In This Section: |
The relentless and unprecedented growth in unwanted email now poses an unexpected security threat to the network. As the amount of resources (disk space, network bandwidth, CPU) devoted to handling unsolicited emails increases from year to year, employees waste more and more time sorting through unsolicited bulk email commonly known as spam. Anti-Spam and Mail provides network administrators with an easy and central way to eliminate most of the spam reaching their networks.
Feature |
Explanation |
---|---|
Content based Anti-Spam |
The core of the Anti-Spam functionality is the content based classification engine. |
IP Reputation Anti-Spam |
Using an IP reputation service, most of the incoming spam is blocked at connect time. |
Block List Anti-Spam |
Block specific senders based on IP address or sender's address. |
Mail Anti-Virus |
Scan and filter mail for malware. |
Zero Hour Malware Protection |
Filter mail using rapid response signatures. |
IPS |
Intrusion prevention system for mail protection. |
On the Anti-Spam & Mail tab:
The Anti-Spam functionality employs unique licensed technology. Unlike many Anti-Spam applications that rely on searching for keywords and a lexical analysis of the content of an email message, Check Point Anti-Spam identifies spam by analyzing known and emerging distribution patterns. By avoiding a search for key words and phrases that might classify a legitimate email as spam and instead focusing on other message characteristics, this solution offers a high spam detection rate with a low number of false positives.
To preserve personal privacy and business confidentiality, only select characteristics are extracted from the message envelope, headers, and body (no reference to actual content or attachments are included). Hashed values of these message characteristics are sent to a Detection Center for pattern analysis. The Detection Center identifies spam outbreaks in any language, message format, or encoding type. Responses are returned to the enterprise gateway within 300 milliseconds.
Once identified, the network of spam generating machines is blacklisted. If the network changes its behavior, it is removed from the black list.
To prevent delays, Adaptive Continuous Download starts delivering the email to the recipient while Anti-Spam scanning is still in progress. If the email is designated as Spam, it is flagged as spam before it is completely transferred to the recipient. Both the SMTP and POP3 protocols support Adaptive Continuous Download for the entire email message.
To configure a content Anti-Spam policy:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
A spam confidence level is a grade or rating (usually between zero and a hundred) used decide whether a particular email message should be treated as spam. For example, if the confidence level is set to 70, then all email messages rated at 70 or above will be treated as spam.
This window enables IP reputation, an Anti-Spam mechanism that checks the IP address of the message sender (contained in the opening SYN packet) against a dynamic database of suspect IP addresses. If, according to the IP reputation service, the originating network has a reputation for sending spam, then the spam session is blocked at connect time. This way, the IP reputation feature creates a list of trusted email sources.
To configure an IP reputation policy:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
You can configure a list of email sources to block according to the sender's name, domain name, or IP address.
To configure a block list:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
SMTP traffic can be scanned according to direction or IPs.
To configure Anti-Spam SMTP:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
See Adaptive Continuous Download for further information.
POP3 traffic can be scanned according to direction.
SmartDashboard opens and shows the Anti-Spam & Mail tab.
See Adaptive Continuous Download for further information.
An Anti-Spam policy can be enforced on all email traffic or only on traffic that was not deliberately excluded from the policy.
To exclude sources and destinations:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
You can configure a list of allowed email sources according to the sender's name and domain name, or according to the IP address.
To configure an allow list:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
You can select an alternative Detection Center for Anti-Spam analysis.
To select a Detection Center:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
Anti-Spam protection is available on UTM-1 Edge devices.
To configure Anti-Spam on UTM-1 Edge devices:
If an UTM-1 appliance is configured to run in bridge mode, Anti-Spam is supported providing that:
The Mail Anti-Virus policy prevents use of email as a virus delivery mechanism.
To configure a mail Anti-Virus policy:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
By proactively scanning the Internet, the Detection Center identifies massive virus outbreaks as soon as they occur. This Zero-Hour solution provides protection during the critical time it takes to discover a new virus outbreak and assign it a signature.
To configure zero hour malware protection:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
SMTP and POP3 traffic can be scanned according to direction or by IPs.
To configure SMTP and POP3:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
See Continuous Download for further information.
You can set an action to take place when a file of a certain type passes through the gateway. Certain file types can pass through the gateway without being scanned for viruses. For example, picture and video files are normally considered safe. Other formats can be considered safe because they are relatively hard to tamper with. Update the list as necessary.
To configure the file types:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
Define maximum sizes for scanned files and archives. Configure actions to take if the set limits are exceeded, or when a scan fails.
To configure scan failure and scan settings:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
You can create your own custom disclaimer notice.
To configure a disclaimer:
SmartDashboard opens and shows the Anti-Spam & Mail tab.
Anti-Spam logging and monitoring options are available in the Logs & Monitor view in SmartConsole.
Logs derived from Anti-Spam scanning are sent to Security Management Server, and show in the Logs & Monitor > Logs view. In the Logs & Monitor view, you can see detailed views and reports of the Anti-Spam activity, customize these views and reports, or generate new ones.