure email




                                                                                 Email notification
  • Self registration, zero registration, and automated user
    management
  • Very large email attachment support




                                                                                                      SSL
                                                                      Internet
  • Tracking by recipient, by message, and by attachment
  • Delivery profiles for message, inbox, and portal branding
  • Roles for message expiration, password requirements, domain
    limits, message size, and message quotas.

Benefits:
  • No learning curve
  • No client side software                                                                            Email
                                                                                                      Servers




                                               14
   Email Encryption Methods – Desktop Messenger


Employee to Employee Encryption
  • Protects sensitive internal messages to the desktop




                                                                            Email notification
  • Provides senders with a “Send Secure” button
  • Solves problems of enrollment, key distribution,
    authentication




                                                                                                 SSL
  • Uses S/MIME encryption standards                             Internet
  • New users receive messages via Web system with links
    for enrollment

Benefits:                                                                                                   Email
                                                                                                           Gateway
  • Adds layer of protection for key internal users
  • External users receive Secure WebMail
  • No change to user paradigm                           Enrollment                               Email
                                                           Key Mgt                               Servers
  • Removes the hassles of managing PKI-based         Authentication




                                                                              Sensitive
                                                                               Internal
                                                                            Communication

                                                 15
   Messaging Delivery Methods – File Messenger


File Messenger
  • Large files route around email servers

Benefits:
  • End users send files with email applications




                                                                                        Email notification
  • Large files don’t waste space on email servers
  • Track by recipient and attachment
  • Completely secure




                                                                                                             SSL
                                                                             Internet
  • Uses existing standards based technologies
  • Supports digital signing and encryption using existing
    email standards




                                                             Automatically                                    Email
                                                              routes large                                   Servers
                                                                  files




                                                16
   Hosted Solutions


• Hosted solutions present several issues

   • Sensitivity of data

   • Archive and recovery of sensitive email

   • Who is liable if data is lost?

   • Viability and volatility of hosting company

   • Sender and recipient email addresses can be considered identifiers

   • Recipient must sign up with external service to read their confidential data

   • Service may use email address lists for other purposes




                                           17
Steganography


• The art and science of writing hidden messages in such a way that no one apart
  from the intended recipient knows of the existence of the message
• In contrast to cryptography, where the existence of the message itself is not
  disguised, but the content is obscured. Quite often, steganography is hidden in
  pictures.
• Aren’t we trying to block image based spam already?




     Original message or attachment         A GIF carrier file containing the airport map



                                      18
  Email Encryption – Best Delivery Approaches
                                                         How?

                           Desktop        Gateway               Secure     Gateway
                             to              to                  Web          to
         Who?              Desktop        Desktop               Delivery   Gateway

                                                Best                         Best
Business-to-Business
                                              Practice                     Practice


                                                                  Best
Business-to-Consumer
                                                                Practice


                              Best
Employee-to-Employee
                            Practice



Tips:
• Seek encryption transparency
• Select vendor solutions that support industry standards and interoperability
• Look for vendor solutions that can provide transparency for both outbound and
  inbound secure email
• Look to automate the acceptance of customer/member/patient email messages
  through a Web portal

                                         19
   Domain Key Identified Mail (DKIM)


• Authentication framework for email using public-key cryptography and key
  server technology to permit verification of the source and contents of
  messages by either Mail Transfer Agents (MTAs) or Mail User Agents (MUAs).

• The ultimate goal of this framework is to permit a signing domain to assert
  responsibility for a message, thus protecting message signer identity and the
  integrity of the messages they convey while retaining the functionality of
  Internet email as it is known today. Protection of email identity may assist in
  the global control of "spam" and "phishing".




                                        20
Why Do Spammers Send Spam?




                        21
Malicious Threats - Worldwide




                                22
Understanding Malicious Threats – Denials of Service Attacks

           They start attacking from network, from all over the Internet…
                    Too many connections             Bounce Flood Attack
                       from the many IP                   (Smurf)
                     addresses (zombies)

                     Distributed Denial
                 of Service Attack (DDoS)




                                                              Attacks of networks
                                                                 using spoofed
                                                               domains, causing
                                                              email bounces to the
                                                                intended victim
                                                                    domains

    Too many connections
       from the one IP
          addresses




 Denial of Service Attack (DoS)


                                            23
   Bounce Address Tag Validation (BATV)


• Bounce Address Tag Validation (BATV) defines a framework for mechanisms
  that validate the value in the “mail from” command.

• Header policies can tag the “mail from” header for outbound email

   • MAIL FROM: david.maislin@tumbleweed.com

   Is transformed to…

   • MAIL FROM: tag=david.maislin=KEY123@tumbleweed.com

   Where =KEY123 is the Bounce Tag

• Only accept inbound email bounces with unique tag in “mail from” header

• Reports can be generated on all BATV violations




                                      24
  Understanding Malicious Threats – Directory Harvest Attacks

During a directory harvest attack, spammers use brute force against an email
server to compile comprehensive lists of valid email addresses to use or sell.

Meantime, the plethora of probes overwhelms the email server, creating a
denial of service from the vast amount of non-delivery reports the attack
generates.

            Directory Harvest Attack
                     (DHA)




                                                550 Email Bounce


              BAD@COMPANY.COM
                                                            GOOD@COMPANY.COM




             GOOD@COMPANY.COM

                                       25
Understanding Spamming Techniques




                          26
   Basic Email Network


• Enterprise threats are typically inbound




                        Out of Control Disk Growth
                         Performance Degradation       Email
                       Spam/Viruses inside network   Server(s)
                          No Recipient Validation




                                       27
   Basic ISP Email Network


• ISPs are completely different
   • Threats are inbound
   • Threats are outbound
   • Threats are domain to domain

                                                Domain 1



                                    Internet




                                                Domain 2




                                                Domain X

                                           28
    Recipient Validation Issues


• Not all invalid recipient email is rejected by all Mail Servers
• Mail servers can be part of the problem
• Spam can still get through



From: "Kim Browne" [akstcbarnhardmnsdgs@barnhard.com]
Sent: 11/26/2006 07:49 PM                                           Fuzzy logic sent this email to:
To: bfrederick@company.com
Subject: Mississippi catfish Out-milton                             bfratangelo@company.com


are different things, though the words are often used synonymously. a person may be proud
without"perhaps," said darcy, "i should have judged better, had i sought an introduction; but i am




                                                29
   Some Spam is Hard to Detect


• Not all email is easily recognized as spam
• Spammer techniques evolve to bypass filters




From: "Kim Browne" [akstcbarnhardmnsdgs@barnhard.com]
Sent: 11/26/2006 07:49 PM                                           Random phrases containing
To: bfrederick@company.com
                                                                    Nonsense and gibberish
Subject: Mississippi catfish Out-milton

are different things, though the words are often used synonymously. a person may be proud
without"perhaps," said darcy, "i should have judged better, had i sought an introduction; but i am




                                                30
Phishing Attacks




                   31
  The Image Spam Problem

• Image spam presents a new challenge to spam
  filters
  • Messages are sent as images instead of text
  • Gibberish text is inserted to fool content filters
  • Image files are randomized to avoid signature detection


• Spammers alter every possible file attribute to
  trick filters
  • Changing image size, margins, color shades                     40%
  • Adding random noise, “dust” and “speckles”
                                                                   35%
  • Splitting or breaking images
                                                                   30%
  • Assembling multiple images into animated GIFs
                                                                   25%

                                                                   20%
• The impact has been significant                                  15%
  • Spam rates have increased sharply as image spam bypasses
                                                                   10%
    many legacy spam filters
                                                                   5%
  • Most vendors have lacked the ability to view or filter image
    content                                                        0%
                                                                         2003   2004   2005   Q1 06   Q2 06   Q3 06

                                                                         Growth in Image Spam Quantity
                                                                     Tumbleweed Message Protection Lab, Nov. 2006




                                                    32
  Image Spam Techniques

                                                                                              Random dots and
                                                                                               “dust specks”



                                                                    Obscure fonts to bypass
Gibberish text to fool                                                  OCR scanning
   Bayesian filters

                             Randomized
                         pixel “noise” stripes




                                                  Changing background
                                                   colors and patterns
                                                                                                   Altering text & background
                                                                                                       colors and textures




                                                 Shifting text height
                                                 and position to fool
                                                   OCR scanning



                                                             33
Adaptive Image Filtering


 Use this image…

                   to identify this image ...


                                                or this image.




                               34
   Clever spamming techniques

Can you spot the difference between these two penguins?




                                     35
  Original Image

JPG Image                         HTML Table
2.97K
            Original Image        273K
                                                       HTML Table
                                  Each table cell represents a colored pixel




                             36
  Adaptive Image Filtering Techniques

                      Image Database
                                                                    Image
  Varying                                                         Signatures
Image Spam
                                               Wavelet
                                             Transforms
             Sample                                               ђэьѓзщҒёҝѕ
                                                                  ЌχϋУέЫЄИ
                                                                  дҖλЗςұпж
                                                                  ўЫҝЎЉθξӘ




                                                                               ≈
               New Spam

                                  Wavelet
                                Transforms            Signature

                                                     ђэьѓзщҒёҝѕ




                                                37
New Breed of Viruses / Malware



                   Early days: Typical Viral propagation                                 Short Span attack

                100%                                                        100%
                 80%                                                        80%
    Intensity




                                                                Intensity
                 60%
                                                                            60%
                 40%
                                                                            40%
                 20%
                 0%                                                         20%
                                                                             0%




                                                                                     Now: Serial Variants Attack
               Rapid spread by zombies
                and botnets                                                 100%
                                                                            80%



                                                                Intensity
               Signature-based approach                                    60%

                not keeping up                                              40%
                                                                            20%
               10 hours to develop                                          0%
                                                                               V.1     V.2        V.3       V.4
                signatures vs. 3-7 hours for                                             Variants Release Timeline
                attacks to peak



                                                           38
Zero-Hour vs. Traditional Anti-Virus


             Virus Outbreak Production complements
                Signature-based Antivirus products


                       Virus Outbreak Protection   McAfee, Kaspersky
                                                   signature-based AV

Response time          Within 1-2 minutes          Within 5-10 hours

Services protected     Email only                  Email, Web, IM

Defend                 Yes                         Yes

Clean and Repair       No                          Yes

Spyware Defense        Block infection             Scan after updates

Update mechanism       Real-time pull              Periodic update of signature
                                                   pack

CPU Impact             Lightweight                 Heavy load

Multi-wave attacks     Catch them all              Let some through


                                        39
   The Continuing Fight Against Spammers


• Effective anti-spam requires expertise,
  constant adaptation, layering of new                                           Image Filtering
  techniques                                                                  • Image Pattern Analysis
                                                                              • Adaptive Image Filtering
                                                                              • Dynamic Engine Update
                                                      Pattern Detection         Pattern Detection
                                                     • Edge Defense           • Edge Defense
                                                     • Outbreak detection     • Outbreak detection
                                                     • Reputation             • IP Reputation
                                                     • Recurrent Pattern      • Recurrent Pattern
                             Behavioral Analysis      Behavioral Analysis      Behavioral Analysis
                            • Heuristics             • Heuristics             • Heuristics
                            • Bayesian               • Bayesian               • Bayesian
                            • Statistical Analysis   • Statistical Analysis   • Statistical Analysis
                            • Message intent - AI    • Message intent - AI    • Message intent - AI
      Content Filtering        Content Filtering       Content Filtering        Content Filtering
    • Lexical Analysis       • Lexical Analysis      • Lexical Analysis       • Lexical Analysis
    • Weighted Word lists    • Weighted Word lists   • Weighted Word lists    • Weighted Word lists
    • Regular Expressions    • Regular Expressions   • Regular Expressions    • Regular Expressions
    • Signature/Hash         • Signature/Hash        • Signature/Hash         • Signature/Hash

             2                      3                          4                          5

        1998-2002               2002-2004                    2005                       2007
Common Architectural Deployment Mistakes




                           41
  The Single Box Solution?

MX Record:      Firewall
mycompany.com
215.23.3.130
                                 192.168.1.130                192.168.1.125




                                Spam Appliance 1
                                                               Email
                                                               Server

                           If it can fail, it will!
              One box, no matter how amazing the
           architecture is still a single point of failure.
                       Networks can fail too.
          Remember that email is the most important
          and ubiquitous application in your company.




                                       42
  The Single Box Solution?

                Firewall
                             192.168.1.130



MX Record:
mycompany.com
215.23.3.130               Spam Appliance 1
                                                      192.168.1.125




                             192.168.2.130
                                                        Email
                                                        Server

                             Spam Appliance 2


      Plan for redundancy and failure around hardware and
                           networks!
       Start with the best hardware and work down, not the
                             cheapest.
                                   43
LDAP Mistakes

          Firewall
                                                 192.168.1.110
                            192.168.1.130
                                        Service
                                      Account Bind


                          Spam Appliance 1           LDAP 1
                                                                 192.168.1.125




                                                 192.168.1.111
                           192.168.2.130
                                                                  Email
                                        Service
                                      Account Bind
                                                                  Server

                          Spam Appliance 2           LDAP 2


                       Everything looks great
                     Redundancy is everywhere
                       What could go wrong?


                                 44
LDAP Mistakes

             Firewall
                                                   192.168.1.110
                              192.168.1.130
                                          Service
                                        Account Bind


                            Spam Appliance 1           LDAP 1
                                                                   192.168.1.125




                                                   192.168.1.111
                             192.168.2.130
                                                                    Email
                                          Service
                                        Account Bind
                                                                    Server

                            Spam Appliance 2           LDAP 2


                  LDAP account gets locked out
            Moved LDAP user when bind DN was unique
  Resetting password is pointless as it will automatically lock again
            Customer perceives this is as a product issue

                                   45
Network Mistakes

           Firewall
                          192.168.1.130           192.168.1.110

                                      LDAP Bind



                         Spam Appliance 1           LDAP 1
                                                                  192.168.1.125




                         192.168.2.130            192.168.1.111
                                                                   Email
                                      LDAP Bind
                                                                   Server

                         Spam Appliance 2           LDAP 2


              Recipient validation stopped working
                   Customer blames product
                  States nothing has changed


                                46
Network Mistakes

           Firewall
                          192.168.1.130           192.168.1.110

                                      LDAP Bind



                         Spam Appliance 1           LDAP 1
                                                                  192.168.1.125




                          192.168.2.130           192.168.1.111
                                                                   Email
                                      LDAP Bind
                                                                   Server

                         Spam Appliance 2           LDAP 2


                   The Firewall rules changed
                         The ISP changed
                        The DNS Changed
         They are using DNS names instead of IP Address

                                47
   Incompetence - Spam Still Gets Through!

                  Firewall



MX Record:
mycompany.com
215.23.3.130
                                                                     192.168.1.125
             192.168.1.130      192.168.1.131      192.168.1.132




            Spam Appliance 1   Spam Appliance 2   Spam Appliance 3


                                                                         Email
                                                                         Server




                                         48
     Solutions Work…. The Email Architecture Does Not

  MX Record 1:      Firewall
  mycompany.com
  215.23.3.130
                                                                      192.168.1.125
               192.168.1.130     192.168.1.131      192.168.1.132




             Spam Appliance 1   Spam Appliance 2   Spam Appliance 3



                                                                          Email
MX Record 2:                                                              Server
mycompany.com
215.23.3.125


WebMail:
webmail.mycompany.com
215.23.3.131

                                                      Examine All MX Records!
MX Record 3:
isp.mycompany.com                                   Examine All WebMail Ports!
220.1.23.5
                                ISP Mail Server

                                            49
   The Case of the Nasty NAT

                  Firewall


 MX Record:
 mycompany.com
 215.23.3.120
                             Firewall NATs     192.168.1.125
                             215.23.3.120 to
                             192.168.1.125




                                                Email
DNS Record:                                    Server
webmail.mycompany.com                            &
215.23.3.120
                                               WebMail




                                  50
    The Case of the Nasty NAT: What Happens to WebMail?

                  Firewall     Firewall now NATs
                               215.23.3.120 to
                               192.168.1.130
 MX Record:
 mycompany.com
 215.23.3.120

                              192.168.1.130        192.168.1.125




                             Spam Appliance
                                                    Email
DNS Record:                                        Server
webmail.mycompany.com                                &
215.23.3.120
                                                   WebMail




                                    51
    The Case of the Nasty NAT: Add Public IP & NAT to WebMail

                  Firewall       Firewall now NATs
                                 215.23.3.120 to
                                 192.168.1.130
 MX Record:
 mycompany.com
 215.23.3.120

                                192.168.1.130               192.168.1.125




                             Spam Appliance
                                                             Email
DNS Record:                                                 Server
webmail.mycompany.com                                         &
215.23.3.125
                                                            WebMail
                  It is not always a drop-in appliance
                                solution.
                 It is a consultative approach to solving
                            real world problems

                                      52
     Email Architecture Issues

• Tiered MX records can cause performance issues
• Uneven distribution of inbound and outbound email
• Email queues can backup during email peak periods



                                           Datacenter 1                                                              Datacenter 2
                                                                   Intern
                                                                     et

   MX 10           MX 20             MX 30             MX 40                  MX 50           MX 60             MX 70               MX 80
    30%             20%               10%               5%                     5%              5%                10%                 15%



 Spam Gateway   Spam Gateway      Spam Gateway      Spam Gateway            Spam Gateway   Spam Gateway     Spam Gateway      Spam Gateway




   SMTP1            SMTP2             SMTP3            SMTP4                  SMTP5           SMTP6             SMTP7               SMTP8




     Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
      Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
       Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
        Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
          Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers




                                                                    53
    Load Balancers Deployed, but No Recipient Validation

• No recipient validation passes mail to email server
• Some email servers use closest match and some spam makes it through
• Emails bounce and are processed many times causing extra network traffic, slow
  performance, quarantining of invalid email, and backup of invalid email
                            MX10                                  Intern                              MX10
                                          Datacenter 1              et                                              Datacenter 2
                            50%                                                                       50%


                        Load Balancer                                                             Load Balancer




Spam Gateway   Spam Gateway      Spam Gateway      Spam Gateway            Spam Gateway   Spam Gateway     Spam Gateway      Spam Gateway




  SMTP1            SMTP2             SMTP3            SMTP4




    Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
     Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
      Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
       Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
         Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers



                                                                   54
        Load Balancers and Recipient Validation Deployed

•    Recipient validation allows email in for valid recipients only
•    100% of invalid recipient email dropped at gateway
•    No more email bounces
•    Improved mail server performance, no more quarantining invalid email
                                MX10                                  Intern                              MX10
                                50%           Datacenter 1              et                                50%           Datacenter 2




                            Load Balancer                                                             Load Balancer




    Spam Gateway   Spam Gateway      Spam Gateway      Spam Gateway            Spam Gateway   Spam Gateway     Spam Gateway      Spam Gateway



       LDAP1                                               LDAP2                  LDAP3                                                LDAP4



      SMTP1            SMTP2             SMTP3            SMTP4                  SMTP5           SMTP6             SMTP7               SMTP8




        Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
         Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
          Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
           Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers
             Mail Servers      Mail Servers      Mail Servers                               Mail Servers      Mail Servers      Mail Servers



                                                                       55
Trends by Content and IP




                           56
Trends by DNS Black List and IP




                             57
Trends by Denial of Server and IP




                              58
Trending Produces Results




                            59
     IP Layer Blocking


•   Trends occur by IP address
•   Permanently block ranges of IP addresses at the network layer
•   No need to ever scan content when a connection can’t be made
•   Spammers can’t circumvent IP blocks




                                       60
Inbound Email Best Practices – Before


                    Spam, phishing, viruses, DoS, and DHA attacks sent
                    from all over the Internet.


                   No recipient verification causes email bounces.
                   These emails clog up queues on some relays while
                   leaving others completely idle.

                   With no redundancy and no load balancing,
                   hardware failures will result in considerable
                   downtime

                   Spam bounces cause queues to build up with
                   useless NDR bounced emails


                   End user and email administrator time is wasted
                   with unwanted emails and countless help desk
                   calls.
                                 61
Inbound Email Best Practices – After


               Spammers are identified at the source and blocked by
               real-time messaging technologies and reputation filters.


               Recipient verification, reverse DNS lookups, anti-spam
               technologies and trend analysis put an end to spam.


               Gateway based clustering and load balancing ensures
               uptime



               Server-based clustering and load balancing guarantees
               that both inbound and outbound email routes are
               protected

               Offensive emails disappear, encryption options are
               numerous, and compliance is transparent.

                                  62
Questions?




             63

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:5
posted:7/12/2011
language:English
pages:63