Our cloud based
email protection service provides advanced email services
independent of your current mail server. Since the
service lives in the cloud it has several benefits:
and software works in
the cloud but with your existing email system. Thus
there is no
need to invest in or deploy new hardware or software
at your location or reconfigure existing systems.
and new features are automatically deployed in the
cloud without user intervention,
downtime or additional cost.
service provides 99.999%
availability for message processing and 100% virus
Below are the
key system features. We tried to keep it brief but
there's just so much that's too important to be left out!
The protection service
detects spam by applying hundreds of rules to each message
that passes through the data center. It can block obvious
spam immediately, then divert more borderline spam to a
Quarantine for later evaluation. From there, you or your
users can review the Quarantine for any legitimate messages
that were falsely quarantined and need to be forwarded to
the user’s Inbox. Otherwise, spam is deleted automatically.
types of spam are typically filtered at a uniform level of
aggressiveness. One group of users, however, might have its
own idea about what constitutes spam, or how aggressively to
filter it. A travel agency might have a zero-tolerance
policy for adult content, for example, but want to receive
special offers, such as “trips to Hawaii.” Another group
might want to change its spam disposition, by changing how
its spam is quarantined, or not quarantining it at all.
Filtering aggressiveness affects how the protection service
handles messages that may or may not be spam. More
aggressive spam filter levels will quarantine messages that
are borderline cases. This will cause more spam to be
caught, but may increase false positives. More lenient spam
filters will allow borderline messages through, which
reduces false positives but potentially lets more spam
The protection service allows one to adjust the overall
aggressiveness of filtering, filter specific categories of
spam more aggressively, and choose a spam disposition. You
can also adjust individual user’s filtering, or allow users
to do this themselves through the user portal.
Identifies a sudden spike in the volume of spam relative to
total inbound messages. A spam attack is tracked by
monitoring both the ratio of spam to valid email, as well as
the total volume of spam from the IP during a specific
interval. If the ratio changes in a statistically
significant manner, the IP will be blocked for several
Viruses, when detected,
can either be deleted, quarantined in a user or
administrator quarantine, or tagged as viruses in the
message email headers.
virus attack is tracked by monitoring both the ratio of
virus infected messages to valid email, as well as the total
volume of virus infected messages from the IP during a
specific interval. If the ratio changes in a statistically
significant manner, the IP will be blocked for several
Block Sender Lists
If you discover that
some quarantined messages are actually good mail that just
look like spam, you can add the senders of those messages to
an appropriate approved-senders list. If a number of
quarantined senders are from the same domain, such as the
same company, add the domain to an appropriate
approved-senders list. Messages from those senders are then
delivered to user’s in your organization, regardless of the
spam-like content. You can also block specific senders or
entire domains in the same way. In this case, all messages
(SPAM or not) from the blocked sender or domain will be
rejected and will not be delivered to your server.
A phishing attack is a
type of spam disguised as valid email that is designed to
trick recipients into providing information or visiting a
hostile web site. For instance, a common type of phishing
attack is a message, supposedly from a bank, claiming that a
credit card and password are needed. A URL is provided to a
site at which users can enter credit card information. That
information is then used illegally. Because phishing attacks
are sent in mass, they are normally detected and stopped as
Email bombs are denial of service attacks where unusually
large messages, or an unusually high volume of messages are
sent repeatedly. Connection Manager will identify spikes in
message volume that violate standard variance in message
traffic. Conditions where like messages are sent repeatedly,
messages are of particular size characteristics, and the
ratio of suspect to valid email is high will result in the
classification of an email bomb. By blocking this kind
of attack the system prevents delivery of messages meant to
deny or disrupt normal services.
Harvest Attack Protection
Directory Harvest Attack is a series of delivery attempts
that result in 550 errors. Your email server will respond to
each request, issuing potentially thousands of 550 errors.
When the spammer lucks into a valid address, a spam may be
delivered, and the address is logged as valid. Sensitivity
allows a variance in the ratio of valid to invalid messages
per session or per source IP. Very Low sensitivity will NOT
block the IP if there is a single valid address in the
session. Very High sensitivity ranges up to a ratio of 1:5
valid addresses. By blocking this kind of attack the system
prevents spammers from harvesting valid email addresses off
of your server.
Email Backup (Spooling)
your email server is down, the system is
automatically triggered to start holding your
messages until your servers are back online. During
this time, people on the outside sending emails to
your organization will not see any bounced messages,
and once your servers are back online those messages
held in spooling will be gradually delivered to your
email server (so as not to overload it!). Your users
won't get email delivered to them during the server
but once your email server is back up and running,
they we system will deliver all email and they can continue
working normally. This feature can also be triggered
manually if needed during planned server maintenance.
Delivery - Distributes
messages across multiple email servers in a regulated
Fail-Over Delivery - If the primary
email servers fail, messages can be delivered to an
pool of email servers.
Dual-Delivery - Send a copy of all
incoming messages to a second mail server. Users must be
registered on both mail servers.
messages based on the size or type of attachments.
Filter inbound messages
based on their content.
Set limits on the number
of daily messages received by a user or group of users.