Anti-Spam Overview

03/26/2020 268 People found this article helpful 481,301 Views

Description

Anti-Spam Overview

Resolution

Firmware/Software Version:
Services: Anti-Spam

This section provides an introduction to the Comprehensive Anti-Spam Service. This section contains the following subsections:
• What is Anti-Spam?
• Benefits
• How Does the Anti-Spam Service Work?

What is Anti-Spam?

The Anti-Spam feature provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing SonicWall network security appliance.

In a typical configuration of Anti-Spam, the administrator chooses to add Anti-Spam capabilities by selecting it in the SonicOS interface and licensing it. The SonicWall network security appliance then uses the same advanced spam-filtering technology as the SonicWall Email Security products to reduce the amount of junk email the organization delivers to users.

There are two primary ways inbound messages are analyzed by the Anti-Spam feature - Advanced IP Reputation Management and Cloud-based Advanced Content Management. IP Address Reputation uses the GRID Network to identify the IP addresses of known spammers, and reject any mail from those senders without even allowing a connection. GRID Network Sender IP Reputation Management checks the IP address of incoming connecting requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWall GRID Network. Known spammers are prevented from connecting to the SonicWall network security appliance, and their junk email payloads never consume system resources on the targeted systems.

Email that does not come from known spammers is analyzed based on “GRIDprints” generated by SonicWall’s research laboratories and are based on data from millions of business endpoints, hundreds of millions of messages, and billions of reputation votes from the users of the GRID Network. Our Grid Network uses data from multiple SonicWall solutions to create a collaborative intelligence network that defends against the worldwide threat landscape. GRIDprints uniquely identify messages without exposing data contained in the email message.

The Anti-Spam service determines that an email fits only one of the following threats: Spam, Likely Spam, Phishing, Likely Phishing, Virus, or Likely Virus. It uses the following precedence order when evaluating threats in email messages:

• Phishing
• Likely Phishing
• Virus
• Spam
• Likely Spam
• Likely Virus

For example, if a message is both a virus and a spam, the message will be categorized as a virus since virus is higher in precedence than spam.
If the Anti-Spam service determines that the message is not any of the above threats, it is judged as good email and is delivered to the destination server.

Benefits

Adding anti-spam protection to your SonicWall network security appliance increases the efficiency of your system as a whole by filtering and rejecting junk messages before users see them in their inboxes.

• Reduced amount of bandwidth and resources consumed by junk email in your network
• Reduced number of incoming messages sent to the mail server
• Reduced threat to the organization, because users cannot accidentally infect their computers by clicking on virus spam
• Better protection for users from phishing attacks

How Does the Anti-Spam Service Work?

This section describes the Anti-Spam feature, including the SonicWall GRID Network, and how it interacts with SonicOS as a whole. The two points of significant connection with SonicOS are Address and Service Objects. You can use the address and service objects to configure the Anti-Spam feature to function smoothly with SonicOS. For example, use the Anti-Spam Service Object to configure NAT policies to archive inbound email as well as sending it through a filter.

The Comprehensive Anti-Spam Service analyzes messages’ headers and contents, and uses collaborative GRID printing to block spam email.

GRID Network

This section describes the GRID Connection Management with Sender IP Reputation feature that is used by SonicWall Email Security and by the Anti-Spam service in SonicOS. GRID Network Sender IP Reputation is the reputation a particular IP address has with members of the SonicWall GRID Network. When this feature is enabled, email is not accepted from IP addresses with a bad reputation. When SonicOS will not accept a connection from a known bad IP address, mail from that IP address never reaches the email server.

GRID Network Sender IP Reputation checks the IP address of incoming connection requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWall GRID Network. Known spammers are prevented from connecting to the SonicWall network security appliance, and their junk email payloads never consume system resources on the targeted systems.

Address and Service Objects

The Anti-Spam feature of SonicOS introduces new Address and Service Objects to manage a customer’s email server(s). These objects are used by the Anti-Spam Service for its NAT and Access Rule policies. Automatically-created rules are not editable and will be deleted if the Anti-Spam Service is disabled.

When enabled, the Anti-Spam service creates NAT policies and Access Rules to control and redirect email traffic. The policies and rules are visible in the Network > NAT Policies and Firewall Rules pages, but are not editable. These automatically-created policies are only available when the Anti-Spam service is enabled.

When the Anti-Spam service is licensed and activated, the Anti-Spam > Settings page shows a single checkbox to enable Anti-Spam. Selecting the checkbox invokes the Destination Mail Server Policy Wizard if there is no existing custom access rule and NAT policy for an already-deployed scenario. When you set up generated policies, the Anti-Spam service must know where the emails are routed behind the SonicWall network security appliance. Specifically it needs the destination mail server IP address and its zone assignment. The Destination Mail Server Policy Wizard is launched if this data cannot be found.

You will need the following information for the wizard:

• Destination Mail Server Public IP Address – The IP address to which external MTAs will be connecting by SMTP.
• Destination Mail Server Private IP Address – The internal IP address (behind the SonicWall network security appliance) of the Exchange or SMTP server.
• Zone Assignment – The zone to which the Exchange server is assigned.
• Inbound Email Port – The TCP service port number to which emails will be sent, also known as the inbound SMTP port.

Policies and Address Objects created by the wizard are editable and persist even if the Anti-Spam service is disabled.