In November of 2008 the number of unwanted, offensive, and misleading emails sent across the globe plummeted by approximately two-thirds, thanks to the efforts of a group of security researchers who helped shut down an Internet operation known as McColo.
Unfortunately, the victory proved short-lived.
According to Symantec’s latest State of Spam report, spam volumes have steadily crept back up to their pre-McColo shutdown levels. Now more than ever, organizations are looking to scale their messaging infrastructure cost-effectively, without interrupting the flow of legitimate email.
This TechTip focuses on using the new Reputation Management toolbar and the related Connection Classification features of Brightmail Gateway 8.0 to help customers combat spam at the connection level and better scale their protection.
With these new features, customers can:
- Effectively block more email at the connection level based on sender reputation
- Allocate email connection resources according to reputation
- Provide the optimum connection resources for senders with the best reputations
By implementing the following two-step process, email administrators will be able to decrease spam and increase overall messaging infrastructure scalability.
1. Adaptive Reputation Management:
More Granular Control The new top-level Reputation toolbar now provides greater control over the classification of sender email that passes through the Brightmail Gateway. Administrators can set policies for Good and Bad sender categories, as well as a new set of policies under Connection Classification. Using the Symantec Global Intelligence Network along with self-learning local reputation analysis, Brightmail Adaptive Reputation Management tracks the reputation of senders and categorizes them for the administrator. Administrators can then modify the resources allocated to email coming from particular senders and sender groups through the Reputation interface to make any adjustments needed for their site.
Good and Bad Sender policies are based on global reputation designations determined by Symantec’s backend research and analysis, as well as policies defined by the email administrator. Brightmail Gateway also tracks sender reputation locally based on the actual traffic received at a customer location, to identify distributed low volume senders of spam such as botnets, as well as targeted attacks specific to that organization.
This self-learning local reputation feeds directly into the new Connection Classification policies. This classification scheme is tied to a new optimization feature that gives administrators greater control over their email processing resources.
2. Connection Classification: Resource Allocation by Reputation
Based on local reputation scores, a sender IP address is categorized into one of ten Connection Classes. This rating ensures that the worst senders receive virtually no email processing resources, while highly trusted senders are moved to the head of the processing queue. The Brightmail Gateway continually re-evaluates sender status, granting the most open access to the most trusted sources, while it gradually reduces resources for less trusted senders based on its ten-level classification. This adaptive resource allocation allows an organization’s messaging infrastructure to scale efficiently in the face of new attacks and increasing spam volumes while prioritizing legitimate email flow.
The screenshot below is from the administrative console, and it illustrates the flexible allocation of resources by connection class.
Customers can modify individual resources such as the number of connections, the number of messages per connection, and the length of timeouts between connections.
By implementing these features in Brightmail Gateway, customers have greater control over reputation management, and by extension, a better means for allocating valuable email system resources.
Related Link
Product Page: Brightmail Gateway 8.0